Paper: Did you want the world to know...?
Abstract
Corporate websites, Google, forums, newsgroups ... All valuable sources of all kinds of information. Unfortunately, those that seek information from these sources are not always our customers, partners, or (potential) employees, but can also be people with less honest intentions. In order to research which sensitive information can be found freely available on the Internet, the author will put on a black hat and scour various online locations and use simple tools to get this information without breaking the law, and without crossing the line between ethical and non-ethical. Research includes locations where it is often already expected that an adversary will turn to for intelligence gathering, such as attempts to perform zone transfers. But also information that may not seem sensitive at first, such as corporate websites and even Google searches will be put under the loop. The conclusion of this research is that a lot of sensitive information is out there, and was put there by people either knowingly or unknowingly. It is about time that user education is taken more seriously, and turning the Internet inside out in search for sensitive information should become a very important part of audits and penetration testing.
Download here.
Labels: cybercrime, infosec, unpublished
Post a Comment