Related Organizations
Be on the lookout for references or links to other organizations that are somehow related
to the target organization. For example, many targets outsource much of their web
development and design. It’s very common to find comments from an author in a file
you find on the main web page. For example, we found the company and author of a
CSS file (Cascading Style Sheet) just recently, indicating that the target’s web development
was done outside the company. In other words, this partner company is now a potential
target for attack.
/*
Author: <company name here> <city the company resides in here>
Developer: <specific author1 name here>, <specific author2 name here>
Client: <client name here>
*/
Even if an organization keeps a close eye on what it posts about itself, its partners are
usually not as security-minded. They often reveal additional details that, when combined
with your other findings, could result in a more sensitive aggregate than your sites
revealed on their own. Additionally, this partner information could be used later in a
direct or indirect attack such as a social engineering attack. Taking the time to check out
all the leads will often pay nice dividends in the end.
Location Details
A physical address can prove very useful to a determined attacker. It may lead to
dumpster-diving, surveillance, social-engineering, and other nontechnical attacks.
Physical addresses can also lead to unauthorized access to buildings, wired and wireless
networks, computers, mobile devices, and so on. It is even possible for attackers to attain
detailed satellite imagery of your location from various sources on the Internet. Our
personal favorite is Google Earth (formerly KeyHole) and can be found at http://earth
.google.com/. It essentially puts the world (or at least most major metro
areas around the world) in your hands and lets you zoom in on addresses with amazing
clarity and detail via a well-designed client application.
Another popular source is http://terraserver.microsoft.com.
Using Google Maps (http://maps.google.com), you can utilize the Street View feature, which actually provides a “drive-by” series of images so you can
familiarize yourself with the building, its surroundings, the streets, and traffic of the
area. All this helpful information to the average Internet user is a treasure trove of
information for the bad guys.
Domains Names Registration And Website Hosting
Cheap domain names hosting services website design easy website solutions online shops and logo design
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন