Does your computer suffer from embarrassing data seepage? Or, perhaps, even compromising data seepage? That’s the conclusion that two researchers came to when analyzing what our wifi-enabled laptops tell the world whenever we turn them on in public. Fortunately, these researchers have created a program to ferret out that data seepage, a program named, aptly enough, Ferret.
According to David Maynor and Robert Graham of Errata Security, every time you turn on your wifi-enabled computer, you are either intentionally or accidentally telling the network world far more than you probably intended. This is due to, according to Errata, programs that are set to autostart, your computer looking for resources like shared drives and local network resources upon boot up or waking up, the settings on email clients, and instant messaging clients.
Things that can seep, they say, include “Wifi packets, DHCP Broadcast. NetBIOS/SMB Broadcast and DNS/Bonjour Requests.” Their software, Ferret, is designed to show you exactly what data your computer is seeping out to the world.
In their presentation, which is online, they give this example:
“When a wifi enabled laptop starts up it will look for a list ok “known networksâ€? or networks it has connected to before. This list can be used to determine where the laptop has been used.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Why does that matter? Who cares if someone knows where your laptop has been used?
Well, here’s an example that Errata gives of the kind of data that an ordinary person’s ordinary laptop can seep, and what can be gleaned from the information:
“A machine with the Mac Address of 00-18-f3-57-24BD belongs to John Smith.
This laptop has connected to wifi access point at Hartsfield airport, Heathrow, SeaTac, and various T-Mobile spots, and ABCsoft and XYZsoft.
John has the AIM name “PrschDude9� and has XYZsoft1 on his buddy list.
He uses a popclient to check his personal email and his passwd is porsche911turbo.
John works for ABCsoft because his browsers attempts to go to internal.abcsoft.com when it first starts up.
It also attempts to connect to \internal.abcsoft.com\sales and \internal.abcsoft.com\public on start up.
He has a myspace account where he had pics of the last company party
—
So what can you determine about this if you know ABCsoft and XYZsoft are bitter rivals?
Sounds like a merger or buyout.
Since you know Johns pop password you can try it against ABCsoft’s webmail client, he might use the same password.
Social Engineering – “Hey wasn’t that a horrible shirt John was wearing at the last company party…run this program to update your accounting software.â€?
You know portions of the internal layout of the ABCsoft intranet.
Make trojans and client side exploits more efficient because you have a target to attack. ”
Their Ferret code appears to be still in the very baby beta stages, and they allude to as much on their site. Still, if you are geek enough and want to try running the code, you can get it from their website at ErrataSec.com
You can see their presentation here.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
This has nothing to do with the above story. I was surfing your site and ran across a “get rich quick” article about finding only two bona fide sites, one which involved typing ads from home. I was interrupted, lost the article, and cannot find it anywhere now. Can you send me a link to the article? I’m really interested; otherwise I would not bother you. Thank you.
Great post and very interesting information. I’m going to try that code out on my notebook and see what it comes up with.