Does your computer suffer from embarrassing data seepage? Or, perhaps, even compromising data seepage? That’s the conclusion that two researchers came to when analyzing what our wifi-enabled laptops tell the world whenever we turn them on in public. Fortunately, these researchers have created a program to ferret out that data seepage, a program named, aptly enough, Ferret.
According to David Maynor and Robert Graham of Errata Security, every time you turn on your wifi-enabled computer, you are either intentionally or accidentally telling the network world far more than you probably intended. This is due to, according to Errata, programs that are set to autostart, your computer looking for resources like shared drives and local network resources upon boot up or waking up, the settings on email clients, and instant messaging clients.
Things that can seep, they say, include “Wifi packets, DHCP Broadcast. NetBIOS/SMB Broadcast and DNS/Bonjour Requests.” Their software, Ferret, is designed to show you exactly what data your computer is seeping out to the world.
In their presentation, which is online, they give this example:
“When a wifi enabled laptop starts up it will look for a list ok â€œknown networksâ€? or networks it has connected to before. This list can be used to determine where the laptop has been used.”
Why does that matter? Who cares if someone knows where your laptop has been used?
Well, here’s an example that Errata gives of the kind of data that an ordinary person’s ordinary laptop can seep, and what can be gleaned from the information:
“A machine with the Mac Address of 00-18-f3-57-24BD belongs to John Smith.
|Read Internet Patrol Articles Right in Your Inbox as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
This laptop has connected to wifi access point at Hartsfield airport, Heathrow, SeaTac, and various T-Mobile spots, and ABCsoft and XYZsoft.
John has the AIM name â€œPrschDude9â€? and has XYZsoft1 on his buddy list.
He uses a popclient to check his personal email and his passwd is porsche911turbo.
John works for ABCsoft because his browsers attempts to go to internal.abcsoft.com when it first starts up.
It also attempts to connect to \internal.abcsoft.com\sales and \internal.abcsoft.com\public on start up.
He has a myspace account where he had pics of the last company party
So what can you determine about this if you know ABCsoft and XYZsoft are bitter rivals?
Sounds like a merger or buyout.
Since you know Johns pop password you can try it against ABCsoftâ€™s webmail client, he might use the same password.
Social Engineering â€“ â€œHey wasnâ€™t that a horrible shirt John was wearing at the last company partyâ€¦run this program to update your accounting software.â€?
You know portions of the internal layout of the ABCsoft intranet.
Make trojans and client side exploits more efficient because you have a target to attack. ”
Their Ferret code appears to be still in the very baby beta stages, and they allude to as much on their site. Still, if you are geek enough and want to try running the code, you can get it from their website at ErrataSec.com
You can see their presentation here.
|Get notified of new Internet Patrol articles!