Monday, August 1, 2011

Social Networking Intel/ Footprint web search

I've put together a custom google search for social networking related searches, it can be found here:

http://www.google.com/cse/home?cx=013791148858571516042:ntbykhk-kus

This can provide an idea of what an individual's social networking footprint looks like.

Examples of the sites on the list include:

facebook.com
flickr.com
plus.google.com

I will be constantly updating the search engine.

Sunday, July 3, 2011

Pastebin and collaborative tools intelligence web search

I've put together a custom google search for Intelligence/ information posted to pastebin and other online collaborative service and information portals, it can be found here:

http://www.google.com/cse/home?cx=013791148858571516042:gqsws13ehog&hl=en

Examples of the sites on the list include:

http://pastebin.ca/
http://nopaste.info/
http://paste.pocoo.org/

I will be adding more sources as I come across them.

Thursday, May 5, 2011

Open Source Intelligence Deep Web Search- updates

I have updated the OSINT custom google search.

http://www.google.com/cse/home?cx=013791148858571516042:eygbr9xc-ys

The following sites have been added:

http://www.isn.ethz.ch/
http://isnblog.ethz.ch/
http://theosintjournal.blogspot.com/
http://www.robtex.com
http://serversniff.net
http://www.peekyou.com
http://com.lullar.com/
http://www.checkusernames.com/
http://knowem.com
http://www.isearch.com
http://www.pipl.com
http://www.123people.com
http://www.spokeo.com
http://webmii.com/
http://www.zoominfo.com
http://samy.pl/androidmap
http://www.bing.com/maps/
http://twittermap.appspot.com/
http://tineye.com
http://youropenbook.org/
http://picfog.com
http://www.whitepages.com/find_neighbors
http://www.archive.org/web/web.php
http://boardreader.com
http://omgili.com
http://www.onstrat.com/osint/
http://www.onlinenewspapers.com/
https://wits.nctc.gov/FederalDiscoverWITS/index.do?N=0
https://www.cia.gov/library/publications/the-world-factbook/index.html

Tuesday, April 12, 2011

Open Source Intelligence Deep Web Search

I've put together a custom google search for Open Source Intelligence related topics, it can be found here:

http://www.google.com/cse/home?cx=013791148858571516042:eygbr9xc-ys

It currently searches the following sites:

http://www.turbo10.com/
http://www.deepdyve.com/
http://infomine.ucr.edu/
http://vlib.org/
http://www.intute.ac.uk/
http://aip.completeplanet.com/aip-engines/browse?thisPage=%2Fbrowse%2Fbrowse.jsp&successPage=%2Fbrowse%2Fbrowse.jsp&errorFlag=&errorMsg=&event=loadPageEvent&directPage=&directSection=4&treeQueryExpr=&treeQueryType=phrase&treeQueryTarget=tree
http://www.infoplease.com/index.html
http://www.deeppeep.org/
http://www.incywincy.com/
http://www.deepwebtech.com/
http://www.scirus.com/srsapp/
http://www.techxtra.ac.uk/index.html
http://www.osint.org.uk/
http://www.phibetaiota.net/
http://www.onstrat.com/osint/
http://extremesearcher.com/handbooklinks.html#chap1
http://rr.reuser.biz/
http://osintdaily.blogspot.com/
http://www.reversenumberdatabase.com/416-524

I will be adding more sources as I come across them.

Monday, February 14, 2011

A possible security bug in plenty of fish

I think I may have found a security related bug in plenty of fish...

It looks like your session can remain active even if you have attempted to clear out your cookies and cache (provided you have multiple windows open).

Here is the scenario:

I was logged into plenty of fish, and had multiple (plenty of fish) windows open; I was looking at different profiles and am in a habit of opening new windows when browsing.

After surfing for a while I decided to clear out my cache; I was using the latest stable build of firefox and went to tools clear recent history (everything) and hit ok.

After clearing everything (which includes cookies and active sessions), I got the impression that this would mean my session would be killed and that if I attempted to click on a new profile or send a message I would be asked to re-authenticate. This is not the case.

After my session being "killed", I was still able to view new profiles and even email members I was interested in and was able to authenticate that these messages had successfully gone through.

What if you were on a public computer and thought that by clearing your cache and cookies, your session would be killed and that no one else would be able to use your profile?

Something to think about...

Friday, January 28, 2011

new security hole in facebook

I was logged into facebook and just saw the craziest thing; you can have your apps activated and doing things while you aren't signed into facebook.

I am sure you must be thinking, that doesn't make any sense.

Let me describe my steps below:

I was logged into two sessions of facebook (two windows open) and they were both on my home page.

I was using firefox and on one of the sessions went into the mafia wars game application; I then clicked on the second session and signed out of facebook. One would think that by signing out of this session, it would have deactivated my other session as well; it did this to a certain extent. I carried out a few actions in my game, ie. deposited some money etc and was able to do this successfully. I then clicked on the home link and it asked me to sign into facebook.

When I saw this, I re-signed into facebook and re-entered my application and checked to make sure the applications I had carried out in my game had been successful; they had, I was able to recreate this scenario without any problems.

This is significant, if I can do this in mafiawars, can you picture the implications with other applications? What if other applications go further and connect to things like your location, or private pictures? What if you were logged into facebook, on a public computer like in the library?

Something to think about...

Saturday, January 8, 2011

Some thoughts on malware analysis and vmware

There are a number of different ways to examine malware, from using automated sites like threatexpert and virustotal to running your own sandbox locally (either on a physical machine or by using virtualization software like vmware). There are some in the malware analysis community who advocate using real hardware, as some pieces of malware have virtualization detection mechanisms built into them. Others point out that virtualization provides a greater level of flexibility and you can actually put measures in place for dealing with malware that tries to behave differently in a virtualized environment. I recently began to think a lot about this, since many companies are now using virtualization to a greater extent internally on things like webservers, as this can lead to lower costs and flexibility. It makes one wonder, does this mean that we are going to see a new trend in malware that ignores whether a machine is virtualized or not and just behaves the same anyway? If this does not appear to be the case, then does it mean that increased virtualization of both servers and desktops can actually reduce the likelihood of an organization being as heavily impacted by malware?

Thursday, January 6, 2011

Interesting information leak from facebook

The other day I signed into facebook and came across something very interesting. I noticed an update on my newsfeed from someone I had sent a friend request to. Having seen this I was under the impression that they had accepted my friend request, consequently I clicked on their profile and saw that it said awaiting friend confirmation. This is significant and may have some forensic/ investigative value because it seems to tell us that depending on what privacy settings a person has, if they don't act on a friend request, you can still get regular updates on some of their information on your newsfeed. This could potentially be used to track when a person changes, or updates their pictures, posts status updates or other information, without actually having to go to their profile page on a regular basis and without being part of their friendship group on facebook.