Friday, July 30, 2010 url - show the real deal

This week I've found out through a post in one of my RSS feeds how to figure out what url is behind a url. You've probably seen them, short urls going You can figure it out by just adding a + after the hash.

When you do this you get a an overview of the number of clicks, when they where clicked, who tweeted about it, wan where the people are from who clicked on it.

We all know that this service has been abused for spreading malware, but I see this info come in handy for a social engineering purpose.

Wednesday, July 14, 2010

Welcome to big hotel

I recently had to visit the office of a customer just outside of Brussels. I knew approximatly where it was. Since I didn't get any GPS signal, I had to ask for directions and I stopped at a hotel near by my destination just to ask for final directions.

The hotel where I stopped is part of a big international chain. I walked up to the front desk where a lovely young lady called Marielle (Dutch accent, the ring on her left hand on the ring finger indicated that she is most probably married) according to her name tag greeted me. I explained my problem. She didn't knew where my customer was located so I social engineered her by simply asking if she had Internet access on her computer and if she had access to a website like Google maps. While she was typing I noticed that on every screen in the left corner there was a post-it with the magic words user: username, password: password.

Suddenly my mind started working in a different way and just for fun I asked if I could come behind the desk to have a look at the Google map and by looking at the screen I noticed that it was an Internet Explorer.

So lets have a look at what we got:
- a name for name dropping
- a target who is susceptible to social engineering
- a browser, which has a good track record of being vulnerable
- a user name and password for something which will be most probably the application for managing the rooms

To say it with the words of Louis Armstrong ... What a wonderful world.