Saturday, June 25, 2011

What login screens reveal

This picture was sent to us by Flo just a couple of days ago. Thanks buddy, keep being that active! What it shows is a company's desktop background. We don't have much more information on that but we can tell from experience that you find such screens a lot more often than you would think.
Administrators in big companies tend to use the desktop background to include detailled information on (most likely server) systems they use. This if of course helpful if you do a lot of remote work and don't wanna accidentally reconfigure a wrong server. However, as practical as it might be for admins, as practical is it for remote (or even local) attackers.


There is some information anonymised on this picture, but I'm sure you get that there are a lot of questions that can be answered just by looking at this picture. You can probably derive the server's role in the network from its hostname. IP address info gives you more knowledge about the network - how a local user could connect or in which address space the servers reside in. You get information about which domain the server belongs to and even get alrady a valid administrator username! You don't have to do any OS recon anymore, do you? Just start preparing your exploints right away. And if you are not sure if a DoS attack would be viable - just have a short look at its cpu, memory, volumes and free space.

Decide yourself if you wanna give all this information to strangers in your network, but probably you do better with increasing the awareness of your admins.

Thursday, June 23, 2011

Information disclosure classic

A few days ago, I spent a couple of hours on a train which by chance lead me to the following information disclosure classic. The person in front of me did some work on his notebook and obviously was not aware that someone might be watching. He was editing a cooperation aggreement that of course showed the involved parties on its first page and allowed me to read some details.



I googled the companies (mostly in the field of smoke detectors and facility management) and from what I saw, they are not really "big players". But I am pretty sure a lot of large companies also fail in protecting their internal information in these situations. A simple screen privacy filter would have done the job. :-)

Thursday, June 2, 2011

Insecure Key Switch and Full Mailbox

Being very active we got another hint from Flo, who shot the following two pictures during a physical assessment. He posted those pictures on his own blog dosbartjones.org, so we will just keep his text and pictures in original and wanna refer to his own blog entry at this point. Thanks for your contribution to the project, Flo. 

Easy access to your mailbox
This image has been taken while performing a physical security assessment and shows the vulnerability of a stuffed mailbox. This mailbox has not been emptied in a while and can easily be accessed by outsiders. It was not even necessary to pick locks.
 
Insecure key switch
The following image displays an insecure key switch. This switch in particular controls the access to a company building. Although an attacker might try to break the lock, a screwdriver is everything one would need to gain entry.