Metadata Extraction – Is Your Website Leaking Information?

If you’re reading this post, chances are you’re concerned about website security. As a responsible website owner or systems administrator, you have considered the obvious security precautions. You’ve placed your web server behind a firewall, you keep your web server software updated and patched, you use strong passwords, and you encrypt sensitive traffic sent between web browsers and your server. However, if your website hosts Microsoft Office, Open Office, Word Perfect, or PDF files (among others), you may be leaking more information than you think.

Files created by many desktop applications contain detailed information that describes each file. (To view the information, try right-clicking on a Word document or PDF and selecting Properties.) This information is called metadata, and attackers use this information to uncover details about the internals of your organization. Here are some of the types of information that can be found in file metadata:

• file owner
• author
• local or network file paths
• name of the computer on which the file was created or stored
• name of user who last saved the file
• program that generated the file

One of the most popular tools for extracting and analyzing metadata is FOCA. FOCA locates vulnerable files using Internet search engines. It then downloads the files, analyzes the file metadata, and builds a catalog of user names, email addresses, operating systems, installed applications, network shares, and printers.

FOCA Metadata Extraction Utility

When performing any website security assessment, you should consider the metadata included within the files on your website. This information can reveal a great deal about your organization (e.g. outdated software, anti-virus type and version, user names for remote access, etc).  You can bet that attackers will be doing the same!

You can download the latest version of FOCA by visiting http://www.informatica64.com/DownloadFOCA/.