FOCA Free 3.0 scans your website for document-based security leaks
Document metadata can be a great help in organising files on your own PC. Add the appropriate keywords in a Comments tag, say, and it’ll be much easier to find the file later.
If you intend to share the documents online, though, metadata can be a real menace, leaking all kinds of data: network folders and user names, email addresses, details on the operating systems and software packages you’re using and a whole lot more.
Could you be vulnerable? Manually checking could take a very long time, but fortunately that isn’t necessary: FOCA Free 3.0, released today, makes it easy to scan your website for metadata issues.
After creating a new project, and pointing the program at your domain, you should click Search All. FOCA Free will then check for documents on your site which Google and Bing have indexed (formats supported include DOC, DOCX, PDF, PPT, PPS, XLS, XLSX, ODT, ODS, ODG, ODP and SVG). This can be surprisingly quick, and is useful in itself: you may find old DOC or PDF files which you hadn’t even realised were available online.
Next, right-click one of the files and select Download All. (Or, if there are too many files, or they’re too large, you might want to download just a selected few.)
Once the files have been grabbed, right-click one, select Extract All Metadata, and they’ll be analysed for you.
And when the process is complete, you’ll be able to view the Metadata Summary, which tells you exactly what (if anything) the program has managed to uncover: user names, printer paths, email addresses, passwords and more.
This can take a while, depending on the number of documents FOCA Free uncovers, but it’s still a very useful way to check for inadvertent disclosures. And even if you don’t have a website, it can be handy as a simple download manager: if you want to grab all the PDF files on a website, say, FOCA Free can make it happen in just a few clicks.
And this latest version adds some worthwhile improvements, mostly to the back end – it’s faster and more reliable than previous editions, and will make a worthwhile addition to your security toolkit.