1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

question for security experts

Discussion in 'BlackHat Lounge' started by nonai, Dec 30, 2013.

  1. nonai

    nonai Power Member

    Joined:
    Oct 10, 2013
    Messages:
    524
    Likes Received:
    63
    in case you are wondering, this is for letters of recommendation that I am writing for myself because nobody will write it for me.

    I want to send someone 2 PDFs and make it look like they are coming from 2 different people.

    I am going to sign up for 2 different email addresses for this purpose. I will go to 2 different Mcdonalds so my ip is different.

    Is this good enough, or can they still know the PDFs are from the same person? will they see the user's name on my computer? can they analyze the PDFs and somehow figure out it came from the same computer?
    should I send one from windows 7, the other from linux? or it doesn't matter?

    what are some things that can give away the fact that both emails came from the same person?
     
  2. seeplusplus

    seeplusplus Power Member

    Joined:
    Aug 18, 2008
    Messages:
    511
    Likes Received:
    163
    Forget McDonalds, use gmail, that doesn't expose your IP in the headers, or didn't use to anyway.

    The PDF, why not send one PDF and one .docx and change the metadata in both.
     
  3. nonai

    nonai Power Member

    Joined:
    Oct 10, 2013
    Messages:
    524
    Likes Received:
    63
    holy shit, I had no idea it saves the author's name and all that. that's crazy.
    I cant figure out how to sanitize my PDFs
    so I will just send them as Word files.
    I went to Prepare> Inspect document > remove all

    is that good enough?
     
  4. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    832
    Likes Received:
    863
    Occupation:
    Cleaning servers
    Word keeps metadata, too. Every file keeps some metadata that can be seen and used in some way - jpg, pdf, word, exe, etc... every file format can disclosure something.
     
  5. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Make sure you change the authoring information for each of the PDFs as well. Trying to bid several times on some work?
     
  6. MadStacks

    MadStacks BANNED BANNED

    Joined:
    Oct 20, 2013
    Messages:
    1,494
    Likes Received:
    493
    Change the authors name and use two separate IP Addresses in order to make them look separate.
     
  7. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    Erm, click "File", then "Inspect" and have Word clean it up for you?
    Not sure if anything is left after that but I am not an expert.

    Hope this helps. :)
     
  8. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    Go to two different Internet cafes, Create two different documents on two different computers in word, save as .pdf
    and send from two different email accounts.
     
    • Thanks Thanks x 1
  9. JFoulds

    JFoulds Power Member

    Joined:
    Apr 22, 2011
    Messages:
    538
    Likes Received:
    480
    Occupation:
    Genius billionaire playboy philanthropist
    Best advice here.
    If you're on two different computers, creating two different documents, sending from two different email accounts - there is absolutely nothing that will tie those two together, with the exception of language analysis (Don't write exactly the same way, eg, starting both emails with 'Hey, here is that document you needed')
     
  10. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,119
    Likes Received:
    28,559
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Whilst you are in McDonalds you could apply for the Job there and then. No need to bother with sending your CV by pdf.



    j/k
     
    • Thanks Thanks x 1
  11. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,903
    Likes Received:
    7,491
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    LOL! Spit my coffee out!

    oxonbeef has given some sound advice here. PDF's and DOC's store shit about your PC even if you change the metadata it makes available for you. All these programs watermark their documents in some way, there is no way to be anonymous with them, Photoshop for instance has currency anti-conterfiting.features built in....it tags the origin of any document created with it.
     
    • Thanks Thanks x 1
  12. seeplusplus

    seeplusplus Power Member

    Joined:
    Aug 18, 2008
    Messages:
    511
    Likes Received:
    163
    hehe, I had a guy a few months back send me articles in .docx format for rewriting then tried to get out of paying me, I found the name of his company in the metadata and called the company land-line.

    Paid up then.