Networking sites could help hackers
PrintSocial climbing
Posted in Software & Security, 14th July 2006 13:17 GMT
Free whitepaper – Managing desktop software for fun and profit
Professional networking sites are unwittingly providing hackers with the possible means to carry out sophisticated social engineering scams, a UK security consultancy warns.
SecureTest was able to produce a comprehensive personal profile of an internal employee in a short time using data from social and professional networking sites such as Ryze, LinkedIn, and Ecademy. Combining the technique with careful web searching and cross referencing yielded information that would be difficult to obtain using traditional phone-based social engineering techniques.
In one example, a SecureTest researcher was able to obtain the full employment history and the names of key colleagues of an IT professional in a matter of hours. The worker involved had also listed details of his family members, professional memberships and hobbies.
SecureTest warns that the data could be used to impersonate an individual or to enable the hacker to build a relationship with key decision making personnel within a targeted organisation.
SecureTest isn't able to cite incidents where the attack has been used in practice, but warns that the risk it details is all too real. It advises firms to update their security policies in order to warn workers of the potential threat. ®
What Exchange can't do - and Dell can
Expert Roundtable: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs