No announcement yet.

Social Engineering - Social Networking

  • Filter
  • Time
  • Show
Clear All
new posts

  • Social Engineering - Social Networking

    Some of the biggest security threats have come from the use of social networking. The rapid growth of these technologies let millions of users each day post on Facebook, Twitter, and many other social networks. Social networking is both fun and dangerous at the same time, as well as extremely addictive. Some users may post updates every time they eat a meal or go to the restroom. Although this technology allows for greater connectivity and convenience in communicating by allowing users to stay in tough online, share fun moments, talk to their beloved, and exchange personal content online, there are dangers that could lead to disaster.

    Information posted online could include
    • Personal Information
    • Photos
    • Location information
    • Friend information
    • Business information
    • Likes and Dislikes

    The danger of making this wealth of information available is that a curious attacker can piece together clues from these sources and get a pretty clear picture of an individual or a business. With this information in hand, the attacker can make a convincing impersonation of that individual or gain entry into a business by using insider information.

    Before posting any type of information on any of these networks, ask yourself the following questions
    • Have you thought about what you share?
    • How sensitive is the information being posted, and could it be used by a social engineer?
    • Is this information that you would freely share offline?
    • Is this information that you wish to make available for a long time, if not forever?

    Social networking has made the job of the attacker much easier based on sheer volume of data and personal information available. In the past, this kind of information may have been a lot harder to come by.
    When employees post information on social networks or other sites, it should always be with a mind toward how valuable the information may be in the wrong hands and whether it is word posting at all. It is easy to search social networks and find information that an individual may have shared to too wide an audience.

    Social media can be made safer if you take simple steps to strengthen your accounts. In fact, it has been found in many cases that with a little care and effort, you can lessen or avoid many common security issues and risks.

    Using the same password across multiple sites means anyone who gets control of the password can access whatever data or personal information you store on any of those sites. In an worst-case scenario, a twitter password hack can give the attacker the key to an online banking account. Keep in mind that if you use a password on a site that doesn't protect information carefully, someone can steal it. Many social networking sites have grown so large so fast that they do not take appropriate security measures to secure the information they are entrusted with until it is too late. Further more, many users never or rarely ever change their passwords, making their accounts even more vulnerable.

    Too Much Information
    With the proliferation of social networking, the tendency to share too much has become more common. Users of these networks share more and more information without giving much thought to who may be reading it. The attitude nowadays tends to skew toward sharing information. People increasingly see sharing as no big deal. However, an individual's or company's brand and reputation can easily be tarnished if the wrong information is shared. In some cases, companies have taken the brunt of the public's ire because an employee posted something that was off-color or offensive. It may not initially seem like a security problem, but rather a public relations issue; but one of the items you must protect as a pentester is the public's perception of the company.

    Social networking sites are a huge target for cyber-criminals who are looking for information to steal and identities to pilfer. Using information from social networking sites, an attacker can coerce or trick you into revealing information that you would not otherwise reveal. You may open up when someone you don't know talks to you with familiarity, because they stole information from your public profile that helps them convince you that you know them.

    For young people, social networking sites can combine many of the risks associated with using these services; online bullying, disclosure of private information, cyber-stalking, access to age-inappropriate content, and child abuse.

    Some companies have gone as far as telling employees that they cannot talk about the company at all online.
    Certified Security Geek