Too much information: Personal threats from social networks


I talked with Tod Beardsley, lead counterfraud engineer for TippingPoint, a provider of network-based intrusion prevention systems. TippingPoint monitors several Fortune 500 companies, but we talked about the growing influence of social networks in the corporate workplace. "I think the main threat that most people would associate with social networking is the threat of too much information," he said.

"The story with social networking is they ask you a bunch of questions about yourself and people will generally answer them. This includes things like name, age, where you live, and who your friends are. The threat comes from the fact that other people can harvest this information, and they can harvest it automatically." Beardsley said that Kevin Mitnick was able to reconstruct the organization chart in companies that he was targeting in order to insert himself into fake e-mail threads and more. "When you have these giant open sites that contain a lot of personal information or relationship information between people, it's suddenly a lot easier to replicate these Mitnick-style social engineering attacks with a lot less effort." Security Watch: Too much information - CNET reviews

Linked by shanmuga Sunday, 30th September 2007 1:52AM