Making you insecure about social networking
Many thanks to colleague and fellow tweeter @steve_walker for this article from the New Scientist (go to http://bit.ly/cEj8JK).
I did think about sharing this on my CCNA Security blog (see http://bit.ly/9z7fys) but this was far too interesting and entertaining keep to one closed community (sorry @charlieatcisco and @jonecat).
The clever part of this article is how a scripted element of browser behavior (identification of sites you have visited) is then linked to open forums on social networking sites. The result is where there is a connection, based on your visit to more than one then the information is harvested and correlated.
In simple terms, set theory is applied, in time, if enough links are exploited, an individual is likely to be part of an ever decreasing set of common denominators, where at a critical point it will be a set of one. Once this happens, all personal information shared (and public) in each of these social networking forums can be collected. For a system to collect an effective profile on you.
Where the article declines to explore is how this could then be used in a phishing strategy, rather than using generic terms, information from your harvested profile could be inserted into the fraud to aide the bait and enhance the lure.
Scaremongering, yes, I think that it is only a matter of time
I did think about sharing this on my CCNA Security blog (see http://bit.ly/9z7fys) but this was far too interesting and entertaining keep to one closed community (sorry @charlieatcisco and @jonecat).
The clever part of this article is how a scripted element of browser behavior (identification of sites you have visited) is then linked to open forums on social networking sites. The result is where there is a connection, based on your visit to more than one then the information is harvested and correlated.
In simple terms, set theory is applied, in time, if enough links are exploited, an individual is likely to be part of an ever decreasing set of common denominators, where at a critical point it will be a set of one. Once this happens, all personal information shared (and public) in each of these social networking forums can be collected. For a system to collect an effective profile on you.
Where the article declines to explore is how this could then be used in a phishing strategy, rather than using generic terms, information from your harvested profile could be inserted into the fraud to aide the bait and enhance the lure.
Scaremongering, yes, I think that it is only a matter of time
Comments
Post a Comment