Identity theft a growing menace to social networkers on Facebook

PEOPLE POSTING apparently innocuous information on social networking sites could leave themselves open to identity theft, a computer security conference heard this week.

Presenting a keynote address at the RSA conference in London, People Security’s chief security strategist Hugh Thompson said that while posting on social networks has grown, “there hasn’t been a commensurate education about what information we should be sharing”.

He called this information “gateway data”, which seems harmless by itself but when combined can help an attacker build up a detailed picture about a potential target.

“Bad guys have got to be able to leverage that information at some point, and we’ve arrived at that point,” Mr Thompson said, adding that this would lead to attacks on companies as well as individuals.

Password reset prompts for websites and online services often use a person’s birthday, where they went to school or information about a relative. Now, social networks have changed the context of those nuggets of data, he said.

“When these reset schemes were created many years ago, they were a good idea; it was a reasonable way to ensure trust. Today, it is completely unreasonable.”

Mr Thompson pointed out that former Alaska governor Sarah Palin had her personal e-mail account hacked by an attacker who used gateway data on her Wikipedia entry to guess a password.

People should audit their online identities for gateway data. Mr Thompson advised: “Check any things about you that are guessable on sites like LinkedIn, Twitter, Facebook, your blog or even friends’ and families’ blogs.”

In another presentation at the conference, Brian Honan, an Irish information security consultant, explained how he was able to obtain a journalist’s birth certificate using only information that was freely available online.

A wish-list on revealed a potential address, while the US website openly displayed her date of birth.

The challenge was undertaken with the journalist’s consent but Mr Honan said it showed how a determined attacker could cause a lot of damage.

Later at the event, the software company CA revealed a survey of European organisations which showed widespread bad practice in managing the access of privileged users to IT systems.

A privileged user is someone within an organisation who has high levels of access rights to critical IT systems.

In cases where privileged users are given excessive access, or they share it with other people, they can cause significant deliberate or accidental damage, the survey found.

These user-accounts with high level privileges are also a target for hackers. Dave Hansen, general manager for CA’s security business, said many of the latest security threats involve issues of identity and access rather than traditional attacks such as computer viruses.

He added the problem could not be solved by security products alone. “There’s a big component of this that is not software, it’s security awareness.”

SOURCE:  Irish Times

Copyright © Jewish Internet Defense Force
All Rights Reserved

The views expressed on this website do not necessarily reflect the views of the JIDF. The content is not intended to malign any religion, ethnic group, club, organization, company or individual. This site's intention is to do no harm, to not injure others, defame, or libel. All data and information provided on this site is for informational, educational, and/or entertainment purposes only. The Jewish Internet Defense Force (JIDF) makes no representations as to accuracy, currentness, correctness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use, or access to this site. We are not responsible for translation or interpretation of content. We are not responsible for defamatory statements bound to government, religious or other laws from the reader’s country of origin. All information is provided on an as-is basis with no warranties, and confers no rights. We are not responsible for the actions, content, accuracy, opinions expressed, privacy policies, products or services or for any damages or losses, directly or indirectly, caused or alleged to have been caused as a result of your use or reliance on such information on the Jewish Internet Defense Force site. This site includes links to other sites and blogs operated by third parties. These links are provided as a convenience to you and as an additional avenue of access to the information contained therein. We have not reviewed all of the information on other sites and are not responsible for the content of any other sites or any products or services that may be offered through other sites. The inclusion of these links in no way indicates their endorsement, support or approval of the contents of this site or the policies or positions of the JIDF. We have the right to edit, remove or deny access to content that is determined to be, in our sole discretion, unacceptable. These Terms and Conditions of Use apply to you when you view, access or otherwise use this blog and the Website. The JIDF is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to
Related Posts with Thumbnails