Online Media - Publish.com
Publish.com Ziff-Davis Enterprise  
SEARCH · ONLINE MEDIA · MOBILE · WEB DESIGN · GRAPHICS TOOLS · PRINTING · PHOTO · TIPS · OPINIONS
Home arrow Online Media arrow Social Engineers Dodge Security via Facebook
Social Engineers Dodge Security via Facebook
By Brian Prince

Rate This Article:
Add This Article To:
A penetration test by Netragard at an energy company highlights how hackers can use Facebook, LinkedIn and other social networking sites as part of phishing schemes. In the test, Netragard used social engineering to get its hands on information that could have been used to compromise critical systems at the company. Addressing this security issue means having smart policies about what employees can and cannot do on the Web.

The most important part of an attack isn't always a vulnerability; sometimes it's the user's trust.

This was certainly the case during an authorized penetration test at an energy company conducted by security vendor Netragard. Looking for a way inside the customer's defenses, the vendor turned to Facebook. Testers built a profile claiming to be of an employee of that company, bolstered it with information on work experiences taken from actual employees of the energy company and began "friending."

What the Facebook "friends" didn't know was that this was all part of a long con—a bit of social engineering used to lull the employees into giving up their credentials more easily. The simulated attack underscores both the importance of having sound policies on employee use of sites like Facebook, LinkedIn and MySpace and the challenges of authenticating users on the Web.

"Before the advent of social networks, criminals were able to access your employees through things like spam, or maybe they could call them up and social-engineer them," said Adriel Desautels, CTO of Netragard. "But sites like Facebook and MySpace and LinkedIn and all these different sites [give] criminals the ability to bypass just about any security technology you have in place and gain direct social access to your employees."

Read the rest of this article on eWEEK.com.

 




Discuss Social Engineers Dodge Security via Facebook
 
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Online Media Articles          >>> More By Brian Prince
 


Buyer's Guide
Explore hundreds of products in our Publish.com Buyer's Guide.
Web design
Content management
Graphics Software
Streaming Media
Video
Digital photography
Stock photography
Web development
View all >

ADVERTISEMENT


FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM
  • Dec 10, 4 p.m. ET
    Eliminate the Drawbacks of Traditional Backup/Replication for Linux
    with Michael Krieger. Sponsored by InMage
  • Dec 11, 1 p.m. ET
    Data Modeling and Metadata Management with PowerDesigner
    with Joel Shore. Sponsored by Sybase
  • Dec 12, 12 p.m. ET
    Closing the IT Business Gap: Monitoring the End-User Experience
    with Michael Krieger. Sponsored by Compuware
  • Dec 12, 2 p.m. ET
    Enabling IT Consolidation
    with Michael Krieger. Sponsored by Riverbed & VMWare
  • VTS
    Join us on Dec. 19 for Discovering Value in Stored Data & Reducing Business Risk. Join this interactive day-long event to learn how your enterprise can cost-effectively manage stored data while keeping it secure, compliant and accessible. Disorganized storage can prevent your enterprise from extracting the maximum value from information assets. Learn how to organize enterprise data so vital information assets can help your business thrive. Explore policies, strategies and tactics from creation through deletion. Attend live or on-demand with complimentary registration!
    FEATURED CONTENT
    IT LINK DISCUSSION - MIGRATION
    A Windows Vista® migration introduces new and unique challenges to any IT organization. It's important to understand early on whether your systems, hardware, applications and end users are ready for the transition.
    Join the discussion today!



    .NAME Charging For Whois
    Whois has always been a free service, but the .NAME registry is trying to change that.
    Read More >>

    Sponsored by Ziff Davis Enterprise Group

    NEW FROM ZIFF DAVIS ENTERPRISE


    Delivering the latest technology news & reviews straight to your handheld device

    Now you can get the latest technology news & reviews from the trusted editors of eWEEK.com on your handheld device
    mobile.eWEEK.com

     


    RSS 2.0 Feed


    internet
    rss graphic Publish.com
    rss graphic Google Watch

    Video Interviews


    streaming video
    Designing Apps for Usability
    DevSource interviews usability pundit Dr. Jakob Nielsen on everything from the proper attitude for programmers to the importance of prototyping in design to the reasons why PDF, Flash and local search engines can hurt more than they help.
    ADVERTISEMENT