Episteme

Mike's random thoughts and ramblings

Anti-Social Networking Sites

So, Steve and I were talking the other day about social networking sites after he did a really cool presentation on using SNS sites to gather really interesting information. Steve posts a little hint here about interesting things you can gather. Steve is doing some really interesting work with these sites, and knows a good deal more about the way that they work than anybody else I've met.

To take it a little farther from his tip, one of the ideas that I have played with at different times is to datamine business networking sites like LinkedIn - gathering the information about all of the people at a company should allow you to put together a pretty great database of information about technologies in use at a given company, organization structure, titles, etc.

That info would be incredibly useful for anyone attempting to attack a site - there's no question that it'd be a great resource for a penetration test or a social engineering test.

To see what I mean, Google "site:linkedin.com" and the name of your company, and then realize something scary... that is only the people who set their resumes to public (which is not the default).

Share this post

About the author

Michael Murray

Michael Murray