"For the Net generation, social networking sites have become the preferred forum for social interactions, from posturing and role playing to simply sounding off. However, because such forums are relatively easy to access, posted content can be reviewed by anyone with an interest in the users' personal information." "It is possible to glean personal information even without accessing a home page on these sites because many people use the public wall as a private message board to post intimate details of their lives, schedules, or recent sexual conquests. But what would motivate people to broadcast their private lives? As one user explained it: 'Like many of my generation, I consistently trade actual human contact for the more reliable high of smiles on MySpace, winks on Match.com, and pokes on Facebook. I live for Friendster views, profile comments, and the Dodgeball messages that clog my cell phone every night.”Many websites ask its users to enter a "secret question/answer" in case they forget the password, so the user can recover/reset it. Many of the secret answers could be found at myspace or hi5, i.e.: name of the primary school, name of the pet, city of birth, favorite team.
Worst, many of these questions are used as authentication method at phone services offered by many banks, so when you call for the very first time you will be asked for your mother's maiden name and even if you didn't publish this info, it isn't hard for an attacker to directly ask this question at your myspace/hi5/facebook site(using social engineering). Worth a look.
No comments:
Post a Comment