The meeting at ISSA-BE yesterday was good. The presentation of information intelligence inspired me. But more on that subject later.
I happened to stumble upon a site "RESEARCHING COMPANIES ONLINE". How much information on your company is out there? This information can be used for social engineering, (physical) intrusion testing or spearphishing. Do you control this flow of information? Just think about it.
Another vector of attack is professional social networks. A good example is LinkedIN. This gives a lot of information online about the current employees and their skills depending on the number of people using it. Is there a HR policy on your company about this?
I don't think LinkedIN is bad. Just be carefull what information you make public and who you link with. As a policy, I only add people I have met in real life to keep in manageable. Like I said in 10 reasons why the Black Hats have us outgunned, we should use tools to "network" more and let's us share information.
Tuesday
Researching companies online: Information Intellingence
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment