Channel Marker

Jan 18 2008   2:09PM GMT

Beware ‘TMI’



Posted by: badarrow
Tags:
Barbara Darrow
Channel
Email -- Exchange, Outlook
Network and application security

Too much information!

Warning customers against posting personal data to the Web is one of the most important services VARs can provide.

Many in the business community are enamored of social networking sites and appear to feel that more is more when it comes to “sharing” their lives on LinkedIn, Facebook, Myspace, insert-your-favorite-social-site here.

The problem with that is  cyber miscreants lurk just waiting to pounce on these nuggets. Something as innocuous-seeming as college affiliation, job history, names of family and friends can be used by social engineers to craft e-mail messages that will suck you in. That simple click will then unleash threats on your very own hard drive. Executables embedded in Word or Excel or PDF attachments will search your data to harvest -and secretly send out– passwords, account numbers, and other riches.

This online information trove is like a “playground for hackers,” says Yacov Wrocherinsky, CEO of Infinity Info Systems, a New York Sage Software and Microsoft partner specializing in business applications.

And for high-net-worth (ie. rich) executives who are  likely targets, it’s important that their wives, kids, friends also be careful about what personal details they divulge.

The beauty of LinkedIn is members can see who their associates know. “It’s great for making connections or for finding people if you’ve lost their business cards,” Wrocherinsky says. But that doesn’t mean you should bare any more than is absolutely necessary.

And on the less-business oriented of the social networking sites, say Facebook, people tend to put in way too much information-birthdays, anniversaries, travel plans, kids names, etc. All of that is gold for social engineers with evil intent.

George Brown, CEO of  Database Solutions, a Cherry Hill, N.J. solution provider tells his customers to keep their data zipped and not to post anything they are not required to do by law . As it is now with SEC filings for public companies, a lot of information about execs is already out there. No need to supplement that for the bad guys, Brown says.

Barbara Darrow can be reached at bdarrow@techhtarget.com.  

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: