Posted by: Arian Eigen Heald
Identity theft, Penetration testing, Privacy, Security
I don’t have a Facebook profile. I’ve never even been ON Facebook. There’s something about posting one’s life constantly that I just don’t find all that appealing. I’ve got too much to do online as it is. I admit to being on LinkedIn, mostly because my University dean pushed the entire graduating class from Norwich to get connected, but I find it is of limited value. I often get people I don’t know trying to connect into my network. If I don’t know you personally, I’m not about to do any connecting.
Posting information about oneself has definite perils. I thought long and hard about doing a blog, and I think (or try to) carefully about what I write and who I write about. When I “google” myself, (you have, haven’t you? I know you have) I still see posts from the year 2000. So consider that what you posted five years ago about your problem with your Exchange server using your work email address is probably still out there. How detailed was your post? If somebody read it today, what would it tell them about your network?
So I read with considerable interest a blog posting detailing the use of Facebook as the social research part of penetration testing, and I’d suggest you read it too, especially if your company is using Facebook as a Team tool.
I guess it’s another way of saying that Facebook isn’t just for identity thieves, stalkers and pedophiles anymore. Considering such articles as “Facebook Killed My Career,” a woman being killed due to her Facebook update, and now using it for hacking, I’m a bit dismayed by the ingenuity of “bad people.”
I’d also like to recommend an article, “Ten Settings Every Facebook User Should Know,” as a good starting point for adults and kids. And take the hacking article to your team if you’re using Facebook/MySpace for team building.