Monday, July 30, 2007

Attention: Possible Security Threat.

Be careful when you disclose your real name, birthdate and other personal information on social networking sites like the Facebook.
As Facebook evolves from a university social network into an enterprise tool, VeriSign iDefense security experts are warning that the platform is turning into a prime attack vector for cybercriminals.
I worked for an ISP technical support for several years so I know how it works. Some ISPs allow changing one's password with nothing but a name, phone number and the postal code. With the last two available to anyone with a phone book (the postal code is traced through Canada Post website), don't be surprised when someone gets unrestricted access to your e-mail - which is often quite conveniently stored on the ISP's webmail page.

An expert could achieve much more:
"We pulled down one person's name--in this instance, a female--and everything she put out there," Howard said.

"In 15 minutes of doing Google searches, we were able to collect enough information to steal her identity."
EternaLee warns that birthdate is one of the first things that stores ask for on security questions, suggesting skewing that for security sake. Myself, I think the better way is to simply use a pseudonym or a nickname, rather than an actual last name. Even if it would make it more difficult for a used-to-be classmate to find you on Facebook.

No comments:

Post a Comment