Seattle.gov Home Page
Link to DoIT Home Page Link to DoIT Home Page Link to DoIT About Us Page Link to DoIT Contact Us Page
Tech Talk Blog Home Page Tech Talk Blog Home Page CityLink Seattle
Welcome to Tech Talk
«    »
Subscribe to
TechTalk Subscribe to RSS feed


Search

Categories


CityLink Seattle

Contributors


Recent Posts


March 2012
M T W T F S S
« Feb   Apr »
 1234
567891011
12131415161718
19202122232425
262728293031  

Tags


Quick Links


LinkedIn-a hacker’s dream tool

Posted: March 13, 2012 11:49 am
By: - Information Security  

If you use LinkedIn, you’ve probably told the site where you work, what you do and who you work with. That’s a gold mine for hackers, who are increasingly savvy in using that kind of public — but personal — information for pinpoint attacks. It’s called “spear phishing,” and it paid off last year in two especially high-profile security breaches: a Gmail attack that ensnared several top U.S. government officials and a separate attack on RSA, whose SecurID authentication tokens are used by millions. In both cases, the attackers successfully tricked their targets into opening e-mail attachments that appeared to come from trusted sources or colleagues. Investigators haven’t disclosed how the attackers gathered information on their victims, but at RSA’s security conference last month, the risks of social networking sites — and LinkedIn (LNKD) in particular — were a hot topic. Dozens of presenters said the business networking site could be a potent weapon in the hacker toolkit. “Businesspeople are using LinkedIn for research purposes, and headhunters and marketers use it to recruit. Why wouldn’t Chinese intelligence agents use it as well to spear phish?” said security analyst Ira Winkler, the author of “Spies Among Us.”

Read more: LinkedIn-a hacker’s dream tool