Re: Facebook from a hackers perspective

This pen-test exposes that the weakest link of security chain is human being indeed. Where are security mechanisms or security devices that we paid hundered thousands dollars for? Would not they protect us against security breaches? Then should we chuck them all out? no i do not think so. Because they have no guilt. Yes there is a guilty. That guilty is us. Because we did not tell employees not to trust others easily and to think twice before giving information. Information can seem to very small but if it is used effectively it can get larger something like snowball. And for an attack, everything will become ready same as mentioned in this blog.

Facebook is a very strong social networking/social engineering tool. People who found out its power are using it for reconnaissance. As far as i know Israel army forbidden its personnel from being member of Facebook for 3 months because of disclosure. You can easily access informations about people by using search methods and convince them to trust you and share some little informations seeming to be innocent. In the past, hackers would use corporate web sites to access corporate?s telephone directory, call someone as if its colleague to get him/her to do something. But facebook and other social networking web sites are more preferable for hackers anyway. Because attacker do not have to use its voice. why do an attacker want to leave track or disclose location information by using phone? Attacker can already become a person that he or she want to be in facebook by using faked facebook profile, faked e-mail address. Yes that is appealing the hackers.

It was very very successful penetration testing i think.

Baris Erdogan
Security Consultant