ID :IRCNE2013101994
Date: 2013-10-21
IDG News Service - When a high-profile public figure living in Hong Kong hired the security company Trustwave to test if its experts could get his passwords, they turned to Facebook.
"We found out through Facebook who his wife was," said Jonathan Werrett, a managing consultant for Trustwave's SpiderLabs in Hong Kong. "We found out through her likes -- her public likes -- that she ran a pilates studio. We could then send a phishing email to her based around the fact that she ran a pilates studio that was hiring."
The computer she was using was a hand-me-down from her husband. The passwords he wanted to protect were in the Apple computer's keychain, so the hacking exercise "turned out to be a lot easier than we otherwise expected," Werrett said.
Mining small details from Facebook has become even easier with Graph Search, the site's new search engine that returns personalized results from natural-language queries. Graph Search granularly mines Facebook's vast user data: where people have visited, what they like and if they share those same preferences with their friends.
Graph Search immediately prompted warnings from security experts, who said its powerful data aggregation abilities could make people uncomfortable even though the exposed data is public.
"Maybe people will think twice before commenting on someone's drunken photos," expert said.
- 2