NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0290 New Tool Matches Domains to MySpace Accounts:

A London-based security consultant has created a tool - PKI Book - that demonstrates the threat that social networking sites pose to corporate networks. Simply typing in the domain name of an organization with the tool will return the email addresses of employees along with their MySpace profile.

The consultant, Petko D. Petkov, assessed, "It is a big deal because users don't realize the ways attackers can take advantage of their online presence. ONce the attackers identify a potential target (socially active user) they will deploy a minefield around the perimeter. Once the target falls into the trap, attackers will be able to use them as a proxy and sneak in."

The report notes that the tool is "also useful for outing FBI spooks", among other corporate targets.

PKI Book queries the Massachusetts Institute of Technology PKI databases at pgp.mit.edu and then uses a program known as Yahoo! Pipes to run all matches against MySpace users. Petko says he is considering modifying the tool so it correlates addresses against a database known as Wink, which searches virtually all social networks.

(www.theregister.co.uk 24AUG07)

Last Modified: Saturday, 08-Sep-2007 07:58:51 EDT