Geotrack security logon

Footprinting and Reconnaissance

Module 02

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting and Reconnaissance

Module 02

Ethical Hacking and Countermeasures v8 M o dule 02: Footprinting and Reconnaissance

Exam 312-50

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 92

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Security News PRODUCTSABOUT US

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

N E W S

Facebook a 'treasure trove' of April 1a 2012 Personally Identifiab le Inform ation Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." http://www.scmogazineuk.com

״ Security Newsamps ״־ uii Facebook a ,treasure trove״ of Personally Identifiable

Information Source: http://www.scmagazineuk.com

Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on.

A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns.

It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user's circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion.

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar- Yosef said: ״People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo- location data can be detailed for military intelligence."

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 93

http://www.scmogazineuk.com
http://www.scmagazineuk.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."

On how attackers get a password in the first place, Imperva claimed that different keyloggers are used, while phishing kits that create a fake Facebook login page have been seen, and a more primitive method is a brute force attack, where the attacker repeatedly attempts to guess the user's password.

In more extreme cases, a Facebook administrators rights can be accessed. Although it said that this requires more effort on the hacker side and is not as prevalent, it is the "holy grail" of attacks as it provides the hacker with data on all users.

On protection, Bar-Yosef said the roll-out of SSL across the whole website, rather than just at the login page, was effective, but users still needed to opt into this.

By Dan Raywood

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 94

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

C EHModule Objectives