Re: Facebook from a hackers perspective

[bariswinston () yahoo com]

This pen-test exposes that the weakest link of security chain is human being indeed. Where are security mechanisms or 
security devices that we paid hundered thousands dollars for? Would not they protect us against security breaches? Then 
should we chuck them all out? no i do not think so. Because they have no guilt. Yes there is a guilty. That guilty is 
us. Because we did not tell employees not to trust others easily and to think twice before giving information. 
Information can seem to very small but if it is used effectively it can get larger something like snowball. And for an 
attack, everything will become ready same as mentioned in this blog.

Facebook is a very strong social networking/social engineering tool. People who found out its power are using it for 
reconnaissance. As far as i know Israel army forbidden its personnel from being member of Facebook for 3 months because 
of disclosure. You can easily access informations about people by using search methods and convince them to trust you 
and share some little informations seeming to be innocent. In the past, hackers would use corporate web sites to access 
corporate’s telephone directory, call someone as if its colleague to get him/her to do something. But facebook and 
other social networking web sites are more preferable for hackers anyway. Because attacker do not have to use its 
voice. why do an attacker want to leave track or disclose location information by using phone? Attacker can already 
become a person that he or she want to be in facebook by using faked facebook profile, faked e-mail address. Yes that 
is appealing the hackers.      

It was very very successful penetration testing i think.  

Baris Erdogan
Security Consultant
Datateknik