Академический Документы
Профессиональный Документы
Культура Документы
1 of 3
http://www.darkreading.com/advanced-threats/167901091/security/vulne...
VULNER ABILITIES
N AC
PRIVACY
SLIDESHO W S
Related Content
A savvy and determined social engineer can gather and manually correlate
the geolocation tags of his or her target's social network or other online
posts. But a new, free tool automates that process of creeping around
and finding the physical location of a targeted person. "Cree.py" makes it
easier for social engineers to track the physical whereabouts of their
targets -- it grabs geolocations from Twitter and Foursquare, as well as
Twitpic, Flickr, and others.
Yiannis Kakavas, an independent researcher at the Royal Institute of
Technology in Stockholm, Sweden, says he built the tool -- currently in
beta -- to raise awareness of how easy it is for the physical location you
share online to be abused. "By making the process of retrieving and
analyzing all the shared location-specific information that users share easy
and automated, I hoped to make clear how easy it is for someone to stalk
you, rob you, find out where you've been, and why," Kakavas says. "The
second goal was to create a tool to add in one's social engineering
toolbox that would facilitate information gathering for geolocation
information."
Advanced Evasion Techniques (AETs) are the latest method hackers are using to
foil security solutions. AETs combine new methods of disguise to circumvent
network security solutions. This white paper reveals proactive tips for securing your
network and staying one step ahead of hackers.
The privacy and security risk with all of the geolocation tagging in today's
social networking applications has been disconcerting to security experts
and privacy advocates. Users today can include their physical locations
when they tweet, post pictures from Flickr, or check in on Foursquare.
Kakavas says the information Cree.py gathers can be used for
reconnaissance on a target, such as where he lives, when he's at home,
or when he's traveling and to where. "It can also be used to create
behavioral models of the target regarding the places he/she frequents -coffee shops, gym, favorite restaurants, etc. -- [and] traveling patterns,
among others. These behavioral patterns can be very useful in social
engineering when it comes to pretexting. It can be used to create trust
relationships with the target based on supposedly common interests or
experiences," he says.
From there, an attacker can take it to another level, impersonating the
target, for example, to social-engineer another user into handing over a
password or other sensitive information, he says.
"Cree.py is just that -- CREEPY, but what a great tool to gather
information and building profiles on targets," blogged the social
engineering professionals at social-engineer.org, which provided screen
shots of how it works. "It also should be a very rude awakening to how
much information we release."
Michigan Woman Pleads Guilty To Selling More Than $400,000 In Counterfeit Business
Software
F5 Security Solutions Help Deliver DNS Security For Newly Signed .com Domain
Better Business Bureau Warns Of First Phishing Attacks In Wake Of Epsilon Breach
Banking Department Warns Consumers about Email 'Phishing' Scams After Security
Breaches At Epsilon And RSA
MORE NEWSFEED >>>
Advanced Threats
Security
Authentication
Monitoring
Cloud Security
Database Security
Security Services
SMB Security
Vulnerability
Management
It works like this for Twitter: The social engineer feeds Cree.py the
target's Twitter handle, for example, and it takes it from there, pulling
5/2/2011 5:13 PM
2 of 3
http://www.darkreading.com/advanced-threats/167901091/security/vulne...
Care to Comment?
Subject (max length: 75):
Comment:
Captcha:
Subscribe to RSS
Write To Editor
Reprint This Article
Download Top Reports
5/2/2011 5:13 PM
3 of 3
http://www.darkreading.com/advanced-threats/167901091/security/vulne...
Software Developers
Vertical Markets
Black Hat
BYTE
Cloud Connect
Dark Reading
Enterprise 2.0
Enterprise Connect
Enterprise Efficiency
HDI
InformationWeek
InformationWeek 500
InformationWeek 500 Conference
InformationWeek Analytics
InformationWeek Events
InformationWeek Global CIO
InformationWeek Healthcare
InformationWeek India
InformationWeek SMB
Interop
Network Computing
No Jitter
Plug into the Cloud
TechWeb.com
The BrainYard
Dr. Dobbs
Dr. Dobbs M-Dev
Dr. Dobbs Digest
Dr. Dobb's Update
TechWeb.com
Advanced Trading
Bank Systems & Technology
CreateYourNextCustomer
InformationWeek Government
InformationWeek Healthcare
Insurance & Technology
Light Reading / Telecom
The CMO Site
Wall Street & Technology
Global Communications
Service Providers
Government Officials
GTEC Ottawa
InformationWeek Government
TechWeb.com
Gamasutra.com
Game Developers Conference (GDC)
Independent Games Festival
Game Developer Magazine
GDC Europe
GDC China
Game Career Guide
Game Advertising Online
Heavy Reading
Heavy Reading Insiders
Pyramid Research
Light Reading
Light Reading Mobile
Light Reading Cable
Light Reading Europe
Light Reading Asia
Ethernet Expo
TelcoTV
Tower Summit
Light Reading Live & Virtual Events
Webinars
Most Popular
Cable Catchup
Cloud Connect Blog
Digital Life
Evil Bytes
InformationWeek Analytics
Interop Blog
Monkey Bidness
Over the Air
Personal Tech
The Philter
Valley Wonk
Advertising Contacts
Contact Us
Feedback
TechWeb.com
Terms of Service | Privacy Statement | Copyright 2011 UBM TechWeb, All rights reserved.
Attacks / breaches
Vulnerabilities
Encryption
Application Security
Client Security
NAC
Antivirus
Privacy
Blogs
Video
Webcasts
Newsletters
Sales and marketing contacts
Live events
TechWeb Digital Library
Send us a tip or comments
Site map
Perimeter Security
Security discussions
Security Management
Storage Security
Registration/membership
About us
Technology Marketing Solutions
5/2/2011 5:13 PM