So earlier this year, I wrote a piece about how we as humans are so quick to give away personal information to various companies in the quest for discounts or free stuff. As I gave it further thought, I realized that sometimes we give away our personal information in search of something even more abstract: likes.

We post pictures of our food, our cars, the hotels we stay at, scenery as we take vacations… I was listening to a comedy bit by Norm MacDonald talking about how we used cameras with actual film to take pictures “in the olden days.” We used to take film to a photomat and wait a week or more for the photos to come back and then show them to our friends. Now we can take photos and share them instantly on Facebook, Instagram, Snapchat or whatever your platform of choice is so that we can collect our likes.

But what’s wrong with that, Mr. Orr? Why are you barking at the moon today? Well, dear reader, the answer is this: social engineers can leverage even the tiniest bit of information against you.

We have all heard the stories of people who got robbed because crooks knew they were out of town on a vacation from the pictures they were sharing. Even if you don’t share those pictures in real-time, turn off geo-tagging or set your privacy just so, you still leave enough of a trail from which a black hat can derive a tremendous amount of data and then leverage it against you.

If it seems like I won’t shut up about DEF CON this year, it’s because it seems like security has been trapped in an echo chamber for so long. We are great at talking to each other about security (Read more...)

Claroty