LinkedIn is a hacker's dream tool
According to (Cowely, 2012), LinkedIn is literally a hacker's dream tool. LinkedIn is pretty much a social networking website for business professionals. (Cowely, 2012) tells how much help LinkedIn actually gives a hacker in terms of infiltrating even the wealthiest companies today. They do so by creating fake profiles to connect with employees of targeted companies. They learn certain details of the companies, such as the names of all employees, then send fake legitimately looking e-mails containing attachments the employees then open. Hackers also collect connections and then re-sell them to others for payments via pay pal.
In my opinion that's genius. That would totally work. I, myself, personally never created a LinkedIn profile, and never really knew what the point of it was. I just knew it was pretty much equivalent to Facebook, only more professional based. I think it's very interesting that, despite all the caution signs newscasters put on the emphasis of sharing on Facebook, a flaw this big is even possibly existing; let alone in the professional world. I mean, aren't these companies supposed to be on the top of their game? It is understandable that fake employee profiles created on LinkedIn could possibly be accepted into the LinkedIn company networks due to the size of these companies, but I don't see how they could be so far out of the communication loop to actually break the number one rule of online safety, opening an unexpected, unrecognized attachment file via E-MAIL! I mean seriously though, that's like getting an e-mail asking for your full name, address, SSN, and CC info.
(Cowely, 2012) does say hackers have the ability to easily mask e-mail addresses, and because they are able to connect via LinkedIn, they know which e-mail addresses to pretend to be, but if the e-mail address is convincing enough to the victim, you would think that the e-mail address would have to be one from the same department of the victim, which would mean there would have to be verbal communication at some point. If a strange attachment is never verbally mentioned, you would think it would at least be confirmed first. I guess what I'm getting at is companies are also at fault for this vulnerability in which LinkedIn creates. Although after reading (Cowely, 2012) LinkedIn seems completely flawed, the website in my opinion only put forth a potentially effective networking resource for professionals everywhere. These companies are the ones failing to take precautions to protect their businesses. Thus making LinkedIn a must have resource in a hacker's toolkit.
Cowely, S. (2012, March 12). Linkedin is a hacker. CNN Money. Retrieved from http://money.cnn.com/2012/03/12/technology/linkedin-hackers/index.htm
In my opinion that's genius. That would totally work. I, myself, personally never created a LinkedIn profile, and never really knew what the point of it was. I just knew it was pretty much equivalent to Facebook, only more professional based. I think it's very interesting that, despite all the caution signs newscasters put on the emphasis of sharing on Facebook, a flaw this big is even possibly existing; let alone in the professional world. I mean, aren't these companies supposed to be on the top of their game? It is understandable that fake employee profiles created on LinkedIn could possibly be accepted into the LinkedIn company networks due to the size of these companies, but I don't see how they could be so far out of the communication loop to actually break the number one rule of online safety, opening an unexpected, unrecognized attachment file via E-MAIL! I mean seriously though, that's like getting an e-mail asking for your full name, address, SSN, and CC info.
(Cowely, 2012) does say hackers have the ability to easily mask e-mail addresses, and because they are able to connect via LinkedIn, they know which e-mail addresses to pretend to be, but if the e-mail address is convincing enough to the victim, you would think that the e-mail address would have to be one from the same department of the victim, which would mean there would have to be verbal communication at some point. If a strange attachment is never verbally mentioned, you would think it would at least be confirmed first. I guess what I'm getting at is companies are also at fault for this vulnerability in which LinkedIn creates. Although after reading (Cowely, 2012) LinkedIn seems completely flawed, the website in my opinion only put forth a potentially effective networking resource for professionals everywhere. These companies are the ones failing to take precautions to protect their businesses. Thus making LinkedIn a must have resource in a hacker's toolkit.
Cowely, S. (2012, March 12). Linkedin is a hacker. CNN Money. Retrieved from http://money.cnn.com/2012/03/12/technology/linkedin-hackers/index.htm
Follow My Tweets
Subscribe via RSS
Subscribe via Email
0 comments :
Post a Comment