Blogging – are you helping the bad guys?
BlogSecurity introduces an article by Sarah Turner:
Sarah Turner is a BA Hons in Business Studies and currently works as a Marketing Manager; she has speciliased in the IT security sector for almost 2 years.
Blogging can be a great way for individuals to express their thoughts and feelings or offer advice or share ideas on various topics. But for some, it can affect them adversely. Whilst many people blog about work, whether or not that is permitted by their employer is often an issue that bloggers avoid being addressed. Some employers, such as Microsoft, encourage their employees to blog about their workplace unmonitored, whilst others have been known to fire those blogging about work. Some others blog anonymously to share their experiences without giving away their identity.
Whilst many bloggers use blogging software such as WordPress or Blogger, some use websites with blogging facilities such as MySpace. Many bloggers seem happy to blog about anything and everything, but they may inadvertantly be giving away more than they want to.
With some hackers taking more personalised approaches such as personalised malware or Trojan attacks to a few individuals rather than a spam-based approach, bloggers may be helping the hackers by disclosing personal information on the Internet such as their hometown, mother’s maiden name or date of birth. Even if bloggers do not post this information directly on their blogs, they could be engaging in publically viewable online conversations with friends or colleagues that may inadvertantly disclose that information. Hackers may wish to target specific individuals and armed with more and more personal information without having to look too far for it, they will be more readily able to make their attack.
Obviously the abhorrent practice of paedophilia is one example that comes to mind, with perverts ‘grooming’ their victims by subtley teasing out pieces of personal information with which they appear to identify with. Another could be a bride-to-be blogging about her forthcoming wedding – she may well mention the date, venue and some suppliers that she’s using, which may be enough information for a hacker to launch a personal phishing attack.
Whilst blogs are mainly used as online diaries, it is imperative that those using them as such must re-read what they are blogging about before posting it and take into account the types of people that may potentially be reading about them and their lives.
I recommend reading Mark Ghosh’s post, “11 things before you post“. Its not directed with security in mind, but the principles can be applied just the same.
For additional information, Sarah Turner can be contacted via our Contact form.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Paedophilia is not a practice – http://anu.nfshost.com/2007/paedophilia-according-to-the-dsm