Posted by: David Harley | August 30, 2010

Social Networking, Friends and Honeytraps

[Thanks to Martijn Grooten for pointing out that the study doesn’t actually mention Facebook, though the mention of “friends” may or may not be suggestive. Title and text amended appropriately.]

Help Net Security tells us that “too many disclose sensitive information on social networks“: that might not be news to you, especially since you read this blog, but you might nevertheless be shocked at how many social network users go all the way on a first date.

According to a study by BitDefender, based on a sample group of around 2000 users of an unnamed network, 94% accepted an invitation to be friends from an unknown but apparently attractive lady. (The sample group was split down the middle genderwise, so this isn’t just a case of guys doing their thinking with the wrong organ.)

Even worse, after a half hour conversation, 10% were ready to disclose the sort of personal information that is useful to social engineers and password guessers. Over 73% were happy to give away potentially sensitive information related to their work. And if I read the article correctly (I haven’t seen the actual study anywhere yet, and the wording is slightly ambiguous), >86% of those who accepted the invitation were in the IT industry, and 31% of those worked in IT security.

And not as much as a virtual G&T on the table. That’s what I call a cheap date…

(Hat tip to Sorin Mustaca for the pointer.)

David Harley CITP FBCS CISSP
Mac Virus Administrator
ESET Senior Research Fellow
Small Blue-Green World

http://wp.me/pOMVc-3f

Advertisements

Responses

  1. Report is here http://www.bitdefender.com/files/News/file/Social_Networking_and_the_Illusion_of_Anonimity_BT.pdf

    I find “she has a known face, but can’t remember we met” the best/worst excuse to befriend her 🙂

    Doesn’t mention Facebook though (and with all that focus on the industry people work in, it could well be LinkedIn)

    Tomorrow on the website of a AV/AS magazine newar you 🙂

    • @Martin Yes, that might make more sense. Thanks for the link. I’ll re-blog it shortly.

  2. Oops, Firefox autofill decided to advertise the VB conference again 🙂

    • What conference would that be? 😉

  3. Come on, guys! Don’t be mean…
    “a known face – but I don’t remember the place we’ve met” was one of the most intelligent responses I’ve received. 🙂

    • “I’ve just seen a face, I can’t forget the time or place…” Perhaps romance died with the Beatles. 😀

      • Eh, in our present, it seems that time and place are not important (anymore).
        Maybe I should try another experiment about to the romance in IT industry.
        Hmmmm… good idea, isn’t it? 🙂

      • @sabina, hmm, I think I feel a conference paper coming on. 😉

  4. @ david – suuuure, a “last minute paper” called “i fall in love, and love is like a virus. lucky me, i’m an IT security researcher” 😉

    • @Sabina: nice thought, but I don’t think I can make that particular deadline. I’ll have to leave that one to you. 🙂

  5. […] Networking and the Illusion of Anonymity”, which I’ve previously mentioned here and here, reminded me of a rather nice paper by Mich Kabay that he presented at EICAR in 1998. (I think that […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: