Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Deriving Passwords from LinkedIn Profiles

chicksdaddy (814965) writes | about 2 years ago

Google 0

chicksdaddy writes "It’s already common knowledge that hackers and other “bad guys” comb through worker profiles on LinkedIn, Facebook and other sites to help craft targeted attacks. But could your social networking profile provide more useful information – like your password? Independent security researcher Itzik Kotler thinks so.

Kotler is the creator of Pythonect, a new, experimental dataflow programming language based on Python. Using it, he said he’s been able to derive passwords from the public content of individuals’ LinkedIn profiles.

Kotler’s method was straight forward: he used Google’s Custom Search Engine to find all the employees for a given company. For the profiles that are returned, Kotler then scraped their personal information for analysis- a job made easier by LinkedIn’s adoption of the Google hCard microformat, which is used to display the contact details of people, companies, organizations, and places in easy-to-read form on search results pages. The resulting data was then crunched the resulting data using Pythonect.

The strategy isn’t the most efficient means of breaking into an account, Kotler admits, but it does suggest that the treasure troves of personal data we make available online could be useful as more than just fodder for social engineering attacks. Kotler did a Q&A about Pythonect with The Security Ledger."

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?