chicksdaddy writes "It’s already common knowledge that hackers and other “bad guys” comb through worker profiles on LinkedIn, Facebook and other sites to help craft targeted attacks. But could your social networking profile provide more useful information – like your password? Independent security researcher Itzik Kotler thinks so.
Kotler is the creator of Pythonect, a new, experimental dataflow programming language based on Python. Using it, he said he’s been able to derive passwords from the public content of individuals’ LinkedIn profiles.
Kotler’s method was straight forward: he used Google’s Custom Search Engine to find all the employees for a given company. For the profiles that are returned, Kotler then scraped their personal information for analysis- a job made easier by LinkedIn’s adoption of the Google hCard microformat, which is used to display the contact details of people, companies, organizations, and places in easy-to-read form on search results pages. The resulting data was then crunched the resulting data using Pythonect.
The strategy isn’t the most efficient means of breaking into an account, Kotler admits, but it does suggest that the treasure troves of personal data we make available online could be useful as more than just fodder for social engineering attacks. Kotler did a Q&A about Pythonect with The Security Ledger."
Link to Original Source