How much can your name tell? A demo of reconnaissance |
Abstract
The internet has become increasingly important in our everyday lives. We use the Internet to write blogs, to chat, to apply for jobs, etc. Unfortunately, many of us have little or no idea about what we have left on the Internet. Personal information like name, birthday, contact details and even relationship status can be found online without much efforts! Each piece of this kind of information alone may not have big impacts, but as a whole, it can identify a person. It’s not hard to imagine what hackers will do with these personally identifiable information (PII). Identity theft, phishing, watering hole attack, you name it. To illustrate how exposed our information is online, I did an experiment on myself. Starting from the easiest, the experiment involves two parts, searching my name with google and on Linkedin. However, the result is surprising. Through Google, people can know my education, alternative name, residence location, past working experience and social media activities. While on Linkedin, a friend who is not a connection with me can see more detailed information, like current position, email address. Speaking of PII, we should take actions to prevent over exposure. For credential information like passwords, it’s usually encrypted and has limited access in the system. Moreover, there are many other measures to protect it, which makes it harder for hackers to get access to them. On the other hand, PII talked here is open and public. Though companies work hard to provide more secure services, the final control is in our hands. At least we can choose who can see what information. This talk hopes to promote awareness of protecting PII. Regarding the question of how, we should change our mindset, be cautious of using all kinds of online applications and try to think ahead. |