3 min read

Blogging can Affect Your Security

Bogdan BOTEZATU

October 16, 2008

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Blogging can Affect Your Security

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

However, simply writing on various personal issues can impact on users’
security and can expose them to extra security risks related not only to
privacy, but also to identity theft and account balance.

Many bloggers have abundantly written on topics such as favorite music
or movie artists, love, hobbies and other various topics that apparently can
hardly pose any risk. It’s extremely easy to write on such topics, or to share
different experiences with readers, but at the same time, bloggers might expose
enough data for malicious persons to carry out a successful phishing or vishing
(the phone equivalent of phishing) attack.

In order to better explain these risks, let’s take into account the
following scenario:  a blogger buys
himself / herself a new, more efficient & intelligent mobile phone. It can
open PDF documents, it has Wi-Fi connectivity (or at least, it can connect via
GPRS to a blog, in order for its owner to fuel it with new material while
travelling). Suddenly, the above-mentioned blogger feels the urge to brag about
it on the blog in a more personal manner.

I have just purchased a new mobile phone in order to do some on-the-fly
posting with the newest things that come across my life. I got my new
[brand-goes-here] yesterday from [mobile company]‘s shop. You would not
believe how excited I am. I’m the coolest of you all
“.

Next on, imagine that the post above ends up read by the wrong person,
who then calls the blogger back impersonating one of the [mobile company]‘s employees. Bloggers who
have registered their own domain names usually have their phone number listed
in the registrar’s database.

Hi there, sir! I am [name] of
[mobile company], and I’d like to
ask you a couple of questions about your
[brand-name]
handset you purchased yesterday from
[shop].
But first, I’d like you to confirm your identity. Please state your SSN, birth
date and address
“.

This is only one of the scenarios that can lead to massive identity
theft.  As a rule, the more you say about
yourself, the easier for the attacker to guess other details. Talking about
favorite food, actors and day-to-day activities may be a good starting point
for attackers to guess the e-mail password, or to fill in the necessary info to
recover the allegedly lost password from one’s mail account.

Installing and activating a good anti-malware security suite is one of
the first steps to follow in order to protect one’s online identity. Some
security products come with antiphishing protection that alerts the user if the
site they are about to visit is illegitimate or might pose a security threat. Bloggers
are advised to keep their posts free of excessively personal information, because
everything they say can and will be used by attackers to trap them.

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader