6.4. Finding Information From Public Sources and the Internet
About 90 percent of the information anyone needs to breech security is freely available; the difficult part is recognizing and analyzing it. Of the remaining 10 percent, well over half can usually be inferred from that 90. With any given objective, there are usually only a limited number of sensible conclusions. This has never been more true than right now in the 21st century. With the all-pervading nature of the Internet, information gathering has never been easier; we are now a culture of information exhibitionists and many people have weblogs, personal websites and profiles on social networking sites. Coupled with the fact that virtually everything written on the Internet is indexed by search engines and that it is possible to access numerous databases on companies and individuals, the Internet is a vast resource to draw from. In this section I will address the resources that I have found to be useful when researching targets. Although it is by no means comprehensive, it will be sufficient to illustrate the points I've made here.
6.4.1. Mining Social Networking Sites
Social Networking (SN) sites are invaluable. They allow their users to upload profiles, host weblogs (blogs), share photographs and other media, play games with other users and make friends. The leading SN site, Facebook claims in excess of 150 million users while MySpace is reported to exceed 100 million, attracted 230,000 new users a day.
Personal ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
