Your friend could be your weakest link

Picture this:

  • you were at a location that you were not supposed to be at.
  • a friend takes a snap and posts it on a social media site
  • your friend’s security setting is quite lax
  • the world can see that you were at that location
  • The Enemy(tm) searches for you but you have good OpSec so you’re ok
  • The Enemy(tm) expands their search for affliates, associations, etc.
  • The Enemy(tm) finds your friend
  • The Enemy(tm) finds your photo
  • sprung!

People that are connected to you form a web of trust. You trust them to be a connection whether it be friend, business associate, etc. These connections are people that you trust with a certain amount of information about you (online or otherwise).

Depending on your influence, your web of trust could be quite large, multi layered and complex.

As we’d like to keep things simple here, let’s say that your web of trust is online via a well known social networking site.

Now, if one of your connections were to be compromised, as shown by the opening example, you’ll have a lot of explaining to do.

As an attacker, our job is to find the weakest link and exploit it, even if that means finding your web of trust and use them as leverage to achieve a goal.

Naturally, if you’re a target, you may want to get tighten up your web of trust or communicate this scenario to your own web. Increasing the strength of your weakest link will increase the security of others on the whole.

There is even a tool to do find your web of trust:
http://www.theregister.co.uk/2014/06/03/rejected_researcher_builds_facebook_friends_harvester/

Advertisements