Web of trust case study

A couple of blogs back we were on the subject of the Web of Trust and Tinder Hacking.

An article today has a good example of how both can be used and abused.

It is important to note that low hanging fruit is fair game, by leveraging trust, any campaign is just as effective.

Key steps:

  • assume a trusted identity
  • leverage that trust to target associations (friends)
  • SocEng: Use a time limited situation (ie: an emergency) for personal gain

Not everything is what they seem.

Countermeasures:

  • Out of band: call them, email them but don’t reply to the message (online dating, remember the burn phone)
  • Ignore: if it’s important, they will try again (use best judgement! If it is an emergency, get in touch with a next of kin, etc)

http://www.bbc.co.uk/news/technology-27922710

Advertisements