Fake Profiles Beware

In what is now may be referred to as the Robin Sage Affair, a fake profile was created that fooled some but certainly not all security pros.

"By the end of the 28-day experiment, Robin finished the month having accumulated hundreds of connections through various social networking sites. Contacts included executives at government entities such as the NSA, DOD and Military Intelligence groups. Other friends came from Global 500 corporations. Throughout the experiment Robin was offered gifts, government and corporate jobs, and options to speak at a variety of security conferences, said Ryan."

At least one takeaway is: "Be careful who you choose as your friends. There are patterns people can use to follow you. For instance, on Linked In, what makes it insecure are some of the apps, like Trip Advisor. It will say when you are going away or not at home. That poses a potential threat, especially if you have a key role in a government organization. If someone knows you aren't home, they can potentially do something to your home, like they can tap a phone, for instance. And it doesn't take much to figure out a home address. Once you have a rough idea where they live, if you have a personal email or cell number, you can find out where they live and put their address into, say, Microsoft Bing and do a virtual reconnaissance of their home."

Part of a recent discussion from the LinkedIn Homeland Security Discussion group went sort of like this: How often have you gotten a "link request" from someone with a "dot cn" or "dot ru" email address? What would you (or did you) do if you got one?

Be careful "out there." Most of the time its like having unprotected sex 24/7/365.