Security researchersreleased a toolthis workweek that get you collect social medium profiles of a massive amount of people using look recognition . While that might vocalize like a terrible idea , the tool ’s Jehovah say it will help security professionals by giving them the same tools as the bad guys .
The tool , Social Mapper , is open - reservoir and can gather someone ’s information from LinkedIn , Facebook , Twitter , Instagram , Google+ , and Chinese microblogging sites Weibo and Douban , and Russian social spiritualist service VKontakte .
Social Mapper was make by researcher at Trustwave , a security measure firm that acquire the tool predominantly for penetration testing , or an authorise simulated attack intended to quiz a system ’s security measure . The information get together is n’t in particular incursive — an unskilled internet sleuth can easily bump someone ’s social media profiles , especially if they have their name and their exposure , which is what Social Mapper does — but on a slightly terrific scale .
Social Mapper scan a enceinte scale of single profiles by performing face identification check on profile exposure of the “ target ” based on top hunt outcome of their name . It ’s not exactly fast — the researchers estimate it could take over 15 hour for lists of 1,000 people — but it ’s an automated and efficient way to process a bounteousness of the great unwashed ’s societal medium profiles .
The program then generates a report consolidating all of the data , which includes links to the targets ’ social mass medium profiles . The researchers note in ablog postdetailing the instrument that it can also create lists for each of the societal medium sites check with the name of the target as well as their potential work email .
The declared purpose of this tool is to streamline honourable hacker ’ social culture medium phishing crusade — signification , phishing effort they were paid to wage to test their clients ’ protection — by expeditiously pull together and generating target leaning . The researchers refer a few examples of what pen testers might be able-bodied to do with their tool , such as friending targets on social media with a fake profile and then send them liaison to malware .
It ’s not hard to imagine how such a tool , useable to the populace , might be exploited by defective role player , who could apply it to more efficiently wage phishing and ransomware tone-beginning . A Trustwave spokesperson shot down this criticism , saying that Social Mapper is intended for “ playpen testers and red teamers ” whose province is “ to find exposure using tools and technologies Black Hats are already using or most likely have . ”
In other words , tools like this already survive , but Trustwave is making it available to everyone , which “ helps even the meet field , ” the spokesperson said . Releasing tools like Social Mapper , they added is “ very commonplace in the security industry and help the good guys . ”
Okay .
[ The Verge ]
CybersecuritySocial media
Daily Newsletter
Get the best technical school , science , and culture intelligence in your inbox day by day .
news show from the future , delivered to your present .
Please select your desire newssheet and submit your email to raise your inbox .
You May Also Like
