Are you and important executive? Do you use Twitter, Foursquare, or one of the popular photo sharing sites like flickr or twitpic?
If so, you’ve just opened a pandora’s box. Those photos you uploaded from your gps enabled smartphone, and those tweets from that same smartphone, along with your Foursquare check-ins are a great way for me to discover where you live, what you do, and when you might be out enjoying an evening drink – ripe for a carefully crafted social engineering attack.
Yes, it’s creepy that I think of these things – but I’m hardly the only one doing it. Enter Creepy, the latest addition to my growing Linux based security toolkit. It automatically pulls down your pictures, geo tagged tweets, and Foursquare check in locations and places them on an easy to read map! Yeah, and now I see where you might live, where you eat, what you do, and when you’re on vacation or what clients you’re visiting. That can be very useful if I want to catch you off guard for some social engineering… but I think it might be most useful when you’re out of the office and I want to trick your staff – ala the HBGary hacks.
Sources:
Introduction by the author [diveintoinfosec.wordpress.com]
Download [GitHub]
