I haven't posted for a bit because to be honest I haven't had much to say about security that might be interesting. I have been active on my Cisco Basics blog though for anyone interested in that type of thing.
I'll get to the point of this post though, recently I was emailed by a guy called Matt. In his email Matt suggested maybe we bounce a few ideas off each other for future blog stuff. To me this sounded great as I needed something to motivate me to get posting again but as most security people know, we can be a pretty suspicious and paranoid bunch. So I did a little digging on Matt, nothing too much just the run of the mill Google Fu and a little Maltego. Once I'd satisfied myself that Matt was probably Matt I emailed back and we began to chat. As it turned out Matt really knows his stuff and his site AttackVector is superb.
The night before last I was reading Matt's article on Invasion of Privacy and the reason I'm bringing to your attention is because it is hands down the best example of personal information gathering that I have read. Matt's subject was a spammer (what goes around comes around) but the same techniques that he describes can be employed against any target. He uses DNS, Whois, Facebook, LinkedIn, Goggle and other easily accessible services to research his target and gather data that most people probably don't even realise is out there. I strongly recommend that readers head over to Matt's site and check out his article called Invasion of Privacy to see how it's really done.
Truly scarey stuff!!!