Friday, May 14, 2010

Know Your Enemy

I haven't posted for a bit because to be honest I haven't had much to say about security that might be interesting. I have been active on my Cisco Basics blog though for anyone interested in that type of thing.



I'll get to the point of this post though, recently I was emailed by a guy called Matt. In his email Matt suggested maybe we bounce a few ideas off each other for future blog stuff. To me this sounded great as I needed something to motivate me to get posting again but as most security people know, we can be a pretty suspicious and paranoid bunch. So I did a little digging on Matt, nothing too much just the run of the mill Google Fu and a little Maltego. Once I'd satisfied myself that Matt was probably Matt I emailed back and we began to chat. As it turned out Matt really knows his stuff and his site AttackVector is superb.




The night before last I was reading Matt's article on Invasion of Privacy and the reason I'm bringing to your attention is because it is hands down the best example of personal information gathering that I have read. Matt's subject was a spammer (what goes around comes around) but the same techniques that he describes can be employed against any target. He uses DNS, Whois, Facebook, LinkedIn, Goggle and other easily accessible services to research his target and gather data that most people probably don't even realise is out there. I strongly recommend that readers head over to Matt's site and check out his article called Invasion of Privacy to see how it's really done.

Truly scarey stuff!!!

10 comments:

Matt said...

Thanks for posting this! I'm glad people have found my post useful/insightful/educational/frightening.. lol

It is really scary how easily information is obtained these days. I will be writing something to follow up with this about some techniques to protect yourself, or, at least, attempt to.. there's actually very little that you can do, unfortunately.

Anyway, thanks again!

Anonymous said...

Hey Syn,

I will be reading that article looks really interested. By the way I have been reading your Cisco basic blog recently its a shame you turned off commenting I think it would be nice to see others feedback on the things you are doing.

I am studying for my CCNA and active material is just want I needed.

By the way I moved my blog from blogspot to securegossip.com, pretty nice group of people over there.

Infolookup
http://infolookup.securegossip.com

Infolookup said...

Syn,

I agree this is a really nice right-up! I re-posted the link in the pauldotcom irc room and it got a lot of good feedback.

By the way nice job on the Cisco basic blog. I have been checking out since I notice you were a bit busy over there. You should enable comments, it will help for others to share their ideas and give you feedback.

SynJunkie said...

Matt - No problem, it's a great post and I wanted to draw peoples attention to it.

Sherwyn - Thanks for the comments. I have left off comment on the cisco blog as its more of just a notepad of what I'm doing. Sort of my own home made labs. Maybe I'll enable them later.

BTW - I had been visiting your blog in its new home, awesome work your doing there!
Cheers

Lee

Electric said...

Hey wanted to get on to you personally but anyway

was just curious as to where you studied and your opinion on the best place to study to become a system admin

SynJunkie said...

Hi Electric

Really I never studied, most of what I know is self taught. Do I think that is the best way to go? Well self study is cheaper and you can go at your own pace, the downside is it's easy to get distracted and go off topic. Using a blog as a study aid is something I recommend, set yourself a goal to blog about and aim to make the best post you possibly can. It doesn't matter if no one ever reads it, it will keep you on topic and if you set yourself a goal of a post a week it will keep you moving forward. If you find you can't be bothered to blog, well that's good too because you probably have learnt early on that what your blogging about isn't for you, now you can find something you are truely passionate about and do that.

Anonymous said...

syn from HF?

SynJunkie said...

Don't think so.

TAPE said...

Although I realise you are not on this blog that much, I would like to say thanks for mentioning my blog as a blog of interest.

I started out looking to your blog as the place to be and you have taught me plenty.

A HUGE thanks for even looking at mine :)

builder said...

ill be linking you at mine. it is mainly a disorganized personal resource of links. i plan to group links in the future. heh! check out our irc channel maybe? http://pr1v4t3.blogspot.com