Risky Business #97 -- Antisocial networking

Previously on Risky Business...
27 Feb 2009 » Risky Business

Yeah yeah, we've all heard about the threat from social networks -- employees post juicy information that attackers can hoover up during reconnaissance. But what if a determined attacker actually infiltrated the social network that exists between your employees? What if they then used that trust to phish for VPN passwords?

That's what the guys from the Snosoft research team claim to have done in a recent customer engagement, with spectacularly successful results. You can read their post here.

Melbourne-based CSO Adam Pointon joins us to discuss the idea.

This week's show is sponsored by Microsoft. Mike Reavy of the MSRC pops in this week to explain Microsoft's exploitability index, and Adam Boileau joins us for the week's news.