[info] [IP] Tool mines personal data from across Net

Eugen Leitl <eugen at leitl.org> on Fri Apr 20 13:08:57 UTC 2007 
----- Forwarded message from David Farber <dave at farber.net> -----

From: David Farber <dave at farber.net>
Date: Fri, 20 Apr 2007 08:54:37 -0400
To: ip at v2.listbox.com
Subject: [IP] Tool mines personal data from across Net 
X-Mailer: Apple Mail (2.752.3)
Reply-To: dave at farber.net



Begin forwarded message:

From: Bob Rosenberg <bob.redmountain at gmail.com>
Date: April 20, 2007 8:42:07 AM EDT
To: Dave Farber <dave at farber.net>
Subject: news.com: Tool mines personal data from across Net

Dave

Perhaps for IP.

Bob



Tool mines personal data from across Net

By Joris Evers
http://news.com.com/Tool+mines+personal+data+from+across+Net/ 
2100-1029_3-6177625.html

Story last modified Thu Apr 19 12:51:40 PDT 2007



VANCOUVER, B.C.--Who needs to dive through dumpsters or steal snail  
mail when so many details on people are available simply by searching  
the Web?
South African security researcher Roelof Temmingh, known for his work  
on security tools such as Wikto, is taking the search for personal  
information a step farther.

Temmingh--who spoke at the CanSecWest security conference here  
Wednesday--has crafted a tool dubbed "Evolution" that associates data  
found in multiple search engines and social-networking Web sites such  
as MySpace.com and LinkedIn. It also uses other sites' tools to find  
information behind Internet Protocol addresses, Domain Name System  
entries, domain registration and more.

As a result, a search for a person will associate the individual with  
results found across the Net. The idea is that data found in one  
place can bring up results elsewhere. For example, an e-mail address  
may bring up a domain name, which in the next search may bring up a  
physical address.


The searches could also connect work e-mail addresses with home phone  
numbers and expose details such as which NASA employees use social- 
networking sites and find people at the National Security Agency who  
use Google's Gmail, said Temmingh. Evolution, currently in its early  
stages, does all that automatically, he said. Temmingh created the  
tool not just to demonstrate his skills, but also to highlight just  
how much personal data the Net holds, and how vulnerable it is.

The results can help somebody doing research into an individual, but  
they can also help a potential fraudster, Temmingh said. A search can  
expose information helpful for social-engineering attacks. Also, it  
can expose secondary targets as it will bring up information on  
individuals' alliances with people or organizations.

Another possible use is "virtual identity theft," Temmingh said. You  
can assume a person's identity by registering free e-mail addresses  
in their name, setting up MySpace and LinkedIn profiles as them and  
getting the identity out so it gets indexed by search engines, he said.



Copyright ©1995-2007 CNET Networks, Inc. All rights reserved.

-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
More information about the info mailing list