Las Vegas Wants to be Your Friend on Facebook

Monday, May 23, 2011

Rafal Los


I flew into Las Vegas recently and immediately noticed something that wasn't here last time I was hopping around sin city.  

Social Media fever has taken over Las Vegas. How does this apply to software security?

Remember the expression - "What happens in Vegas, stays in Vegas"?  

That may soon change to "What happens in Vegas, is tweeted and Facebooked"... and I don't know how many of the patrons that come here looking for a little break from the ordinary are OK with that.

I'm seeing location-based services are prevalent, giant signs and banners proclaiming "Follow us on Twitter!", and "Be our friend on Facebook!"... so can you imagine what that's going to do for your next penetration test or social engineering campaign?

Oddly enough, on the flight over I was diving into the book "Social Engineering: The art of human hacking" by a friend of mine, and social engineering pioneer Chris Hadnagy.  

The book is scary enough for those of us who don't live in the social engineering space daily... but combine that with the social media campaigns that Las Vegas seems to have jumped full-bore into... yikes.

See... Software Security is tied into not only development, but privacy as well.  

Sadly, as your privacy shrinks - or as you give more and more of it away - the possibility of that crazy night in "Sin City" will follow you not just to work on Monday... but maybe to the next time a hacker is trying to penetrate your applications attack surface!

I've been talking about mobile devices and application security lately, so I can't wait for all these casinos and such to start coming out with iPhone, WebOS, Android and BlackBerry apps... gamble "while you're in Las Vegas (a location-based service)" on your mobile device from pool-side.  

Can you imagine?  It's a hacker's dream...

I, for one, am turning location-based services off on my mobile device right now.

Stay sane friends!

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
Facebook Privacy Application Security Social Media Mobile Devices Location-based Services
Post Rating I Like this!
Fred Williams I was checking in on Foursquare for a year. Then realized I wasn't getting a dang thing from it so I deleted my account. Good thing about 4square that it does delete all of your localized data. Or so I think. I know that it naive of me.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.