Thursday, June 10, 2010

facebook: security case study اللى خالع راسه يغطيها


Two days ago, when opening my facebook in the morning, i found a nice video posted by a friend about someone called marc proposing to his fiancee miriam.
WOWWW, so romantic, and by the end of the day all my profile page was one repeated post, everyone reposted the video.
number of people watched the video on youtube jumped from 9000 to 36000 in two days.
my sister, my friend Sally (which is more like an internet investigator then a simple user) and I have a question: did they ever get married?
so my friend an I spent sometime yesterday digging the facebook. and we get our answer.
BUT what this experience reveals is more then a simple answer to a question.
after one hour of digging facebook we know all of this about marc and miriam:
1- his full name: marc wassim (from the profile)
2- her full name: miriam karam (from the profile)
3- date of proposal: 3/2009 (from the video)
4- date of engagment party: 5/2009 (from the video)
5- date of wedding: 10/2010 (from the comment)
6- marc's work place: Dubai (from the video and comment)
7- their friends names (from the video)
8- marc's hobby: photography (from the comment)
9- marc's camera (from the comment)
10- scenes from his house (from the video)
11- some of his family members (from the video)
and more
how we did that: just by digging facebook profiles
marc and miriam, both set the maximum security measures for their profiles, all the personal info are hidden, no pictures were shared, ... etc
but there was one album that was for public view, this was some photos taken by marc practicing his hobby.
just by reading the comments, we knew all of this and more.
are these information too much to know about someone you don't even know? OF COURSE
just two small steps away from hacking his credit card number :)
and remind you, all these information were revealed just by going from one facebook page to another, just unexperienced simple users actions. no software, no hacking ... nothing
did marc expect this or intend to do it? of course not

but this exactly what is called social hacking: which hacking to someone's vital information using what you know about him/her: as in expecting his password to be his date of birth, his wedding date or his kid's birthday and so on

the danger i'm talking about is not silly amateur stealling girls pictures to photoshped it with naked body, i'm talking about the more deep danger: HACKING to your life

and this all starts with a simple youtube video

social media users (facebook, myspace, ... etc) now have to choose between protecting their security or enjoying the magical concept of SHARING

can't do both, because there are no 100% security measures online, it's a lie no matter what the people of facebook say

so now before sharing anything online ask yourself this question: how much information about me will this reveals?

3 comments:

Evronia said...

this is absolutely true.. wow! i loved this investigation! i like the post a lot really!

Sokrata said...

thank you, i thought you will like it

Anonymous said...

you know what?..I did exactly the same when I first watched the video..and I found even much more information than you did :D..

However, and that's my very personal opinion, I think both of them are somehow happy with all the fame they get..Somehow they "wanted" people to know that much about them..otherwise why in the hell would anybody share such a private moment with millions of people over the internet??..

One of my friends on Facebook shared their proposal video on his profile -and that was in the very beginning of the propagation of the video..it was still not that viral yet- without pointing out that the video of "Marc and Myriam"..and guess what happened??..Marc sent him a message on the Facebook asking him to do so !!!!!!..which clearly indicate that they were seeking that fame in the first place..