By John W. Pirc, Author, CEH, IAM, SANS STL, Sr. Product Line Management, Global Network Security Products
Happy New Year and welcome to 2012! I’m starting the new year with a discussion on an area of risk in social networking dealing with situational awareness through location-based social networking.
Did you know that location-based social networking (LBSN) was started by two NYU students in 2000 with a service called Dodgeball? This service allowed users to text/SMS their location, which was shared with their friends. Those same two NYU students Dennis Crowley and Naveen Selvadurai sold Dodgeball to Google and went on to start Foursquare in 2009.
I bring this history point up to demonstrate that location-based social networking has come a long way from a service to an application. More importantly, it’s not new and with the rapid adoption and use of social networking, this adjacent market of location-based social networking is becoming a feature of social networking sites. As we move into 2012 and into a decade of technology that is transforming the way we do business and socially interact with each other online.
As you head into 2012, I leave you with a few tips/reminders about how location-based social networking and social networking (Facebook & Twitter) combined in aggregate can yield some interesting assumptions or results.
Figure 1.0 Source: http://www.pcmag.com/article2/0,2817,2395551,00.as
In a recent presentation I gave on the Dangers of Social networking, I cover situational awareness/LBNS as one of the seven dangers of social networking that can impact you personally and the corporation that employs you. I think for the most part, those of us that use LBSN on regular basis realize they are broadcasting their location beyond just their friends when they link to Twitter, Facebook and LinkedIn, to name a few. This is such an important point because we have become very comfortable with social networking that—as I discussed in my last blog— 2 cyber security tips: Spreading holiday cheer along with your personal information, we are willing to give information/location as payment in order to use a service/application within Facebook. I believe we will become more complacent about location that it has the possibility of uncovering information in aggregate that could reveal a lot of interesting information.
From a personal security perspective, sharing location combined with vacation plans is probably not a great idea but who would ever think that a friend would rob my house…wrong…wrong, with the right information, timing couldn’t be more perfect for the high tech robber. In the URL in figure 1.0 has some great information on how LBSN and Social Networking is used as recon by burglars and would encourage you to read it.
Figure 1.1 LinkedIn + Tripit or Foursquare
As I mentioned, we are willing to share a lot of information on the personal side of social networking which has several risks that include burglary. However, crossing over into the corporate side of LBSN coupled with social networking or applications like Tripit, things can become more interesting. In figure 1.1, I’ve masked the identity of few individuals but it’s very important that you think before you send/accept an invitation on LinkedIn along with other LBSN information.
If you are part of a merger-and-acquisition (M&A) team, corporate alliances/partner programs or a senior executive for a large corporation in the midst of starting a deal…it’s likely that you will send/accept LinkedIn invites from the company you are doing business with. In my personal experience, I’ve witnessed Tripit information from individuals that are traveling from the East Coast to the Bay Area. These were senior individuals of the company and shortly after, they friended peers in another high tech company. It wasn’t long after seeing that information in LinkedIn, I was reading an article about a pending partnership between both companies. I wasn’t surprised to read this as I’ve worked many partnership deals and soon realized what titles are involved in making one work. A light went off and I never realized that LinkedIn coupled with LBSN could actually be used to read the tea leaves of a pending M&A or partnership. Please realize this is one lens of viewing this type of data. I wouldn’t place significant stock in using this to predict an M&A/partnership. But do keep in mind: if you are in a high-level position, just be careful whom you connect with because you never know who is viewing the information.
Additionally, using LBSN like Foursquare and checking into client sites…. probably not a great idea either. I will often check into airports, restaurants and hotels all across the world as I’m visiting clients gather requirements but will never Foursquare that I’m at corporation “X” as many of my LinkedIn connections are in the security industry at competing companies.
Personal and corporate tips on location-based social networking
As I close, I leave you with a few reminders about using location-based social networking with cross-social network postings.
From a personal security perspective:
From a corporate security perspective:
Again, thank you for your time and hopefully some of this information was helpful.
Stay Social and Stay Secure in the New Year.
>> Related blog post: 2 cyber security tips: spreading holiday cheer along with your personal information
>> Learn more about HP Networking products and solutions.
>> Learn more about HP’s Enterprise Security Solutions.
>> Follow HP Networking on Twitter and Google+ | Join HPN LinkedIn Community | Like us HPN Facebook
