Jack Recider

And if someone says they've worked for a company for 10 years as a database admin, and specifically they say they're excellent at Microsoft SQL Server, Now you can guess with high confidence this company runs Microsoft SQL Server internally, and this person probably has the admin password for it. And we all know how susceptible people are to phishing emails.

And if someone says they've worked for a company for 10 years as a database admin, and specifically they say they're excellent at Microsoft SQL Server, Now you can guess with high confidence this company runs Microsoft SQL Server internally, and this person probably has the admin password for it. And we all know how susceptible people are to phishing emails.

I mean, my opinion is if you list and stuff like that, you're just putting like a big old beacon over your head saying, hey, I'm the person you're going to want to hack if you want to get in the database of this company. Come at me. Essentially, the private information that should just be kept inside the company is posted publicly for anyone to see on LinkedIn.

I mean, my opinion is if you list and stuff like that, you're just putting like a big old beacon over your head saying, hey, I'm the person you're going to want to hack if you want to get in the database of this company. Come at me. Essentially, the private information that should just be kept inside the company is posted publicly for anyone to see on LinkedIn.

And I mean, here's a story where the company is wondering, hey, how come the public knows about one of our internal memos? I say start by auditing what your employees are posting to LinkedIn. If the company is totally cool with all this internal stuff getting posted publicly, then maybe that's perpetuating a culture change. That's okay to blab about exciting news to whoever asks.

And I mean, here's a story where the company is wondering, hey, how come the public knows about one of our internal memos? I say start by auditing what your employees are posting to LinkedIn. If the company is totally cool with all this internal stuff getting posted publicly, then maybe that's perpetuating a culture change. That's okay to blab about exciting news to whoever asks.

I had someone message me on LinkedIn the other day asking me, hey, how can I get my data taken off the internet?

I had someone message me on LinkedIn the other day asking me, hey, how can I get my data taken off the internet?

And you posted all this to LinkedIn and you're wondering how come the internet knows all this stuff about you? Because the thing is, a lot of what data brokers know about us is from the stuff we post publicly. Data brokers are scouring our social media profiles, our blog posts, and any mentions of us on the internet. And then data brokers store all that information about you that you posted.

And you posted all this to LinkedIn and you're wondering how come the internet knows all this stuff about you? Because the thing is, a lot of what data brokers know about us is from the stuff we post publicly. Data brokers are scouring our social media profiles, our blog posts, and any mentions of us on the internet. And then data brokers store all that information about you that you posted.

I say we should take our own privacy seriously because the more we don't care about our privacy, the more companies won't care about your privacy.

I say we should take our own privacy seriously because the more we don't care about our privacy, the more companies won't care about your privacy.

Anyway, as you can imagine, Rachel had this target company and was able to quickly guess at who might know about upcoming mergers and acquisitions and started hyper-targeting them, doing full background searches on them, gathering up their details, and just started reaching out, acting like a journalist, emailing them, wanting to see if she can easily get this information from people.

Anyway, as you can imagine, Rachel had this target company and was able to quickly guess at who might know about upcoming mergers and acquisitions and started hyper-targeting them, doing full background searches on them, gathering up their details, and just started reaching out, acting like a journalist, emailing them, wanting to see if she can easily get this information from people.

But it didn't work. No matter who she reached out to or how convincing her backstory was, people weren't freely giving her information about upcoming mergers and acquisitions. This method wasn't working.

But it didn't work. No matter who she reached out to or how convincing her backstory was, people weren't freely giving her information about upcoming mergers and acquisitions. This method wasn't working.

Attack via the hiring process? What an interesting sentence to say. I don't think that idea crosses many people's minds, that people applying for jobs might have malicious intent. I've heard of the evil maid attack, but what's this called? The phantom applicant attack? There's a lot of information that you can get just from reading a job posting.

Attack via the hiring process? What an interesting sentence to say. I don't think that idea crosses many people's minds, that people applying for jobs might have malicious intent. I've heard of the evil maid attack, but what's this called? The phantom applicant attack? There's a lot of information that you can get just from reading a job posting.

Like when a company lists the job duties, it might tip their hand into what endeavors the company is going to do next or expose what technology they have in the company. And these things can be used against the company in social engineering attacks. I think if you read enough job listings, you could probably develop a map of the data center.

Like when a company lists the job duties, it might tip their hand into what endeavors the company is going to do next or expose what technology they have in the company. And these things can be used against the company in social engineering attacks. I think if you read enough job listings, you could probably develop a map of the data center.