Anybody want to know Trend Micro’s top secret internal strategic plans for our upcoming projects? How about our financial returns for the next quarter?
Well, sorry, obviously we are not going to give that sort of information out publically—we’d need to be crazy to do something like that.
… On the other hand if you want a heads up on Microsoft’s upcoming Windows 8 and Windows 9 operating systems (128bit, apparently) just wander over to the LinkedIn social networking site.
PC Pro has published a short piece on how a certain key Microsoft employee’s LinkedIn profile described his job description as:
Working in high security department for research and development involving strategic planning for medium and longterm projects. Research & Development projects including 128bit architecture compatibility with the Windows 8 kernel and Windows 9 project plan. Forming relationships with major partners: Intel, AMD, HP and IBM.
Ouch.
This is yet another example of very sensitive company data being accidently posted to a social networking site, an all too common occurence. Social networking sites are also invaluable as sources of reconnaissance for hackers targeting a specific company, whether it’s an IT admin on LinkedIn mentioning “managing Checkpoint Firewalls” in his job description, or an employee tweeting that they are going on their way to a “merger meeting with company X”—employees are quite often unaware of the sensitive information they are publically disclosing.
Don’t get me wrong, I like social networks. I even have a LinkedIn profile of my own, but I don’t put any data there that people would not already know.
If you are worried about this sort of data leak occuring in your own company, I’d fully recommend reading my colleague David Sancho’s paper “A Security Guide to Social Networks“.
Perhaps Microsoft might like to print out a copy for all of their own employees.