The next time you visit a Web site on which users contribute much of the content—say, social networking sites like Myspace or photo-sharing sites like Flickr—be aware that some of the content other users are contributing may be malicious.
Hoffman says that mapping and fingerprinting a network from the inside provides an attacker with a cache of information that is typically hard to get. “Normally an attacker needs to do a lot of work to get that type of information,” he says. “He needs to hack around your firewall, or park in front of your headquarters and try to find an open access point that’s not secured.”
Mikko Hyponnen, director of antivirus research at F-Secure, says that his team audited two well-known social networking sites with millions of registered users (not including Myspace) and quickly found that both sites were vulnerable to these kinds of attacks.