Anybody want to know Trend Micro’s top secret internal strategic plans for our upcoming projects? How about our financial returns for the next quarter?

Well, sorry, obviously we are not going to give that sort of information out publicly—we’d need to be crazy to do something like that.

On the other hand, if you want a heads up on Microsoft’s upcoming Windows 8 and Windows 9 OSs (128-bit, apparently) just wander over to the LinkedIn social networking site.

PC Pro has published a short piece on how a certain key Microsoft employee’s LinkedIn profile described his job as:

Working in high-security department for research and development involving strategic planning for medium- and long-term projects. Research and development projects, including 128-bit architecture compatibility with the Windows 8 kernel and Windows 9 project plan. Forming relationships with major partners: Intel, AMD, HP, and IBM.

Ouch.

This is yet another example of very sensitive company data being accidently posted on a social networking site, an all-too-common occurence. Social networking sites are also invaluable as sources of reconnaissance for hackers targeting a specific company, whether it’s an IT administrator on LinkedIn mentioning “managing checkpoint firewalls” in his job description or an employee tweeting that he/she is on his/her way to a “merger meeting with company X”—employees are quite often unaware of the sensitive information they are publicly disclosing.

Don’t get me wrong, I like social networks. I even have a LinkedIn profile of my own but I don’t put any data there that people would not already know.

If you are worried about this sort of data leak occuring in your own company, I’d fully recommend reading my colleague, David Sancho’s, paper “A Security Guide to Social Networks.”.

Perhaps Microsoft might like to print out a copy for all of its own employees.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!