I believe the author missed a potential use for blogs and similarly postings on support newsgroups. That would be in the pen-testing and information gathering. One would surprised what confidential data (internal IP addresses, tree/domain names, user accounts) might be posted in search for help or relating a story. Fire up Google Groups, and search your companies domain name (i.e. microsoft.com), and see what has been posted.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/173/21002#21002