ITT: I show you how to protect yourself on the net

[86 IROC-Z]

So I was a bit drunk last night and was looking for something to do. My curiosity lead me to do some less-than-ethical activities, however, it showed me how FaceBook and lax security measures make us so vulnerable to identity theft and personal attacks, etc. First I'll tell you what I did, and then I'll tell you how to protect yourself against these sorts of things.


I logged into my FaceBook account, and went to my friends list, which contains a few hundred people. I started collecting email addresses that were listed on the profiles of people I'm friends with. Some profiles listed none, some one, and others a handful.

After getting a good amount of email addresses, I started looking in to how they help you if you've forgotten your password.

Student email accounts from different universities had a high level of security, requiring all of the following to reset a password: Full name, DoB, SSN, UID, and other things that weren't readily available.

Free accounts, however, are much more lenient account retrieval measures.

Gmail requires the account be idle (not logged into) for 24hrs, after which point it only asks a single security question which must be answered, at which point full access is given to the account, including the ability to change the password without know the old one.

Yahoo mail requires two security questions to be answered before access is given to the account, again, after which the password is changed with out the need to enter the old one.


First one I tried was a Gmail account. I clicked "can't access account", put in the gmail address, and it asked me the security question: "What is your favorite color?" I go back to the facebook account of the gmail account owner, and somewhere in the "about me" section was a single color among the other things about the person. So I type in that color, and it asks me to change the password, and then gives me full access to the gmail account.

bertstare.jpg

Second one I tried was a Yahoo account. First security question: "What is your middle name?" Didn't even have to look hard for that one. It WAS IN THE EMAIL ADDRESS ITSELF. Second security question: "What sorority are you in?" That took all of 10 seconds glancing at the persons FaceBook profile. Access granted, please change password, full access to account.

notsureifsrs.jpg

Third one I tried was also a Yahoo account. First security question: "What is the name of your oldest neice?" Browsing though some facebook photos of the person, one had the caption "Me and my neice [name]!! isn't she adorable!". So I put that name in, turns out she is the oldest. Second security question: "What was the make of your first car?" Look in the persons facebook albums, one is titled "My first car!", turned out to be a Mercedes. Typed that in, prompted me to change the password, and let me in.

isthisreallife?.jpg


You guys might be saying, "well whatever, I don't use my email for anything important, blah blah blah."

These questions are uncomfortably similar to security questions asked by banking and credit websites and other important online account. What would you do if one of those was compromised?

If you want to protect yourself, take a second look at all of the security questions across all of your online accounts. Most of the preloaded questions are bullshit, so if you have the chance to write your own question, DO IT! and ask something that ONLY YOU KNOW.

Next, take a look at your facebook profile. Best option? Deactivate/Delete it. However I know most people don't want to do that.

Just being "Friends only" isn't enough, as I've just shown, because that friend of that girl you talked with for 2 minutes at that party three years ago that you friend requested now has full view of your "friends only" account.

Ways to protect yourself on facebook:
Don't accept friend requests from people you haven't met in real life.
Become "facebook friends" with only actual friends.
Remove the following information from your profile:
-Date of birth (at the very least, the year)
-Hometown/Place of birth
-Links to Relatives (Important: if your mother is listed as your relative, and is divorced from your father, she is probably using her maiden name now, which is the most common security question for banking websites)
-All contact information (emails, phone, addresses, etc)
-Certain interests (If one of your security questions is "What is your favorite TV show", don't list that TV show anywhere in the "favorite tv shows" section of your profile, herp derp)

I hope you guys follow this advice because it's a scary world out there, and it's easier than ever to get information about anyone.

[SandmanWs7]

I dont like your avatar......anymore

[SeVeReDiStOrTiOn]

good info

[Tonik]

Your definition of drunk:


My definition of drunk:

[markarvidson]

I dont like your avatar......anymore

Im with this guy. But thanks for the good info.

[LeadFarmer]

I dont like your avatar......anymore

really? I quite like it

[SHines-IT]

I like my avatar.

[Tonik]

I've had my avatar for a long time... I should change it...

(IROC's thread got derailed, hardcore)

[Nhra Firebird]

My Avatar fits me well.

[SHines-IT]

My Avatar fits me well.

[pajeff02]

My Avatar fits me well.

Didn't know you were related to the Wallendas.

[silverWS6]

I miss my old avatar

[86 IROC-Z]

I like to imagine my avatar reflects the expression on the faces of people who read my posts.

[blackSS01]

I tried this with about 10 friends and couldn't get into one of them Guess my friends are a little bit better secured then I thought Granted I could ask the question to them and hit them up months later when the least expect it. Thanks tho IROC, I'll double check my shit

[LoneGunman]

So I was a bit drunk last night and was looking for something to do. My curiosity lead me to do some less-than-ethical activities, however, it showed me how FaceBook and lax security measures make us so vulnerable to identity theft and personal attacks, etc. First I'll tell you what I did, and then I'll tell you how to protect yourself against these sorts of things.


I logged into my FaceBook account, and went to my friends list, which contains a few hundred people. I started collecting email addresses that were listed on the profiles of people I'm friends with. Some profiles listed none, some one, and others a handful.

After getting a good amount of email addresses, I started looking in to how they help you if you've forgotten your password.

Student email accounts from different universities had a high level of security, requiring all of the following to reset a password: Full name, DoB, SSN, UID, and other things that weren't readily available.

Free accounts, however, are much more lenient account retrieval measures.

Gmail requires the account be idle (not logged into) for 24hrs, after which point it only asks a single security question which must be answered, at which point full access is given to the account, including the ability to change the password without know the old one.

Yahoo mail requires two security questions to be answered before access is given to the account, again, after which the password is changed with out the need to enter the old one.


First one I tried was a Gmail account. I clicked "can't access account", put in the gmail address, and it asked me the security question: "What is your favorite color?" I go back to the facebook account of the gmail account owner, and somewhere in the "about me" section was a single color among the other things about the person. So I type in that color, and it asks me to change the password, and then gives me full access to the gmail account.

bertstare.jpg

Second one I tried was a Yahoo account. First security question: "What is your middle name?" Didn't even have to look hard for that one. It WAS IN THE EMAIL ADDRESS ITSELF. Second security question: "What sorority are you in?" That took all of 10 seconds glancing at the persons FaceBook profile. Access granted, please change password, full access to account.

notsureifsrs.jpg

Third one I tried was also a Yahoo account. First security question: "What is the name of your oldest neice?" Browsing though some facebook photos of the person, one had the caption "Me and my neice [name]!! isn't she adorable!". So I put that name in, turns out she is the oldest. Second security question: "What was the make of your first car?" Look in the persons facebook albums, one is titled "My first car!", turned out to be a Mercedes. Typed that in, prompted me to change the password, and let me in.

isthisreallife?.jpg


You guys might be saying, "well whatever, I don't use my email for anything important, blah blah blah."

These questions are uncomfortably similar to security questions asked by banking and credit websites and other important online account. What would you do if one of those was compromised?

If you want to protect yourself, take a second look at all of the security questions across all of your online accounts. Most of the preloaded questions are bullshit, so if you have the chance to write your own question, DO IT! and ask something that ONLY YOU KNOW.

Next, take a look at your facebook profile. Best option? Deactivate/Delete it. However I know most people don't want to do that.

Just being "Friends only" isn't enough, as I've just shown, because that friend of that girl you talked with for 2 minutes at that party three years ago that you friend requested now has full view of your "friends only" account.

Ways to protect yourself on facebook:
Don't accept friend requests from people you haven't met in real life.
Become "facebook friends" with only actual friends.
Remove the following information from your profile:
-Date of birth (at the very least, the year)
-Hometown/Place of birth
-Links to Relatives (Important: if your mother is listed as your relative, and is divorced from your father, she is probably using her maiden name now, which is the most common security question for banking websites)
-All contact information (emails, phone, addresses, etc)
-Certain interests (If one of your security questions is "What is your favorite TV show", don't list that TV show anywhere in the "favorite tv shows" section of your profile, herp derp)

I hope you guys follow this advice because it's a scary world out there, and it's easier than ever to get information about anyone.

Dude, you SERIOUSLY need to get a fuckin' life!! I mean, hacking people's email accounts just to see if it can be done??

[86 IROC-Z]

Dude, you SERIOUSLY need to get a fuckin' life!! I mean, hacking people's email accounts just to see if it can be done??

life? wut dat is


Also I dislike using the term hacking for this sort of thing. 'hacking' to me denotes something that requires skill. A 12 year old could do what I did.

[LoneGunman]

life? wut dat is


Also I dislike using the term hacking for this sort of thing. 'hacking' to me denotes something that requires skill. A 12 year old could do what I did.

Ok, maybe "skill" is'nt your thing. But it does require a thought process that most 12 year olds don't posess, they are too busy trolling around on 4chan and chatroulette. But a 40 year old "Dateline Perv" would definitely appreciate your well thought out blueprint of how to attain info on people

[86 IROC-Z]

they are too busy trolling around on 4chan and chatroulette.

Hey, I'm not 12...

But a 40 year old "Dateline Perv" would definitely appreciate your well thought out blueprint of how to attain info on people

You really think predators are going to bother snooping through peoples email? Their targets aren't intelligent, no need for extensive cyber forensics, just pick up a value-size bag of candy and wait at a bus stop.

Oops, I guess I shouldn't have said that, since I'm giving criminals instructions on how to perform their trade.

[LoneGunman]

Predators are freaks! They think up all sorts of ways to get at people. Speaking of chatroulette, ever notice how many fat hairy guys are jerking off? Who do you think they are?

[Mr. Luos]

WTF is an avatar?