Thread: Password security
View Single Post
03-06-2007, 12:44 PM
 #9
Impluo is offline Impluo
Status: We're all mad here
Join date: Aug 2005
Location: Missouri
Expertise: programming
Software: Notepad
 
Posts: 1,606
iTrader: 0 / 0%
 

Impluo is on a distinguished road

  Old

I think it's funny when people create these "hard" passwords but then for their secret question they just use some random piece of personal information. Something that isn't too personal and their friends would probably know the answer if they ever bothered to look into the secret question on their friends account.

I used to play a game with scammers back when I played the game Diablo II if I saw a scammer trying trick people and steal others' accounts (and there was no shortage of them, they were all over that game). I'd start talking to the scammer. I'd eventually have them give me their email address and then if it was a MSN or Hotmail email address I'd open up Hotmail and hit forgot password. If that person chose to reset the password by secret question I'd click that link to see what the secret question was.

I'd search google for that email address and see if it brought up any results (forums, personal pages, etc.) People put too much personal information online

If their question had to do with their mother/father I wouldn't bother asking them about it, if their secret was favorite color I could guess it without even talking to them anymore, and if it was anything like Favorite movie, My dogs' name, Birth place, etc I'd either find it on pages I found with Google or I could continue talking to them and eventually I could extract the answer I need without making myself look too suspicious after gathering that information among other things such as current location if they live in the US and it if they don't live in a city I'll be able to get their zip code with ease. If it is in another country that makes it easier since I will only need they country and nothing else for location on MSN/Hotmail.

From there I'd enter the data. Country, State (if the country was US), Zip Code (if the country was US) and the secret answer. If all the data matched I'll be able to change the password and then enter the account. If it is their main email address most of the time it will hold old email to places they have registered such as forums and sometimes those places like to send you an email when you register telling you the password and username you registered with.

Based on what usernames and passwords you see in that persons' email you will probably see a certain topic they are interested in the usernames and/or passwords.

If I saw keywords and then some random letters/numbers after if it I will look at the persons' info they registered with. First/Last name, Street Address, Birthday, Phone Number. Most of the time it'd be a combination or their initials and the date of their birth tacked onto the beginning or end of their password.

If bits of that info match up in their various passwords I have a good idea how they build their passwords in case it wasn't one of the passwords I found in their email. Then I login to their D2 account, change the password and then log back onto my account. They aren't happy when they find out what it is like to lose their precious account and they had no idea that it was me behind it the whole time

That is just one of the many games I'd play with scammers to take away their account. I think I liked doing that more than actually playing the game
That whole process could take anywhere from minutes up to a few days (few days if I wanted to build a friendship with the scammer. I had better games to play when I built a friendship with the person