Comments for Attack Vector

Comment on Invasion of Privacy. by Skipjake

Skipjake — Sun, 18 Dec 2011 16:52:27 +0000

That’s what I’m talking bout. Well done!

Comment on Invasion of Privacy. by Sarah

Sarah — Tue, 13 Dec 2011 23:56:24 +0000

This was the best example I’ve ever seen of how easy it is for anyone–no need to be a hacker or have a cs degree–to uncover someone’s identity. I work at an online privacy startup and we talk about this sort of thing all the time, but to see such a clear illustration of it was brilliant. It’s hard to convey to people why privacy matters, but you, sir…you just did it.

Comment on Invasion of Privacy. by Paul

Paul — Tue, 13 Dec 2011 14:59:33 +0000

Great article, even if it’s about a scumbag spammer called Steve (reference http://knowyourmeme.com/memes/scumbag-steve )

I think this article should be shown and explained to every kid when they are starting off on the internet. What Matt has done here is really subtle, by taking small pieces of info, and putting them together you can unlock a whole load of ‘private’ or assumed private information. Just because you set your profile to private on some website, still doesn’t guarantee that the info will be stored securely.

One other part of getting info that people forget about is just by asking. Example, you find Steve’s phone & wallet, you find out his wife’s number, send her a SMS saying, “hey honey, I’m drawing a blank at the ATM, my PIN is 3838″ and wait to see what you get back.

Paul

P.S that comment for dressing gowns is just some fancy comment spam.

Comment on Invasion of Privacy. by Eric

Eric — Tue, 13 Dec 2011 11:57:27 +0000

Not to be a creeper, but I was seeing someone online who was all lovey dovey but always very secretive. Using only a first name and a username I was able to find out things like full name, spouse info (yeah spouse… lame), address, previous addresses, house value, property info, family and relatives, hell, even political contributions. (all for free)

If there is one thing I could say to people to protect their anonymity, it’s that using the same usernames/emails/passwords on various websites altho handy can be your downfall. All it takes is people cracking your secret question on e-mail (which sadly I am guilty of) and they can now retrieve passwords to that e-mail on all sorts of accounts you may have. (which i have not done).

I mean its scary.

Comment on Brute Force with THC Hydra by nikt0

nikt0 — Tue, 13 Dec 2011 05:47:50 +0000

Large password list is available from http://dazzlepod.com/uniqpass/; pretty useful for an effective large scale dictionary attack!

Comment on Bypass MAC Filtering on Wifi Networks by Xero

Xero — Wed, 30 Nov 2011 18:00:43 +0000

Will try, thanks!

Comment on Old school Google hacking++ by skygear

skygear — Mon, 21 Nov 2011 18:40:29 +0000

nice post, Thank’s for share.

Comment on Invasion of Privacy. by Tristram Brelstaff

Tristram Brelstaff — Sun, 13 Nov 2011 16:55:42 +0000

“Yes, I realize the names are still shown in the images, but they’re not indexed by Google.”

Google does actually extract text from images so the names will probably still be indexed.

Comment on Invasion of Privacy. by Joe

Joe — Sat, 12 Nov 2011 23:45:06 +0000

You forgot the real estate part. Armed with a name you can dig up all sorts of stuff about people on zillow and elsewhere – who sold what house, at what price, etc.

Comment on Brute Force with THC Hydra by ramster

ramster — Mon, 07 Nov 2011 16:35:32 +0000

Hey buddy great stuff any chance on telling me more about the nmap –script=smb-enum-users 192.168.0.3 -p 445|perl -le ‘while(){if(/^.*?\\(\w+)\s+.*/) { print “$1″; }}’ >> userlist
script as i have tried and tried and cant get any user data from any servers.

Would like to understand it a bit more,

Thanks!