further victimizing, a victim

Authentication paradigms rely on the user to store and recall relatively intimate data. Such as your pet’s name, your mother’s maiden name and so on… Social networks encourage the sharing of such intimate data whether it be in a profile or in one os a number of seemingly innocuous utterances. This MSN article sketches out how one young hacker used this insight to workaround authentication barriers, and then serially intimidate victims.

While it is a sad and troubling situation, MSN does in this situation is in effect to blame the user for the safety of passwords. It is as though journalism in this case victimizes the victim a second time. Rather than raising a genuine inquiry, and thick description of the problems, which are remain hiding in plain sight.

…Bronk targeted his victims by searching Facebook for women who posted both their e-mail addresses and also personal information such as their favorite foods, their father’s middle names, their high-school mascots and their favorite colors.

Such details are routinely used in “identity challenges” when changes are made to online personal accounts. “Social engineering” scams, such as phishing scams, are designed to trick the victim into revealing this sort of information — but Bronk found it all right there on Facebook.

With it, Bronk could pose as a legitimate e-mail user, hit the “Forgot your password?” button, pass the identity challenge, change the password to one of his own and take over the e-mail account, locking out the victim.

via Facebook used to get to nude e-mail photos – Technology & science – Security – msnbc.com.

Advertisements

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s