Authentication paradigms rely on the user to store and recall relatively intimate data. Such as your pet’s name, your mother’s maiden name and so on… Social networks encourage the sharing of such intimate data whether it be in a profile or in one os a number of seemingly innocuous utterances. This MSN article sketches out how one young hacker used this insight to workaround authentication barriers, and then serially intimidate victims.
While it is a sad and troubling situation, MSN does in this situation is in effect to blame the user for the safety of passwords. It is as though journalism in this case victimizes the victim a second time. Rather than raising a genuine inquiry, and thick description of the problems, which are remain hiding in plain sight.
…Bronk targeted his victims by searching Facebook for women who posted both their e-mail addresses and also personal information such as their favorite foods, their father’s middle names, their high-school mascots and their favorite colors.
Such details are routinely used in “identity challenges” when changes are made to online personal accounts. “Social engineering” scams, such as phishing scams, are designed to trick the victim into revealing this sort of information — but Bronk found it all right there on Facebook.
With it, Bronk could pose as a legitimate e-mail user, hit the “Forgot your password?” button, pass the identity challenge, change the password to one of his own and take over the e-mail account, locking out the victim.