Watch what you say about yourself

A hacker with a list of user names can start guessing passwords, but even at an automated level, making random guesses can be time-consuming. However, hackers have other resources, thanks to the popularity of Web 2.0 sites.

Among the less-technical procedures Kevin Johnson of Intelguardians uses is to take a trip through LinkedIn, Facebook and other social-networking sites, where profile pages can be populated with details such as a person's age, marital status, employer, hobbies and so on. The profiles could provide hints at possible passwords or answers to questions asked by the password challenge mechanisms many organizations use for people who have forgotten their passwords, Johnson said. Give the right answers and the program will grant you access.

Johnson wasn't speaking hypothetically. He gained entry to an organization's system by finding a MySpace profile of an employee who used that system. On her page, the employee professed a love for various hobbies. It turned out that one of the questions on her company's password challenge asked about these same entertainments.

Johnson successfully answered the question, reset the user password and went on to find valuable information in other parts of the internal network.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected