Watch what you say about yourself

A hacker with a list of user names can start guessing passwords, but even at an automated level, making random guesses can be time-consuming. However, hackers have other resources, thanks to the popularity of Web 2.0 sites.

Among the less-technical procedures Kevin Johnson of Intelguardians uses is to take a trip through LinkedIn, Facebook and other social-networking sites, where profile pages can be populated with details such as a person's age, marital status, employer, hobbies and so on. The profiles could provide hints at possible passwords or answers to questions asked by the password challenge mechanisms many organizations use for people who have forgotten their passwords, Johnson said. Give the right answers and the program will grant you access.

Johnson wasn't speaking hypothetically. He gained entry to an organization's system by finding a MySpace profile of an employee who used that system. On her page, the employee professed a love for various hobbies. It turned out that one of the questions on her company's password challenge asked about these same entertainments.

Johnson successfully answered the question, reset the user password and went on to find valuable information in other parts of the internal network.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Featured

  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.