Welcome to my Information security & Ethical hacking blog …. Threats for information security two types...
1.Technology based
2.Human based
Technology based are such as Mal ware,Infrastructure Vulnerabilities And Application Vulnerabilities.
Human vector are such as Social Engineering, Shoulder surfing,Data Leakage.
I think human vector is the weakest chain in the chain of security. I prefer to hack a Email Id account with human vector but not technology.
Assume If I want to hack my friend's Yahoo mail account..., Hacking Yahoo servers is a tough task to me and I even I don't know how many years it takes to hack his account....In addition to that I have to face strong opposition from Ethical Hackers of Yahoo.
So in this case I have to prefer a key logger to install into his system... But I don't have access to his system... Finally I think it is good to reset his password by answering his two stupid questions...
So I know his mail ID, that is the first information I have with me... I placed it to user name and clicked on account is not accessible then reset password.
Stupid yahoo asked me for answering two questions about my friend.
First question is “What is my primary school name?”
My challenge is to know his primary school name to answer Yahoo question... In-fact I don't know his primary school And I met him in my engineering days So there no way to know that....
So started thinking of it...... Viola... I got it... I know his orkut profile where he mentioned his school name in public profile.... Got it and answered it....
Now it is turn of second question ”What is my pets name?”
Human brain stores every thing in relative memory passion....For example what are you doing on September 11 2001... It is tough to recollect the data... But If I asked what are you doing , When you heard the twin towers collapsed... You can answer a little at least...
That is how brain stores every thing in relative passion... Coming back to our second question....
I need to know his pets name..... So called him as causal call after 3 days...
Our conversation has gone like this...
Mahesh: Hello...
My self: Hi Mahesh... How are you...
Mahesh: Hi Krishna,I am fine.. How are you..
My Self: I am fine... How are the days...
Mahesh: Every thing is cool buddy and......
After a little causal talk..
My self: I wanna buy a new dog... Which breed do you suggest?
Mahesh: Go for Pomeranian puppies.. Low cost and they will easily make friendship with human...
My self: Ohh, and The one you have is Pomeranian?
Mahesh: Hmm I have two. one “JUJU” which is Pomeranian and the other “CANDY” which is
Chippiparai breed....
My self: Ohh good I will go for Pomeranian...
And a little discussion about other things....
Viola …!!!! I got the Information with out asking a word about his pets name.....
So Simply I used JUJU as his pets name in first attempt and got success to reset his password...
The whole scenario took 15 mins of my time with Rs 3.00.. my call charge...
Hacking is this cheap If you start using human vector........
After this episode I wanna acknowledge one of the incident from Indian ethics “Ramayana..”
“When Ravana trying to kidnap Sita, Sita was inside a strong protection called Lakshmana Rekha, Which technically enough strong to protect Sita and not breakable by Ravana. But Ravana used human vector by acting as beggar to deceive the Sita and let her come out by her own.. Even today the scenario is the same that hackers using to deceive the people.”
Even there is nothing much to deceive, Even How many of us used or using password, 123456, 12345678, qwerty, abc123, monkey, 1234567,letmein,trustno1, dragon, baseball,111111,iloveyou, master,sunshine , ashley , bailey, passw0rd,shadow, 123123, 654321,superman, qazwsx, michael, football...... How easy to guess these passwords ….Even our mobile number ,current month or lover name husband name ….. It is a big list............
In My blogs I intended to educate a common Internet user to protect them-self from attackers...
Enjoy Reading and have a nice day...........................