0
SpaceUnknown

Protect your privacy!

Recommended Posts

Hey all,

Well I was searching for some files using KaZaa, and, *again*, I find someone sharing their whole hard drive! Never fails to amaze me! So since I had nothing better to do, I thought I'd see how bad this could get.

I first sort the filename column and one by one look at the file names (skipping through the average windows stuff, dlls etc). I discover he uses Outlook! Bingo. I download outbox.dbx, folders.dbx, inbox.dbx, deleted items.dbx etc. Opening them in notepad, I find he's 32 years old, white, lives in New York state and in ****** ****** City, and in his words “cute”, quoting some email to an escort website for price info for those lonely nights. And yes, they do come directly to your home, for those of you who are interested.
So now I now have his email address (ISP assigned email), his first name, city, state, and age. Oh and that he trades mutual funds.

Scrolling through the list I find he’s using Windows 98. I think “hey, lets see if he has a windows password file”, I skip down looking for his first name and find *******.pwl “Cool” I think, and download it right away.
Now I also have his Internet connection password and login. I also know he uses Verizon DSL!

Continuing on the search, I figure well, what the heck and decide to see whats in the mail. I go to verizon.com and go into their support area under email settings. Interesting, the incoming mail POP3 server name is: incoming.verizon.net
I open outlook and add an account under his name. I make sure I check the box “Leave mail on server”, then set the mail server settings, his login and his password. I click Send and receive and WOW! It worked! Although, nothing very interesting other than spam.

Well my next lead, is the spam. Weird! Only 11 emails all from the same place. I guess he likes to buy books and stuff.
Email reads: “Hello, *******, we have great savings to pass on blah blah blah. Click here to check out these amazing offers.” It was obvious this guy is a newbie to file sharing and online shopping – never fill out that crap about what your interests are!
So I hit a dead end as the website asks for a password.
BUT WAIT!
What’s this little link? “Click here to retrieve your password” So I go Click!
Enter your email it asks, and so I tap it in to make it happy, and boom email arrives in my inbox. I now have his login and password for the website.

I login and click on account info. Now I’m thinking “Holy shit! Am I gonna see what I think I’m gonna see?” Gee, all in a half an hour and I now have his first and last name, his address, city, state, postal code, phone number with area code and his birth date.

Now I’m thinking okay enough with the personal stuff. I scroll down expecting to see a credit card number etc. but luckily for this guy nope! Not yet anyways for those more determined than me! I find all about his interests and other personal stuff like income bracket, marital status (He’s single ladies! And makes between $35K-$49K), lives in a rental unit of either and apartment or condo, and a few other stuff.

So enough of that. Well what else could I get? I do a search on google for his name, only finding a college student with the same name. So I give that up and go for ussearch.com and after a few trys got a hit. The only thing that came from this was that it verified everything I already know, however I now have a middle name initial. And if I really wanted, spend money and get incredible amounts of info.

Well so far, in an hour or so of work, that’s pretty good. Of course, I now have 2 passwords, and 2 email addresses (one of which I used to get other passwords). I have access to his ISP assigned email and connection, his profile - which by the way is enough to get the rest of the required ID to steal his identity.

I also know from emails that I downloaded through Kazaa, that, like any guy I guess, has had porn emailed to him (everything from images to movies). Now, a hacker could the exploit this by sending him a program through email saying its porn (and be very sure he’ll run it) which opens a backdoor allowing for more access to his computer and leading or being used for other attacks etc.

I could go on and on, and probably get even more info on him that more important and private, but why? That wasn’t the point of this. I have no intrest other than what could have happened if I was a bad dude. He has an open door, allowing anyone from terrorists, hackers, and the strange, surf right into his life, completely unaware of how much damage he has or potentially has created for himself.

I just thought I’d mention to everyone to please be careful how you use these programs! With identity thefts occurring more and more every year, you cannot afford to mistakenly allow these things to happen. Think of the internet as massive shadow and although you might hear and even see someone prowling around your home at night, the shadow casted by the internet is much more dark, very quiet and is called home to malicious users of any type all hours of the day!

Use firewalls, use file-sharing applications properly and only from trusted sources, use virus scanners, keeping them up to date! And most importantly protect yourself as you do skydiving! Double check or think about the settings and things you do on the Internet because after all, your life, can be in someone else’s hands.

Sorry for the long post, I figured if I told you how I did it, it might help people here, and hopefully OPEN some eyes to the possibilities and threats that you can protect yourself from.


Happy and safe surfing,
James

AAAAA - American Association Against Acronym Abuse.

Share this post


Link to post
Share on other sites
Quote

Just did a search and I found 2 people sharing EVERYTHING within 1 -2 minutes. Just shows how many people are not aware.



O.K., so we all know I am about as computer savvy as a lettuce leaf. I don't go on sites like that because of that concern. Consequently, I don't get to use sites like that, either. And I would have no idea if I was doing that, you know? None at all.

Teach me, the lettuce leaf, how to not share my whole life like that. I use a firewall, have my weekly virus scan, etc., but how does that protect me, and how can I take better measures?

Not like I have porn or anything on my 'puter (you believe that, right???)....but I do have lots of stuff I wouldn't want to see out there.

Thanks a lot, folks...

Ciels-
Michele


~Do Angels keep the dreams we seek
While our hearts lie bleeding?~

Share this post


Link to post
Share on other sites
Quote

If you're not into trading pirated software and movies, you should be fine.



But, what if I wanted to? I keep hearing about those music sites, but never would use them because of the potential to my 'puter....of course, that's "stealing" so I dunno, but still...
Ciels-
Michele


~Do Angels keep the dreams we seek
While our hearts lie bleeding?~

Share this post


Link to post
Share on other sites

The problem mainly comes from sharing just too much information. In KaZaa, there is a button that allow you to search your hard for files, although I’ve never tested it, I’d guess the button just activates folders to share – even if you decided to save your financial or personal files there.

The website tip on not filling out optional information is just so they can’t target your with spam or be used against you *if* the chance appeared. Buying stuff on the Internet is safe and keeping with high profile companies like amazon or whatever, is okay. Personally I find typing in my credit card annoying but I’d rather do that for every purchase than trust their user databases and besides, like what I did above, that guys lucky that the website never offered to hold that information – cause I would have had it.

Virus software is surprisingly easy to use these days and tend to do the work for if you can a steady connection to the internet like cable. Most are set to check every night and update weekly automatically.

Firewalls can be tricky, and personally I think you really only need one if your online all the time, again like cable or are VERY frequent online. Windows XP has a built in software firewall and IIRC it’s set to ON by default. For those that aren’t geeks, firewalls close internet ports. You can think of the ports as doorways into your computer. Hackers probe computers looking for open ports and use them to gain access. Like above, the email a hacker could send to him *could open* a port and listen for special commands allowing access for those who know the key to the open door.

Ernokaikkonen beat me too it. ;)

As for letting him know, not yet. I’ll send him an email using a fony address from some computer in the boonies, incase he decides to try to report me...

James:|


AAAAA - American Association Against Acronym Abuse.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0