SpaceUnknown 0 #1 December 12, 2002 Hey all, Well I was searching for some files using KaZaa, and, *again*, I find someone sharing their whole hard drive! Never fails to amaze me! So since I had nothing better to do, I thought I'd see how bad this could get. I first sort the filename column and one by one look at the file names (skipping through the average windows stuff, dlls etc). I discover he uses Outlook! Bingo. I download outbox.dbx, folders.dbx, inbox.dbx, deleted items.dbx etc. Opening them in notepad, I find he's 32 years old, white, lives in New York state and in ****** ****** City, and in his words “cute”, quoting some email to an escort website for price info for those lonely nights. And yes, they do come directly to your home, for those of you who are interested. So now I now have his email address (ISP assigned email), his first name, city, state, and age. Oh and that he trades mutual funds. Scrolling through the list I find he’s using Windows 98. I think “hey, lets see if he has a windows password file”, I skip down looking for his first name and find *******.pwl “Cool” I think, and download it right away. Now I also have his Internet connection password and login. I also know he uses Verizon DSL! Continuing on the search, I figure well, what the heck and decide to see whats in the mail. I go to verizon.com and go into their support area under email settings. Interesting, the incoming mail POP3 server name is: incoming.verizon.net I open outlook and add an account under his name. I make sure I check the box “Leave mail on server”, then set the mail server settings, his login and his password. I click Send and receive and WOW! It worked! Although, nothing very interesting other than spam. Well my next lead, is the spam. Weird! Only 11 emails all from the same place. I guess he likes to buy books and stuff. Email reads: “Hello, *******, we have great savings to pass on blah blah blah. Click here to check out these amazing offers.” It was obvious this guy is a newbie to file sharing and online shopping – never fill out that crap about what your interests are! So I hit a dead end as the website asks for a password. BUT WAIT! What’s this little link? “Click here to retrieve your password” So I go Click! Enter your email it asks, and so I tap it in to make it happy, and boom email arrives in my inbox. I now have his login and password for the website. I login and click on account info. Now I’m thinking “Holy shit! Am I gonna see what I think I’m gonna see?” Gee, all in a half an hour and I now have his first and last name, his address, city, state, postal code, phone number with area code and his birth date. Now I’m thinking okay enough with the personal stuff. I scroll down expecting to see a credit card number etc. but luckily for this guy nope! Not yet anyways for those more determined than me! I find all about his interests and other personal stuff like income bracket, marital status (He’s single ladies! And makes between $35K-$49K), lives in a rental unit of either and apartment or condo, and a few other stuff. So enough of that. Well what else could I get? I do a search on google for his name, only finding a college student with the same name. So I give that up and go for ussearch.com and after a few trys got a hit. The only thing that came from this was that it verified everything I already know, however I now have a middle name initial. And if I really wanted, spend money and get incredible amounts of info. Well so far, in an hour or so of work, that’s pretty good. Of course, I now have 2 passwords, and 2 email addresses (one of which I used to get other passwords). I have access to his ISP assigned email and connection, his profile - which by the way is enough to get the rest of the required ID to steal his identity. I also know from emails that I downloaded through Kazaa, that, like any guy I guess, has had porn emailed to him (everything from images to movies). Now, a hacker could the exploit this by sending him a program through email saying its porn (and be very sure he’ll run it) which opens a backdoor allowing for more access to his computer and leading or being used for other attacks etc. I could go on and on, and probably get even more info on him that more important and private, but why? That wasn’t the point of this. I have no intrest other than what could have happened if I was a bad dude. He has an open door, allowing anyone from terrorists, hackers, and the strange, surf right into his life, completely unaware of how much damage he has or potentially has created for himself. I just thought I’d mention to everyone to please be careful how you use these programs! With identity thefts occurring more and more every year, you cannot afford to mistakenly allow these things to happen. Think of the internet as massive shadow and although you might hear and even see someone prowling around your home at night, the shadow casted by the internet is much more dark, very quiet and is called home to malicious users of any type all hours of the day! Use firewalls, use file-sharing applications properly and only from trusted sources, use virus scanners, keeping them up to date! And most importantly protect yourself as you do skydiving! Double check or think about the settings and things you do on the Internet because after all, your life, can be in someone else’s hands. Sorry for the long post, I figured if I told you how I did it, it might help people here, and hopefully OPEN some eyes to the possibilities and threats that you can protect yourself from. Happy and safe surfing, James AAAAA - American Association Against Acronym Abuse. Quote Share this post Link to post Share on other sites
freeflir29 0 #2 December 12, 2002 Why...you aren't near as vicious as some of those 12 year olds out there. Quote Share this post Link to post Share on other sites
Sonic 0 #3 December 12, 2002 Just did a search and I found 2 people sharing EVERYTHING within 1 -2 minutes. Just shows how many people are not aware.----------------------------------- It's like something out of that twilighty show about that zone Quote Share this post Link to post Share on other sites
SpaceUnknown 0 #4 December 12, 2002 Now all you have to do is find the key files... heh don't even need to know there email address and passwords since you can download the outlook (or other) databases... Scary shit, James AAAAA - American Association Against Acronym Abuse. Quote Share this post Link to post Share on other sites
Michele 1 #5 December 12, 2002 Quote Just did a search and I found 2 people sharing EVERYTHING within 1 -2 minutes. Just shows how many people are not aware. O.K., so we all know I am about as computer savvy as a lettuce leaf. I don't go on sites like that because of that concern. Consequently, I don't get to use sites like that, either. And I would have no idea if I was doing that, you know? None at all. Teach me, the lettuce leaf, how to not share my whole life like that. I use a firewall, have my weekly virus scan, etc., but how does that protect me, and how can I take better measures? Not like I have porn or anything on my 'puter (you believe that, right???)....but I do have lots of stuff I wouldn't want to see out there. Thanks a lot, folks... Ciels- Michele ~Do Angels keep the dreams we seek While our hearts lie bleeding?~ Quote Share this post Link to post Share on other sites
kingbunky 3 #6 December 12, 2002 did you let the guy know?"Hang on a sec, the young'uns are throwin' beer cans at a golf cart." MB4252 TDS699 killing threads since 2001 Quote Share this post Link to post Share on other sites
ernokaikkonen 0 #7 December 12, 2002 Michele, the problem described here mostly concerns people who use file-sharing programs like Kazaa. If you're not into trading pirated software and movies, you should be fine. Quote Share this post Link to post Share on other sites
Michele 1 #8 December 12, 2002 QuoteIf you're not into trading pirated software and movies, you should be fine. But, what if I wanted to? I keep hearing about those music sites, but never would use them because of the potential to my 'puter....of course, that's "stealing" so I dunno, but still... Ciels- Michele ~Do Angels keep the dreams we seek While our hearts lie bleeding?~ Quote Share this post Link to post Share on other sites
freeflir29 0 #9 December 12, 2002 Quote of course, that's "stealing" so I dunno Yep....and the internet Gestapo will track you down like the filthy vermin you are.... Quote Share this post Link to post Share on other sites
SpaceUnknown 0 #10 December 12, 2002 The problem mainly comes from sharing just too much information. In KaZaa, there is a button that allow you to search your hard for files, although I’ve never tested it, I’d guess the button just activates folders to share – even if you decided to save your financial or personal files there. The website tip on not filling out optional information is just so they can’t target your with spam or be used against you *if* the chance appeared. Buying stuff on the Internet is safe and keeping with high profile companies like amazon or whatever, is okay. Personally I find typing in my credit card annoying but I’d rather do that for every purchase than trust their user databases and besides, like what I did above, that guys lucky that the website never offered to hold that information – cause I would have had it. Virus software is surprisingly easy to use these days and tend to do the work for if you can a steady connection to the internet like cable. Most are set to check every night and update weekly automatically. Firewalls can be tricky, and personally I think you really only need one if your online all the time, again like cable or are VERY frequent online. Windows XP has a built in software firewall and IIRC it’s set to ON by default. For those that aren’t geeks, firewalls close internet ports. You can think of the ports as doorways into your computer. Hackers probe computers looking for open ports and use them to gain access. Like above, the email a hacker could send to him *could open* a port and listen for special commands allowing access for those who know the key to the open door. Ernokaikkonen beat me too it. ;) As for letting him know, not yet. I’ll send him an email using a fony address from some computer in the boonies, incase he decides to try to report me... James AAAAA - American Association Against Acronym Abuse. Quote Share this post Link to post Share on other sites