Scare of the day:
Aug. 19th, 2008 08:46 pmBig Sis's Facebook account got hacked and she ended up spamming her friends' profiles. Oops. I know this can happen and has happened with LJ-accounts as well, and now I was left wondering: How do they do this without the obvious answer of spyware or not being logged out on a public computer?
Let's try it this way:
Date: 2008-08-20 04:43 pm (UTC)Here's a completely made-up way of doing this:
I guess a hacker could write a program that attempts logging in and going through a list of frequently used passwords or other not quite randomly selected words. This is why it's a good idea to have a pretty random password preferably with some numbers.
Re: Let's try it this way:
Date: 2008-08-20 04:44 pm (UTC)If you have enough resources I'm sure you could try this with several accounts at once until you strike lucky. I imagine this whole method would probably be easily detectable, because of the spike in traffic from one source, but I'm sure you could perfect your program by going through different proxies and by not concentrating on one account alone and thus hiding in the huge amount of traffic that facebook generally gets.
Re: Let's try it this way:
Date: 2008-08-20 04:44 pm (UTC)This could be how it is done or it's just my vivid imagination.
Now, if your sister had a very unusual password that combines random letters and numbers then I'm stumped but I guess that even that can be breached given the right amount of resources and time.
Is this Twitter or what?
Re: Let's try it this way:
Date: 2008-08-20 06:10 pm (UTC)I don't know what kind of password Big Sis had previously, but it had to be one she could remember well...