Llinking two recent posts seen elsewhere

  • Namechk.com (Check Username Availability at Multiple Social Networking Sites) bookmarked on delicious.com by Philippe
  • one possible use of the Facebook profile information: generating a good dictionary from fabebook-names-original.txt to brute-force password” seen on Twitter.com/adulau

Now use Namechk to find all combinations of >= 2 letters used on more than 1 service. I guess there is a high probability that two identical username strings on two different services belong to the same physical person. Look at their profile/activities/pages/whatever on the various websites, you have now a wonderfull network of knowledge about these people. I also guess that if a flaw is discovered in one of these services that allows to recover users passwords, you could use the same password on all the other services for the same username.

Or take Alexandre’s fabebook-names-original.txt items and sign in other services with them. You have now saturated the web2.0 space. People will need to be more creative to sign in now.

(ok, I know these service providers should have put some protection in place in order to avoid large-scale abuse of their services)

One thought on “Llinking two recent posts seen elsewhere

  1. Yet another link that comes in the mind of one of the two posts’ authors, the following story:

    According to this article the Facebook CEO used the following technique to attack profiles on rival social networking websites:
    * Use Facebook to search for members who said they were staff of the target (here a newspaper).
    * As admin of the social networking website, examine reports of failed logins to see if any of the members had ever entered an incorrect password into Facebook.
    * In the instances where they had, try using those incorrect passwords to access the members’ email accounts on another website.


Comments are closed.