Phishing Social Network Sites
Ha.ckers.org has posted an interesting interview with a phisher who makes a living hacking social networking websites. Of course, you have to take what the hacker says with a grain of salt, considering he is a criminal and goes by the anonymous name of “lithium”. That being said, it is still pretty interesting to hear from an 18 year old high school drop out who has stolen over 20 million IDs. He claims that once he has a user’s social networking password he can break into their email address or other accounts because “5 times out of 10 the person uses the same password for their email account.” Here’s a good tip: never reuse the same password.
Ha.ckers.org is a web-application security blog run by “security gods” RSnake and id. They post relevant and accurate information about current security issues. Also, not to be missed is the full-disclosure forums at sl.ackers.org.
Despite the growing threat, websites and applications are becoming more and more permeable leaving unsuspecting users at risk. The best way to defend yourself is to become aware of the techniques and capability of the attackers, and to practice strong security habits.