Difference between revisions of "Talk:2388: Viral Quiz Identity Theft"

I was going to add in the old, old example of constructing your 'pornstar name' of first pet's name and (road you grew up on|mother's maiden name), but I see there's no real agreement which of the latter it is when I wanted to get it straight for editing in. MMN is probably better for "security question" purposes, but it predates The Eternal September anyway, before which it was more a party-thing rather than a security threat against BBS/Usenet/mailing-list users. 162.158.159.132 00:57, 21 November 2020 (UTC) (a.k.a. Frazier Derwent)

I briefly googled 'eternal september' and found it was a date when internet dialogue was swamped by new users. How did this relate to security questions? 108.162.219.248 12:08, 21 November 2020 (UTC)

It's a reasonable lower limit on when internet commerce became 'a thing' (and a large enough pool of potential marks, with everyday household access and not institution/corporate, to make it a profitable scattergun tactic). Though I'd have said a little bit later myself, there was no such obvious spike in potentially naive users as lucrative targets such as online banking started to be a thing. (And attack vectors tended towards things like malware-based login-scrapers in that era, in my experience.) Prior to then, though, any spear-phishing (not yet known by that name) would have been unlikely to have been achieved through the Porn-name Game, online, though perhaps it'll have been taken advantage of if brought up as an entertainment/ice-breaker at a physical social gathering, for traditional 'meatspace' fraud and personation crime, opportunistically. 162.158.154.83 15:21, 21 November 2020 (UTC)

Hairy tries to do something only to find that Black Hat did it far more efficiently - https://xkcd.com/1027/

Hmm... what exactly is the purpose/meaning of this sentence?

Even though White Hat is correct that there are public databases with lists of legal names and addresses, lots of online interactions take place in forums where people adopt pseudonyms.

I understand that the second part has to do with a strategy for doxing, which is fine, but why would it be appendaged to White Hat's strategy like that (and especially with an 'even though')? The entire paragraph following is just a description of how one could use this to attack the participant, but the whole point of the comic was to show that a brief Google search could give you the same results. If anyone could clear that up, it would be helpful. BlackHat (talk) 13:44, 22 November 2020 (UTC)

As you mentioned, White Hat's basic argument is there are already public databases of names and addresses. If that's all the information Hairy needs, then Hairy's more elaborate scheme is unnecessary. The quote you mention is a counterargument to White Hat's point: If Hairy is actually trying to steal the identity of some *specific* online users and all Hairy knows is a pseudonymous username like e.g. turnitup91, then Hairy can't find out anything more about them from the public databases alone. Hairy's more elaborate scheme may actually make sense in such a case.

And that's the purpose of the quote: Even though White Hat is correct about the public databases, that's not enough if you're trying to de-anonymize someone specific and all you have is a pseudonym. Gertuviti (talk) 15:53, 22 November 2020 (UTC)

Folks: do a little Googling. 420 69th, New York is the address of "The Church of the Dildo Dude" Cellocgw (talk) 16:27, 23 November 2020 (UTC)