Author Topic: Insecuriy of Facebook Security questions....  (Read 1224 times)

0 Members and 1 Guest are viewing this topic.

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Insecuriy of Facebook Security questions....
« on: October 29, 2014, 02:54:16 pm »
Okay so this is something I presume most of you know about but this does make me rather worried/entertained about how easy it can be to access someones Facebook account my simply changing the password...

So when you forget your facebook password you are usually give the option to receive an Email or a Cal/Text to confirm your identity.

But if you dont have access to these (if you have set up a security question) you can clikc 'No longer have access to these' and you can input your answer and voila you have confirmed your identity.

Now this is where its gets fairly insecure, If the question is simply 'What street did you live on when you were 8 years old?' Its not difficult to do a search to find a home address and this is similar to many of the questions, with basic Social Engineering you can have access fairly easily.

There is a 24 hour wait but this usually is no problem.

Any thoughts on how insecure social media is?

[Will add pictures as proof of concept if requested]
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline Killeramor

  • Peasant
  • *
  • Posts: 115
  • Cookies: 5
  • Programming tutor for Qbasic, and beginner C++.
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #1 on: October 29, 2014, 03:13:41 pm »
As all the Jocks say, "Pics or it didn't happen."
Knowledge is free. Share what you know, help others grow. We all start somewhere.

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #2 on: November 02, 2014, 04:31:59 pm »
I can't find the pics I had, if you have a look online I'm sure you will find what I'm on about
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline lady__godiva

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 1
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #3 on: November 03, 2014, 09:35:38 am »
What you are talking about is true. It's up to the user choosing an answer which isn't easy to guess. You are talking specifically about Facebook, but this is something that actually happens on most websites. More over i find interesting the most admins won't allow you (correctly) to bruteforce the login username/password, but will overlook how security question can be bruteforced instead.

So yea, security question relies too much on the user itself, which is a negative thing.
Everything's relative

Offline FinalFrontier

  • /dev/null
  • *
  • Posts: 15
  • Cookies: 0
  • | Internets Most Holy.
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #4 on: November 03, 2014, 01:58:03 pm »
Fuck the system, my favorite teacher isn't PieCat
Nortcele didn't like my | I'm new.

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #5 on: November 03, 2014, 09:15:29 pm »
Honestly guys this is nothing new, major, groundbreaking, etc. This was considered a skiddy fast n dirty way to access an email/facebook/etc like... 6-7 years ago? It still works of course because people need a way to reset account info, can you imagine if every idiot who forgot their password had to call facebook/google/apple directly? But it only gets you access to old info, you dont learn the password, and worst of all, it leaves tracks EVERYWHERE.

[hypothetical]
I mean yes, when I needed to reset an iphone my sister had bought in her infinte wisdom from some random pawnshop... and it was still password protected and had its old phone number.

I did simply reset the password to the email, so i could reset the password for apple ID, then clean up my tracks as best I could, and trusted that it was some dumb hick who would just assume he forgot his password.
[/hypothetical]
BUT, I wouldn't consider it for anyone who had even half a brain.
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline silenthunder

  • Royal Highness
  • ****
  • Posts: 700
  • Cookies: 23
  • Anpan.
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #6 on: November 04, 2014, 06:54:39 am »
LOL "I'll add pics if you ask"......"nevermind can't find them"


"Hacking is a lifestyle, a specific mindset, and it really is a lot of work." - Daemon

"Just wanted to state that this is just wicked social engineering at its best." - proxx

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Insecuriy of Facebook Security questions....
« Reply #7 on: November 04, 2014, 07:37:49 am »
Junk thread, closed.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage