I see the new timeline style pages don’t actually display who you are friends without being a friend, this seems to be a much safer option so kudos
facebook for finally fixing that however in return you have to fill in your life story lol
I will give an example of how I gained access to a friends’ account just for some food for thought to those not in the know which involved no
Sometime last year a friend said, "I bet you can't hack my facebook" I laughed and said you are the dumbest bloke I know course I can! lol
Well he deleted me from his page for the duration instantly making it a lot harder as I said he should, however…..
Step one, get back into his friends list so I can see all his pertinent info again.
To do this I crafted a fake profile using a good looking girls picture from the school he went to. He is in his 30s btw
Another trick would be to pick one of his friends then create a profile for a friend of that friend, will work best if it is their best friend, you
may find a profile photo showing target and best mate together on the old style pages which a lot have stuck with.
You may be able to appeal to the targets jealousy in that case as being friends with both enables them to see their public conversations in the news
feed by default settings I believe so they may think this is going to be handy.
Of course you could just be a random as facebook is a popularity contest to most and they just add anyone anyway.
Here we see Mark Zuckerbergs’ page which is new timeline style, ahh goody I know where he went to school and some of his other interests including
the name of his dog, Beast
Here is the old style pages, note you can see ALL their friends
Send friend request and hope it gets accepted, he fell for the hot female with the intro line Hi.... remember me from school? How you keeping?
So now I was back in and able to read his old comments and view his pictures and information.
So now I tried to log in as him and choose reset password, I did this during the night to give myself more time
It will say "password has been
Now I know which email I need to gain access to.
Repeat reset option on email account, hotmail his case it was postcode/DOB then security question, the example below is slightly different
DOB can be guessed by looking back to when everyone is saying happy bday if they have chosen not too display it and taking a guess at age if you cant
work it out from which school year they have chosen etc.
Postcode, go old skool and start looking in phone book in that area if you have to, using the assumption that they have stayed close to friends and or
Or go new technologies and you may find location info if being displayed via twitter etc. Just like Zuckerberg.
So then the security question, in his case it was "first car" Thankfully he had a nice picture of it on facebook or I would have taken a while
Voila im now in the email account and able to take control of facebook , online banking and anything else.
No skill whatsoever, just exploiting peoples curiosity and complacency, but facebook is certainly the weakest link given the sheer amount of
information which is "public"
PS even though Zuckerberg has set his page to private the following search query allows me to information from his profile anyway, I will be asked to
log in though if iI click the link. Looks like Mark has mostly "work friends" his timeline must be like watching paint dry!
I have not entered an actual search query, just his profile URL saying show me everything you've got from there.
This will show you all sorts including snippets of conversations lol whatever has been indexed by google at some point basically.
of course you could click images.... and that will give you some images from his page and I think, people who have commented or are friends pics.
Whoops, HUGE PRIVACY FAIL!!!
edit on 14-3-2012 by Maponos because: (no reason given)