Security Questions Strike Again

I can’t seem to wrap up this security jag.  Stuff keeps happening.

This article highlights again why secret questions are a bad idea.

In a cautionary tale for users of social-networking sites, a California man has admitted using personal information he gleaned from Facebook to hack into women’s e-mail accounts, then send nude pictures of them to everyone in their address book.

Prosecutors said Bronk would scan women’s Facebook accounts looking for those who posted their e-mail addresses. He would then study their Facebook postings to learn the answers to common security questions like their favorite color or father’s middle name.He contacted the women’s e-mail providers and used the information to gain control of their accounts. He also often gained control of their Facebook accounts by hijacking their passwords…

There are at least three lessons here (if you find this alarming)

  • Don’t share passwords across accounts (Bronk stole email passwords and used them to hijack Facebook accounts)
  • Don’t give real answers to the security questions. (Bronk used the security questions to get email account passwords)

and finally,

  •  Don’t store compromising pictures of yourself on a web mail server. (duh)

Comments are closed.