Crickets Chirping

mon qui si, mon qui d’où

Archive for the ‘socialnetworking’ Category

Social Engineering

with 2 comments

I bet my site gets hijacked for this. My karma is going down the shitter lately, so I hope you find this entertaining.

I was minding my own business just now when I was contacted by a stranger via IM. He wanted help with the “friendster password hack” – which isn’t real. It’s a joke. People still don’t get it after all these years. Yet it’s still my #1 google referral. :(

In a fit of juvenile pranksterism I decided to turn the tables and get him to give up his password. Sure enough, a mere seven minutes into it he hands his username and password over to me, a complete stranger.

Bonus: he reveals the userid of the girl whose account he wants to hack.

I did nothing with this information besides log in to make sure it worked.

2:36:23 PM [name omitted]: hi i saw ur addy @ your webblog
2:36:37 PM [name omitted]: and read about friendster hack...
2:37:03 PM banksean: and you want to hack some friendster password?
2:37:17 PM [name omitted]: my ex...gf
2:37:40 PM banksean: have you tried my 133t scripts yet?
2:37:58 PM [name omitted]: i didn't know such script
2:38:23 PM [name omitted]: can you help me pls...
2:38:28 PM banksean: sure
2:38:35 PM banksean: whats ur passwrd?
2:38:42 PM [name omitted]: before i know her password
2:38:45 PM [name omitted]: in what?
2:38:50 PM [name omitted]: my password?
2:38:55 PM banksean: yes for friendster
2:39:01 PM banksean: so my bot  can search your firends list
2:39:28 PM banksean: it tries different combos of words
2:39:30 PM [name omitted]: i don't have a friendslist
2:39:35 PM banksean: from your friends profiles and comments
2:39:46 PM banksean: but it needs to log in as you
2:39:57 PM [name omitted]: oh that's hard coz i don't have friends yet there
2:40:35 PM banksean: add her friends to your list
2:40:47 PM [name omitted]: she doesnt accept
2:40:57 PM banksean: no - not her, her friends
2:40:58 PM [name omitted]: i tried many times
2:41:04 PM banksean: do you have friends in common?
2:41:16 PM [name omitted]: no not at all
2:41:26 PM [name omitted]: but i know there username
2:41:39 PM [name omitted]: their usernames
2:42:14 PM banksean: okay so lets start with your username and password tho
2:42:30 PM [name omitted]: okay just wait
2:43:22 PM [name omitted]: mailto:[omitted]
2:43:30 PM [name omitted]: pw : [omitted]
2:44:05 PM banksean: okay did you get an email from friendster?
2:44:36 PM [name omitted]: now?
2:44:44 PM [name omitted]: what email?
2:45:57 PM [name omitted]: her name is [omitted] the one who view my profile

Written by banksean

May 1st, 2007 at 3:29 pm

Posted in Code,Funny,General,socialnetworking

No Image Images

without comments

A more-or-less random sample of default profile images from across the web:

43things
amazon
bebo
bluedot
care2
consumating
couchsurfing
cyworld
digg
dodgeball
essembly
etsy
facebook
facebox
flickr
friendster
hi5
hotsoup
instructables
itaggit
meetup
mog
msnspaces
myspace
newsvine
orkut
rediff
shadows
slideshare
stumbledupon
stylefeeder
swivel
tagworld
threadless
tribe
twitter
vox
wesabe
yahoo360
zebo

So many ways to say the same thing: I’m an actual human user of this site but I haven’t done the work necessary to differentiate my profile yet.

Why would I collect this list? I don’t know really. Something to do with how people are represented vs. how they choose to represent themselves online. For one thing I think it’s funny that the default profile photo is something that differentiates services from eachother visually, but it doesn’t differentiate between the users of a particular service at all. Is it possible to offer default photos that differentiate both? They would have to be stylistically similar enough to fall neatly into the visual feel of the rest of service, but also different enough from eachother to be usable as distinct visual indentifiers.

From another angle: Not everyone wants to use their actual photo for their profile on these services. Lots of people use one of the zillions of free avatar generators to create a distinct profile picture without being personally identifyable. The avatars are visually distinct from eachother individually, all derive from a shared set of visual motifs. See Yahoo Avatars (flat, hand-illustrated look) vs. Meez (3d, animated). Yahoo avatars look sorta like eachother, and Meez avatars sorta look like eachother by Meez avatars don’t look like Yahoo avatars.

From yet another angle: Instead of giving all profiles the same default image, some services vary it based on gender. For example see the Hi5 and Bebo default images listed above. Taking this a step further, you could vary the default image based on age or location. Actually, why not just generate a default image based entirely on what is known about the user, and have it evolve as more is known. For example you could make the profile photo become less and less saturated the longer the user goes without logging in, giving it the visual cue that this person is fading from the site.

The Shapes Project and VisualIDs come to mind.


4parts_samples3.jpeg


poster2004_thumb.png

There’s no point to this, I’m just rambling.

You know, if you really wanted to get users to customize their profiles sooner rather than later, you’d make the default image be goatse.


goatse.png

UPDATE- It occurred to me to make an all-purpose animated .gif out of these:

noimage_animated.gif

Written by banksean

December 12th, 2006 at 12:47 pm

Posted in interface,socialnetworking