MichaelDance
Well-known member
I use AreYouAHuman and I don't get any spam.
Again. This is not restricted to forums. WIDEN YOUR SCOPE. Open your eyes.There's just one, huge, humungous hole in your argument. Hackers don't want access to the forum. They want access to the server. Knowing the answer to my Q&A question (it's False, by the way) isn't a security breach. Having it known by thousands of bots isn't a security breach. Having it known by hackers isn't a security breach.
@Carlos@Carlos
There was recently an add-on that allowed members to recover their account by setting up their own Q & A for their account.
Are you by chance maybe referring to this add-on and maybe getting confused?
*nods* mmmhm!I would assume in theory, that if a user made their Q & A real simple and easy to guess, then yes, someone could get a hold of their account and through this know their e-mail address (the one that was associated with that account).
Is this by chance what you are talking about?
Nope. My whole point is that Q&A isn't really good.@Carlos
There was recently an add-on that allowed members to recover their account by setting up their own Q & A for their account.
Are you by chance maybe referring to this add-on and maybe getting confused?
Self made Q & A's are a little like passwords... You don't want to reuse them and you don't want them to be so simple.*nods* mmmhm!
Nope. My whole point is that Q&A isn't really good.
Let's say my favorite game of last year was Modern Warfare 2, and the Q&A has a question from that game (I.E. Modern Warfare 2 in this instance), and a generic answer such as Special Forces (widely known, right?)... I put my favorite game in another service's Q&A like... "My favorite game is..." MW2. Hacker has access to my... e-mail account.
*facepalm.*
*nods* mmmhm!
Now, take that idea and have a thousand (ahem; millions of) Q&A submissions in your hands.
Nope. My whole point is that Q&A isn't really good.
Let's say my favorite game of last year was Modern Warfare 2, and the Q&A has a question from that game (I.E. Modern Warfare 2 in this instance), and a generic answer such as Special Forces (widely known, right?)... I put my favorite game in another service's Q&A like... "My favorite game is..." MW2. Hacker has access to my... e-mail account.
*facepalm.*
Ladies and gentlemen, we have a winner.Because in your example, the e-mail address would be on another server. And if you're using the same Q & A, that's just poor security on your part.
I'm going to ask this very politely. And I mean no disrespect at all.Ladies and gentlemen, we have a winner.
As my own person, I wouldn't do it, but you've got to consider the greater community of admins who aren't experienced with this stuff. So, you have to assume that this problem will go from forums, blogs, websites, to where their most important, their most treasured account.That's your own fault then for using the same secret question at two different places.
OK. Thank you for answering my questions.English is my native language, but people just don't understand where I'm going. I try to make a point, but people just think I've got all things confused.
I'm not exactly trying to go around the bushes, it's just that sometimes... It's better to prove a point, like the whole point, instead of just writing the obvious on the wall. I don't want to encourage what I'm saying [would happen]. Thing is, hackers prey on stupid, in-experienced, un-suspecting individuals.They wouldn't exactly come out and say the answer to something, but rather they would touch it around the edge and dance around the bush in hopes that the other person would connect the dots.
I don't think its to far outside the box.You are far more likely to be socially engineered (which is what Carlos is talking about) from those stupid Facebook "tell me about yourself" polls than a Q&A on a forum. The Q&A's on a forum are for single-point identification of the humanity of someone trying to register. No question would be, "What is my favorite sports team?" which could then be used for social engineering. That's a real stretch.
It's better to prove a point, like the whole point, instead of just writing the obvious on the wall.
You think I went in many direction. I think they're all relevant. Open. Your. Eyes.Honestly, after reading all of these posts, I still fail to see what point you are proving. Don't take that the wrong way, but you have went in so many directions with this, you never fully tied up one point.
To that, I respond:This whole thing reminds me of when ZoneAlarm first hit the streets and included a template to email back to providers that showed up in the logs. The problem is, EVERYTHING was getting logged and people were sending emails back to their own ISP asking why there were hacking attempts on their computer.
Oh? Those hits that were getting logged? DNS responses on port 53. It's for that very reason ISPs and hosting companies started to ignore those emails (rightfully so).
So now we have a bot that uses a database to answer simple Q&A responses on websites. And some are "ZOMG I'm gonna get hacked!" again.
If you're using the same question and answer from your forum on your email account, bank account, mistress account, whatever account, you deserve to get nailed. Just pack up your computer and send it back to the manufacturer for all our sake.
If you still don't get it, watch it happen in the next 5 or 10 years as companies, brands, websites fall behind the times. xrumer is going to be one of them.As my own person, I wouldn't do it, but you've got to consider the greater community of admins who aren't experienced with this stuff. So, you have to assume that this problem will go from forums, blogs, websites, to where their most important, their most treasured account.
That's the [kind of] scale that I'm talking about here.
We use essential cookies to make this site work, and optional cookies to enhance your experience.