Today I was catching up with the Full Disclosure mailing list and read a conversation that was both funny and worrying at the same time.
A man requested for the user name and password of both his wife’s and daughters of their facebook, email and myspace accounts on the mailing list. The reply that came on the request was hilariously.
“Why not just ask her?
Hope you don’t mind: I forwarded your mail to email_at_yahoo.com”
So now his wife knew he was asking people to hack her account.
Then the worrying part came in to play. One of the guys on the list googled his name ( the dumb ass had given his real name ) and found a police report which stated that he was suspected of violating a restraining order. A reverse lookup of his IP address revealed he was indeed located in the city the restraining order was issued. Luckily they reported the incident to the local police through a web form.
But what if he had not been that ignorant, and he had found a forum where people had helped him? He then could have access to their online agenda and known where his wife and child would go to all the time.
This lead me to think: He might also be searching for them on the internet. Adding them on facebook or other social communities with another name.
He may have had a restraining order in real life, but how to restrain someone from stalking on the Internet?
Tags: linkedin