So while sitting around drawing and casually watching Facebook update as Twitter ticks along pleasantly - my new triumvirate of hobbies :) - I noticed that the idea has come around again in the Facebook generation. Suprising, but I looked into it. There are Facebook pages dedicated to "What's your pornstar name", apps that "work out your pornstar name for you" and groups where people just post their pornstar names, with no other connective thread between users.
And it can be funny. It produces odd results, non-sequitur type of titles and phrases that you have then to imagine yourself, or other people you know, using those names as a sort of "Nom du Porn" in the title credits of some hideous third-rate porno to attempt to disguise your presence out of shame. An Alan Smithee shield for you, the pornstar.
My crudely photoshopped Facebook results.
Scams are weird. Scams as a way of life involve long, tedious trawling of thousands of people for that one or two that fall for it. Now, you can go for the "Bar Scams" that Brian Brushwood - a good skeptic, btw - popularises on Scam School to get a free drink or small change, but I'm talking about the long term idea, the attempt to hit it big, or even hit it medium enough times that it could feasibly be a living. Your Nigerian 419 Scam is one of those. Skimming or ripping off credit card numbers for small fees by the hundreds theoretically makes you thousands, all that kind of thing. Perhaps that was the aim of the recent PSN security compromise, perhaps not.
As an example, a colleague was recently trying to sell a relatively new car through an online sales service. Contacted by someone abroad, he was sent a cheque for far more than his asking price, in the wrong currency. This is the kind of thing that would take a couple of weeks to clear to his bank. He got an email from the buyer professing that it was an accident, and could he send back a cheque for the change, after which the buyer would arrange to collect the car. Luckily he had some good advice - not from me, but from another workmate who has enough common sense to urge caution. Sure enough, the original cheque wouldn't cash when processed. But if even a few people selling expensive, new cars online "bite" on that kind of scam, you make a few hundred or - in this case - a few thousand per bite, and spend minimal amounts setting it up.
Pretty tawdry though, right? Really time consuming and tedious, checking out sellers, making new accounts on online sales sites, getting barred, posting cheques, lather, rinse, repeat. But there has to be enough in it to keep it rolling. And I would imagine, as outlined in the fantastic book by Mishy Glenny, McMafia that it takes organised crime to make so many small amounts with so much effort "pay off", although there must also be many amateur efforts in play as well. So many looking for information about potential targets that if you leave information publicly available, one of them is bound to find it.
That's the usual side of finding a way around security, that we've all heard about or experienced many, many times. Trawling through morasses of data until you find the point where human error or laziness lets down the system designed to keep other information safe. It becomes easier and easier when the stakes are low, or the amount of people many. And there are a lot of people on Facebook. 500 million, according to their stats.
So, who cares about Pornstar names? Well, cast your mind back to registering your email account. Or maybe your Amazon account. Or your online banking details. They probably asked you to supply a security question. That was probably your mothers maiden name, the name of your first pet or your first address. Now, I'm no computer genius, although I'm certainly more than literate. Within 5 minutes of searching Facebook for "pornstar names" under "posts from everyone" and then checking the profile of the first couple of individuals who posted theirs, I could go to their email addresses, ask for the security question "forgot my password" access and - in 2 of the 5 cases I checked - be in a position to enter one part of their "pornstar names" for access.
I didn't though, I emailed them instead. So, if you see a friend post their pornstar name on a social network in particular, tell them to delete the post. Or at least make sure their security question doesn't match either part of the meme. Way back in 1995 or 1996, I registered for my first free web-based email, at eircom.net. It was the account that suggested my internet moniker when my real name wasn't available and my security question was my mothers maiden name. Years later, in a context where only acquaintances were privy to an online conversation about "pornstar names", my account was hacked and used for a tiny, malicious misdeed or two. Painful. But if it happened now, with my new account, the person would have passwords and confirmation codes for real money, as opposed to whatever detritus was in my webmail account.
Someone with some minions, internet access and patience could do some damage to, anecdotally, 2 out of 5 Facebook users. The moral of the story? Always be a little skeptical of even the most harmless-seeming memes, especially if they're being posted publicly.
PS. If you're free on Thursday and want something to do, the outstanding Dublin Skeptics only have BLOODY RICHARD BLOODY WISEMAN talking, FOR BLOODY FREE in The Exchange, Dublin at 21:00. If you're running there from Galway, you can hop in a Go Bus and be up within 3 hours or less. And if you're not keen on staying in Dublin, you can be on a bus back just after! Exciting. It's unlikely I'll be there because of work, but that's a great evening for 20 europes worth of travel money.
Value.
PPS. This post was also thrown together while I'm waiting for certain institutions to write back to me with information on certain questions I put to them. I guess you have to expect colleges etc to be somewhat slower during these summer months. But it is annoying.
No comments:
Post a Comment