site banner

Small-Scale Question Sunday for February 26, 2023

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

1
Jump in the discussion.

No email address required.

This comment I made about how hard/easy it is to find pseudonymous users online identities got me thinking about infosec.

So I spent the rest of the evening researching about OSINT tools and other methods to do bad things (This has the added benefit of implicitly letting you know how to not have bad things done to you, but knowing how to be safe won't necessarily teach you how to be dangerous).

I am not sure how feasible this is, but I checked some emails of people I know using https://haveibeenpwned.com/ and it tells you which databreach the email password combination was found in. So isn't all that remains to acquire the breached data hoping they don't use 2FA? Or am I missing something?

Anyways, back on the topic of infosec/osint, what are you favorite tools that you totally use for security reasons? I am interested in knowing any clever techniques you have heard being used or used yourself as well for/against all things infosec.

After reading that post I'd honestly pay one of you guys to pentest dox me, because better a friend than an attacker. Hadn't realized there were so many automated tools.

Admittedly I am terrible at doing this. My heuristic to gauge how easy someone would be to dox is;

  1. Obviously directly proportional to how much details they share about their personal life.

  2. Directly proportional to the volume of content they have online as well. It's really hard to have thousands of comments online without giving away at least some identifiable information. Combining little bits of information over a long period of time can effectively nullify not sharing detailed information.

But the above is just basic applied information theory/ deduction. I am looking to learn more but I am getting some pisstake useless stuff anywhere I look online, it's as if no one wants you to learn how to potentially do bad things, lol. Also those who do might not want to give away their tricks.

Nonetheless using the heuristic above, I'd wager 2rafas doxxer was just a standard issue doxer, but Daseindustries doxxer must have been an elder god. (Assuming both of them start from 0 information like I would have to, which often isn't the case if they are 2-3 layers of separation away from you)

Yeah, I found a relative's Reddit account just because something he wrote sounded like something he would say, and when I checked his posting history, everything matched: the city he lived in, his career, his other opinions, his family.

A few others were opportunistic. Scott Alexander it was because someone said he was easy to dox so I went looking and quickly found out who he was. A regular here I figured out because he said something about himself that was extremely specific and Googleable. He probably isn't trying to be very anonymous though. The hardest were some reddit mods of a certain subreddit where I was told that some of were involved in political parties, but eventually I found some of them describe their jobs and combining that with the cities they lived in was able to find their LinkedIn accounts.

So, I don't think I've figure it out who anyone was completely from scratch without having some reason to think I'd be able to figure it out. I've never used any fancy tools though.

It may very well have been a legit (above) average neurodivergent slav who had a bone to pick with our Russian friend. As a group, they seem to be quite handy with computers.