site banner

Small-Scale Question Sunday for February 26, 2023

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

1
Jump in the discussion.

No email address required.

This comment I made about how hard/easy it is to find pseudonymous users online identities got me thinking about infosec.

So I spent the rest of the evening researching about OSINT tools and other methods to do bad things (This has the added benefit of implicitly letting you know how to not have bad things done to you, but knowing how to be safe won't necessarily teach you how to be dangerous).

I am not sure how feasible this is, but I checked some emails of people I know using https://haveibeenpwned.com/ and it tells you which databreach the email password combination was found in. So isn't all that remains to acquire the breached data hoping they don't use 2FA? Or am I missing something?

Anyways, back on the topic of infosec/osint, what are you favorite tools that you totally use for security reasons? I am interested in knowing any clever techniques you have heard being used or used yourself as well for/against all things infosec.

After reading that post I'd honestly pay one of you guys to pentest dox me, because better a friend than an attacker. Hadn't realized there were so many automated tools.

Admittedly I am terrible at doing this. My heuristic to gauge how easy someone would be to dox is;

  1. Obviously directly proportional to how much details they share about their personal life.

  2. Directly proportional to the volume of content they have online as well. It's really hard to have thousands of comments online without giving away at least some identifiable information. Combining little bits of information over a long period of time can effectively nullify not sharing detailed information.

But the above is just basic applied information theory/ deduction. I am looking to learn more but I am getting some pisstake useless stuff anywhere I look online, it's as if no one wants you to learn how to potentially do bad things, lol. Also those who do might not want to give away their tricks.

Nonetheless using the heuristic above, I'd wager 2rafas doxxer was just a standard issue doxer, but Daseindustries doxxer must have been an elder god. (Assuming both of them start from 0 information like I would have to, which often isn't the case if they are 2-3 layers of separation away from you)

It may very well have been a legit (above) average neurodivergent slav who had a bone to pick with our Russian friend. As a group, they seem to be quite handy with computers.