Posted on

Social Engineering on Social Networking…

Its been a long while since I’ve posted anything, but in todays news how many of you out there are on Facebook and how many of you like to respond to these little gems:

“Red mushroom burger”

Or perhaps statuses that ask you to cut/paste in your answers:

Thursday Night fun… Six names.

Real Name: Michelle Sullivan

Soap opera name (middle name and street you live on): Isabelle Hemel

Star Wars name (first 3 letters of your last name, first 2 of middle, and last 2 of first): Sulisle

Superhero name (colour of shirt and item to your right): Grey mouse

Goth name (Black and pet name): Black Melody Pond

Rapper name (Lil and last thing you ate): Lil mushroom burger

Copy, paste and change if you wish to play too!

 

Both of these two things together often give enough information to people like me to enable me to steal from you, like stealing your Facebook account or your Hotmail account, or perhaps your iCloud account which then gives me access to your phone, location and photos… Maybe even your bank accounts….

Consider how many sites you visit and put in a load of details to ‘sign up’ and how many of those sites ask for additional security questions incase you forgot your password, then consider how much information you put in your Social Networking accounts that others can view…

One of the favourite questions always used to be ‘What is your mothers maiden name?’, and still is for many banks.  Here’s the problem in a nutshell: many people now have Facebook accounts and the parents of those people usually have Facebook accounts as well and how many of you have seen friends’ parents with names on Facebook such as, “Mary Johnson (nee Knowles)”.  Then how many look at the profile under the ‘About’ and see, “Sister, Dad, Mum” entries… because by default this information is viewable by fiends of friends….

Now taking all that in above along with friends posting “Happy Birthday, 40 today, can’t believe how old we all are now, congrats mate” etc (‘today’ being 24/2/2017) and that the ‘picture questions’ when shared from a page the answers are shared with the people on the page… consider what most people can see about you.  In the example I have written/posted above lets recap:

  • Real Name: Michelle Isabelle Sullivan
  • Date of birth: 24 Feb 1977
  • Favourite Colour: Red
  • My Address: Triq il-Hemel, Swieqi, Malta
  • My pets name: Melody Pond
  • What sort of pet: Cat
  • Mother’s Maiden name: Knowles
  • Brother’s Name: Stephen

Sound familiar?  What a bank might ask you on the phone for ‘confirming your identity’ by any chance?

How did I get all this you might ask… because not all is that obvious, well

“Name” is an easy one, but hey, need to know the full name, so my “Soap Opera name” gave me two details “Isabelle Hemel”, one of which was middle name.  That was verified because we also asked, the “Starwars Name” which use initials from each part of our name.

“Date of Birth”, easy but you might have missed it, I said I got wished a “Happy 40th Birthday” today (and probably got several hundred best wishes) all of which are posted with the permissions of the poster, *NOT* what permissions you have on your ‘Timeline’.  So being that I said “today” is 24th Feb 2017 and I’m getting “Happy 40” wishes that makes my Date of Birth 24 Feb 1977.

“My Favourite colour”, trivial, what was my “wand’s magic name” again? Oh that’s right, “Red mushroom burger“.

Social Engineering tip: ask other irrelevant details with the detail you want, people don’t spot they are giving something away that they might otherwise not, how many of you would answer truthfully if a stranger came up to you in the street and asked you, “What’s your favourite colour, and how old are you?”

“My Address” little more tricky this one, I’m sure you got the first one, my ‘Soap Opera name’ is “Isabelle Hemel but how did I get to “Triq il-Hemel, Swieqi, Malta”..?  Simple take a look at your timeline and look for the location information on most posts, on mine it says, “Swieqi” on a vast number of posts, if you look at Google maps and search for “Hemel Swieqi” that will give you the rest of the address (and even the postal code in many cases.)

How many of you have seen the “What’s your pet’s name?” as a ‘security question’ … well guess what… My “Goth Name” was “Black Melody Pond” and that just gave it to you!  How did I get to the pet being a “cat” though?  Well just go look at my photos, especially for ones with pets in them and you find I own a cat, and it takes very little to tie “Melody” to “a Cat“.

Mother’s Maiden name and Brother’s Name – well I told you that already, it’s on the “About” page of Facebook, not to mention that many people have mums that interact with them on Facebook and usually by sharing posts.  For example, how many of you have photos of you and your mum?  How many of those photos did you “tag” your mum in?

You might be asking, “But what about the ‘Rapper Name’ where does that fit in?” .. well remember what I said about, “ask other irrelevant details”.  It is bogus information, but it makes you feel better about giving me details you wouldn’t normally share…

Some of these details Facebook encourage setting better permissions on, but even with these ‘security checkups’ often the details are already leaked or are available to ‘Friends of Friends’… A study a while ago found most people in the world are 7 people away. What that means is if you go down 5 levels of ‘Friends of Friends’ (ie “Friends of Friends of Friends of Friends of Friends of Friends”) you will be linked to most people in the world

Posted on

Old School corruption still around in Malta…?

Well all those know me, know I do not have tolerance for Political parties or Political grandstanding however, in the case of the 2013 Maltese Elections it is time I waded in with my 2 cents.  This is not a political statement for either side, because to be honest, if I were voting I wouldn’t vote for either one, both are in it for themselves and not in it for the people as elections really should be.  However, this is about the events (or more specifically one event) surrounding the election which is a clear disgrace…

According to the Maltese Law, 24 hours prior to the opening of the polling booths all campaigning must cease or those responsible will be in breach of the law and subject to arrest.  This applies to all candidates, parties and news media (both the services themselves and journalists.)

This evening, in Malta well know blogger and journalist Daphne Caruana Galizia was arrested for blogging about the election in her usual, sometimes course, manner.  This in itself is not wrong, and indeed it appears her arrest was made with good reasoning and because it appears she violated the 24 hour law.  What is NOT right and clearly a prejudice either against her, or what she stands for, the the fact that some of the candidates themselves continued their campaigning clear into the 24 hour ‘no campaigning’ period, and no-one else has been arrested.

Lou Bondi, from TVM’s Bondi+ was there at the time of the arrest and the video of the arrest has been uploaded to You Tube here.  Now before any of you the readers get hot under the collar about the police officers involved, please remember they are doing their jobs, they were told to make the arrest.  Instead, focus your attention and appeals on the two following things:

  • First: Who ordered those police to arrest Daphne Caruana Galizia?  
  • Second: Why were others who clearly violated the same laws not arrested?

What follow are screenshots of the Facebook pages of some of the candidates and their delegates, all of which are in violation of the same law.  All of the people posting should be arrested on the same charges as Daphne Caruna Galzia immediately.  If the person ordering the arrest of Daphne Caruana Galizia is not willing to order the arrest of these people, that person should be fired and prosecuted for discrimination in the highest, and investigated for corruption.

 

313425_10151556788557994_712534173_n 544071_10151556858647994_81101859_n copy 599028_10151556864642994_1313463993_n 601296_10151556836607994_1203630769_n 734424_10151556861707994_630670272_n

You will note, that there are candidates from both sides of the Election.  All should be arrested for the violation of the 24 hour rule as they are all clearly in breach.

 

Note: Comments are open, however any political statements for or against any party will be reported as campaign statements or deleted.  I will allow comments about the unbalanced treatment of the parties and journalists involved in this scandalous arrest.

Note 2: Just to be clear, I am in the USA currently, and have no idea of the timezones/timestamps on the Facebook pages, these have been reported as postings within the 24 hour window to me, please excuse and inform me if any are not in fact in the 24 hour window.  Also if there are other examples, please screenshot them and post them to me at michelle@shellsshots.com and I will update this page with them.

Posted on

Two years on..

Well almost two years on but the abuse I suffered at the hands of my ex (Katie Crothers) is still affecting my life in a negative way..  Seems no matter what I do there is always someone that knows her, there is always someone that wants to know me that I have the suspicion is just a friend of hers probing for more information….  Checking the logs of the webserver shows continual stalker activity..  and now the TV has ads about how to recognise it..  well just as an experiment I followed the link on the TV and filled out the form remembering how I was 2 years ago today, and here is the result:

 

http://thisisabuse.direct.gov.uk/worried-about-abuse
‘This is ABUSE’

I suspect I’m never going to get over this issue, ever, even with psychiatric help, please be aware, and please do not fall victim to a pathological abuser.  If you think you are a victim, go to the website: http://thisisabuse.direct.gov.uk/worried-about-abuse fill out the form honestly and read the results.