Tuesday, March 8, 2016
Social Engineering Task #6
My task was to "Shoulder Surf a stranger to acquire his password". At the beginning I thought: Wow! That's actually an easy task. But then I soon realized it was painfully long to accomplish something like this. Besides the awkwardness factor on shoulder surfing someone, the long waits are a terrible con. I started by sitting in the computer labs near our class. I spent at least 3 hours there and no success (as in, I totally suck at looking someone typing for some reason). Then I moved to the library upstairs, another couple of hours, not luck. Whoever was coming there either had a usb key or opened a word document to type in something... What are the odds? Yea, a couple of people typed in their BHCC account passwords, but I wasn't close enough.. (Remember? I wear glasses).
But anyways, after those few hours passed at school I decide to move somewhere else. I was meeting a friend at Boston Public Library, so I thought, why not try it there? I got there an hour earlier and sat near those 2 guys both macbook owners. Needless to say, they already had all their passwords typed in, so yea.. Nothing.
After a few days of frustration, yesterday I came back to school. Again sat at the computers downstairs and waited. So this guy comes up near me and opens chrome, opens a facebook page and bam! He puts his email and password. But yea, I missed it. But something awesome happened. He clicked on "Save this password" on the usual chrome prompt. That was my opportunity. I know it's not the same as shoulder surfing, but hey, I was craving someone's password so bad that I resorted to one of the oldest tricks on the internet. As soon as he left I switched computers. I opened up facebook and there it was. The email and the password (covered). Again, using one of the oldest internet tricks, I highlighted his password and there it was.
What have I learnt from this experience? Shoulder surfing is a horrible method to steal someone's password. Was it unethical? I don't think so, since I was not intending to harm him. In fact, after I stole his password, I left him a message to pay more attention to what he does.
Subscribe to:
Post Comments (Atom)
Would you have considered positioning a video camera above the keyboard to capture keystrokes, and have you looked at the ceiling of the Ethical Hacking lab this afternoon?
ReplyDeleteand I mean, looked, really, really carefully?
Just saying
Good effort. 5 points
ReplyDelete