3rd vote for Rockhardawesome
He created a GUI in visual basic and tracked your IP address.
Social engineering is the usual way - mentioned girlfriend/pet/streetname possibly?
Something to do with the following: wumpus, elizabeth, billcosby, jooky, burton, betsy, gamebasement, wise-ebusiness, boland boss, chuck snyder, lifepoint, brentwood
Or if I was able to figure out your crystaltech account ID (which could easily be social engineered), thatād open the floodgates for me.
0wned.
May I just add that the concept of the Hacker badge (if implemented as the anonymous emailer suggested) is one of the best security Hacks ever. Find something of little value you can give people to get them to attempt to hack your site and admit it.
Encourage Hacking!
Passwords are flawed, they are too easily broken, but Iāve found the cure: I donāt use passwords. Think about it - you only change your password and thatās only half of your identifier when logging in!
Isntead, every 28 days I change my identity. This month Iām Gerald Wobblebottom. Who knows who I will be next month. In fact, some days I donāt know who I am until I get to work and see my name on the door.
Was it orange?
Cāmonā¦I have work to doā¦Now whoās gonna spend time in finding the way how he did itā¦Damn! You just ruined my working dayā¦
I appreciate the guy with ethicsā¦
Donāt be silly, do you think Jeff is stupid?
It was of course 0r4n93.
How did this person discover your password? My guess is you inadvertently typed your password into a Stack-Overflow field while thinking focus was on another window. The perp then spotted the random word in an SO post, and guessed that it must be a password.
Iām going to guess he got your password the same way Anonymous got Sarah Palinās yahoo account password: Broken secret question system.
I would have to guess that it was a cross-site attack (XSS), you mentioned it in a particular blog post as well as several times when talking about particular vulnerabilities that you should pay attention to. Personally Iām partial to picking randomly generated passwords from pwgen, writing them down together with all my old passwords on a note which I keep somewhere safe. Itās suprising though, how quickly you can memorize a number of random alphanumerics.
Iāll also say Rockhardawsome
I suppose it was contained in a configfile which you published somewhere.
Or you used the same password on another website which is controlled by the attacker.
the password isā¦
1ā¦ 2ā¦ 3ā¦ 4ā¦ 5ā¦
Hey! Thatās the same combination I have on my luggage!
good thing i donāt use OpenID for anything else than Stack Overflowā¦
The most likely cause was that you used it on his site and he is logging passwords or saving them un-hashed.
but will you punish him?