Things people put on for their security questions

I was doing some work for like one month time, trying to guess people’s security questions. Security questions there most of the time on facebook, gmail, yahoo etc.

From the things I saw yahoo has the best set of security questions that are most of the time hard to guess. But on the other hand Facebook has some questions that are pretty easy to sort out, using information from Facebook itself.

Here are some of common answers I found for security questions, also what makes it interesting is the fact that the time we live in, we don’t have a 20,30 year history of internet being in this country. For example most of the people who are using the internet right now are young people just finished their schooling or university or doing a job for few years, therefore some of the answers to the security questions can be easily figured out.

Question : What’s your first phone number?

Answer : Most of the time the answer is same as your current phone number

Question : What’s the last name of your first grade teacher?

Answer : Perera, the reason - majority of the people in this country are Pereras so there is a hight chance this being right.

Question : The city your mother was born, the city you lived at 8 years?

Answer : For both questions the answer is the same as the city you are living right now, or Colombo.

Question : What’s the occupation of your grandmother?

Answer : Most of the time either she is a housewife or a teacher, women didn’t go to work back in the day, and majority of the job our grandmothers did was either be a housewife or a teacher

Well this is not correct all the time but these are the common answers that worked when I tried to out smart the security question.

But no worries Facebook makes you wait 24 hours from resetting the password from answering security question to getting access to the account. So even if you trued to hack if the user logs in before 24 hours they can undo your password change.

How I can get your gmail.

Today I came across a small way of to access a gmail account that doesn’t support to factor authentication. This has nothing to do with a bug in the system or anything, just a plain old digging for data or social engineering.

However in order to do this you must know an old password which the account user must have used. It’s a common practice in many people to reuse a password across different services. So you can find a password that the gmail owner might have used in another service, or you can use the plain old guessing.

Guess the passwords in the gmail login page and if by any chance you got a message that the password has been changed “1 month” ago etc, that means you found a password that the user has used before.

Now in the error message select the link that you’ve not changed the password, or just go to the reset password page.

In the reset password place select that you’ve forgot the password, then in the next step when they ask the last password you remember, enter old the password that you found out that the user has used before.

Then in the next step when they ask the last time you remember accessing the account enter a date that was prior to the password change, not too far but close, for example when you enter the old password Gmail will say that  your password was changed 2 months back, enter a date that is closer but before 2 months.

Also gmail will ask an email address to send a password reset link somewhere in between, enter an email address of yours to get the password resetting link.

Then guess a date when the email was created, most of the time people I know make emails when they pass out from school. That’s the time when they make they start accessing the internet, around 17-20 years of age.

In the next step gmail will ask the answer to the security question. Guess it or skip it, next step gmail will ask some email addresses that you contacted recently, guess it or use some common ones like the Facebook notification email address etc.

Go to the next step, skip the option of other google services they you’ve used.

Done that’s it, there is a hight chance that gmail will send you an email password resetting link because you guessed an old password and entered a date closer to the date where the password was changed as the last day you remember logging in.

Worked 2/2 times for me. Not against real people.

Sri Lankan SECDEF’S Phone Tapped.

I saw a news on a Sunday paper today defence secretary phone line is tapped by some organization. We’re in a time where we get news everyday about NSA spying. Some news saying NSA spies collection phone data even from countries like China.

Sri Lanka is also under heavy attention of USA the newspaper goes on to say that it’s suspected that a foreign embassy and a foreign secret service is involved in the attempt.

Wonder if it’s the NSA behind this as well. Who knows. Which goes to show that even the SEC DEF’S Phone can be hacked who are we be safe.

Personally I Think It’s OK To Be Monitored Online.

Personally I think it’s OK to be monitored for national security but on the other hand doesn’t want the system to be used against me for political reasons. As govs and people in power are always corrupted I don’t want myself to be monitored online.

On the other hand as a a country that had a war for nearly 30 years and when these are people within the country that support terrorism and doing anti national propagandas online sometimes I feel it’s better if there a way to monitor their online activities as I’m sure there will be lots of evidence to gather against these
kinds of people online.

Me and some of my friends have come across facebook groups that are being used to provoke youngsters for revolutions like in 1971 ane 1989, facebook groups organizing protests. As social networks can be used to connect people there are people that use there platforms for the wrong reasons.

But like I said before as long as the political system is corrupt and there is a chance the system being used against people for personal and political reasons I’m against online monitoring like PRISM. But if there is such a day that online monitoring is being done only for national security I think I’ll support it.

Disturbing News About Doctors.

Last night a friend messaged me to read Mawbima newspaper telling me that there’s a story that I must read. Because we didn’t buy Mawbima I asked her what’s it about. The news she told me was very disturbing.

According to the newspaper two Muslim doctors have been arrested at Peradeniya hospital by police under the suspicion that they have been giving Sinhala pregnant mothers some sort of injection that makes them infertile.

A very disturbing news for me both as a to be doctor and a Sinhalese person. The news comes in a time of increasing tension between Muslim and Sinhalese people. Few weeks back a container was arrested at Colombo harbour that contained illegal drugs used to abort pregnant mothers. That too being imported by a Muslim businessman.

Sri Lankan people unlike in other countries has a huge respect towards doctors. They allow us to examin them and do whatever we want to do on them without asking any questions. The truth is patient has a right to know what we’re doing on them and has the power to stop it. Doctors can’t even touch a person without the patient’s proper consent.

Let’s say if a doctor is giving a drug to a patient then they should explain why they’re giving the drug. The indications to give the drug and adverse effects of the drug and only if the patient agrees to take the drug they can give it to them, same applies for an examination and investigation done on a patient.

So people use that right whenever you’re going to a doctor. You have the right to say no to what a doctor is doing on you.

Going back to the other side of the story no doubt that this will further increase the tension between Muslims and Sinhala people. Not everyone is a racist but these are people that have extremist ideas on both sides. So it’s better to stay safe before it’s too late. I personally know so many Muslim doctors and consultants that are good. But like my mom said when she heard this story it’s better to visit a doctor that you’ve known for years and avoid visiting doctors who are not Sinhala that you don’t know. Just to be safe at least until things get clear in what actually happened.

And why aren’t this people who rally for unity won’t rally for things like this as this itself is not going to help to unite the country. I feel all they’re doing is blow the trumpet of the people who actually spend money on them the NGOS or else why rally only against A Bhuddist organization that actually speak against these kinds of events?

This is a very bad for our profession as doctors which has already gotten enough bad reputation among people because of unfortunate events that happened in the past.