PaulDotCom mailing list archives
Creating usernames using Google and Linkedin
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Fri, 12 Jun 2009 18:34:59 -0400
Thanks for such a great tool! It worked without any problems on my system. I still think the best defense against this is a strong password (or multifactor authentication). In my opinion, it is best to not consider the username something that is secret or secure (although you don't want to broadcast them to the world either). The only way that you could do that would be to create random usernames which is probably not practicable. Even if you don't use one of the standard formats, your fellow employees, former employees, partners, etc. will all be familiar with the naming convention that you are using. You have to emphasize the importance of strong passwords to your end-users. It is also good to show users how to create good passwords since users can still create some pretty weak passwords that meet common complexity rules! ("Perfect Passwords" by Mark Burnett is a great resource to assist with this). Well that is my opinion for what it is worth! Also if you are working in a sensitive industry you may want to have a policy against users advertising who they work for on a social network page! Thanks! Jody _____ From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jason Wood Sent: Friday, June 12, 2009 2:09 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Creating usernames using Google and Linkedin Hey all, I was messing with something today and remembered episode 129 had a segment on using a target company's website to generate passwords. I tried it out and with a bit tweaking it worked great. But I also wanted a username list that was targeted for the company. I took a twist on creating passwords and did some queries on Google such as "site:linkedin.com CompanyName". In my case, I found 26 pages of search results containing almost nothing but people's full names. I found a python script that pdp at gnucitizen had written to pull google search results. I did some hacking on it and came up with a script to create a list of usernames using the targeted search results. It creates the basic variations of first initial, last name and firstname, last initial. I'm not a python scripter, so if you have any suggestions on improvements please let me know. I've got it dialed down to only take the first page's results. You can download it at http://www.jwnetworkconsulting.com/downloads/usernameGen.txt The only real defense I can think of against this is to make sure usernames at your organization are not based on their names. I know from experience that people will absolutely HATE it, but it would work. Any how, hopefully this is useful to someone else. Jason No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.364 / Virus Database: 270.12.64/2170 - Release Date: 06/11/09 17:59:00 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090612/4ac45a2b/attachment.htm
Current thread:
- Creating usernames using Google and Linkedin, (continued)
- Creating usernames using Google and Linkedin Robin Wood (Jun 12)
- Creating usernames using Google and Linkedin Tim Mugherini (Jun 12)
- Creating usernames using Google and Linkedin Larry Pesce (Jun 12)
- Creating usernames using Google and Linkedin Jason Wood (Jun 12)
- Creating usernames using Google and Linkedin Larry Pesce (Jun 12)
- Creating usernames using Google and Linkedin Jason Wood (Jun 12)
- Creating usernames using Google and Linkedin Mike Patterson (Jun 12)
- Creating usernames using Google and Linkedin Mike Patterson (Jun 12)
- Creating usernames using Google and Linkedin Jason Wood (Jun 12)
- Creating usernames using Google and Linkedin Jason Wood (Jun 16)
- Creating usernames using Google and Linkedin Jim Halfpenny (Jun 12)
- Creating usernames using Google and Linkedin Mike Patterson (Jun 12)
- Creating usernames using Google and Linkedin Robin Wood (Jun 12)
- Creating usernames using Google and Linkedin Jody & Jennifer McCluggage (Jun 12)