PSA: Do NOT use the insecurity misfeature of a secret question. And #getagrip.
Before jumping to conclusions and screaming “hack!”, has anyone even considered a potentially innocent explanation? I have a pessimistic view of human nature, but the paranoia in this thread is off the charts.
This is good advice, in my opinion:
The forum officially agrees with newalias about that, and with me. Read the warning that the forum gives you, when you set up the ridiculously stupid insecurity misfeature of a so-called “secret question”:
Duh. Why does theymos even allow this?
I spot-checked this user’s post history. At a glance, it looks normal to me. I also noticed that he just received a red tag from someone in DT (fortunately outside my trust network; my trust network is infinitely superior to DT).
Now, this could be a bizarre beginning for a social engineering attack. And the PM also seems to indicate that newalias is probing something, somehow.
I will reach out to him, and politely ask just what he is trying to do. Meanwhile, I will add a neutral tag linking to this post—to be updated or removed, if or as appropriate. I request that someone in DT should do likewise.
Maybe, just maybe, this could simply be a very clumsy attempt at whitehat protection of the forum, from someone who needs to see the late Dan Kaminsky’s White Hat Hacker Flowchart:
This is good advice, in my opinion:
The better people know the account owner, the better they know the answer!
Recommended action to take is to remove security question at all.
Recommended action to take is to remove security question at all.
The forum officially agrees with newalias about that, and with me. Read the warning that the forum gives you, when you set up the ridiculously stupid insecurity misfeature of a so-called “secret question”:
Duh. Why does theymos even allow this?
I spot-checked this user’s post history. At a glance, it looks normal to me. I also noticed that he just received a red tag from someone in DT (fortunately outside my trust network; my trust network is infinitely superior to DT).
Now, this could be a bizarre beginning for a social engineering attack. And the PM also seems to indicate that newalias is probing something, somehow.
I will reach out to him, and politely ask just what he is trying to do. Meanwhile, I will add a neutral tag linking to this post—to be updated or removed, if or as appropriate. I request that someone in DT should do likewise.
Maybe, just maybe, this could simply be a very clumsy attempt at whitehat protection of the forum, from someone who needs to see the late Dan Kaminsky’s White Hat Hacker Flowchart: