Back in September, two things happened relating to space travel for the private sector. First, I posted about the proposed 2010 opening of Spaceport America in New Mexico. Then, I promised my wife that we would be on a flight into outer space on September 17, 2017. This week, Virgin Galactic officially unveiled their commercial ship, SpaceShip Two.
I nabbed the above image from OhGizmo!, who had this to say:
SpaceShipTwo is designed to ferry 6 civilian passengers and 2 crewmembers 68 miles above the surface of the earth, where they’ll spend a few precious minutes in weightlessness, drinking in the view, before descending back to the ground at a peak force of 6 gravities over 20 seconds. All for just $200,000.
That’s about the price I figured these trips would start at, but barely getting a peek from space for that price is still an “I did that” trip for the super wealthy. This is why I set my proposed travel date to 2017. I figured ten years gives any companies involved plenty of time to get their ducks in a row. By “ducks”, I mean:
- Work out any kinks so I’m not exploding on launch
- Find ways to bring the price down
- Find ways to increase the experience
- More frequent (convenient) flights
By 2017, I think the experience should be much more substantial, we’ll get to take off from from the new Spaceport America, and the price tag should actually fit within my budget. I feel like a little kid who’s parents just came back with the first of the Christmas presents, only Christmas is still nine and a half years away and I’ll have to pay probably $25,000-$50,000 to open my present. Still, thinking about taking that trip makes me all warm and fuzzy inside. Just when I thought I couldn’t be more excited about it, here’s a video simulating what the trip should be like:
So here’s a question for you. Supposing a trip into space on SpaceShip Two in 2017 would cost you $25,000, you had that saved up, and the trip included a full orbit around earth, would you go?
Most people are a familiar with the term “hacking“. In general, it refers to gaining unauthorized access to a computer. One definition from m-w.com is “to gain access to a computer illegally”. To me, hacking refers to gaining unauthorized access to information. I’m not going to explain how to hack a computer. Instead, I’m going to talk about how to hack a person, or, how to gain information from a person that they would not otherwise provide. This is also widely known as “social engineering“.
Get to know your mark
A mark is simply the victim of your information theft. While you may have valid, legal, motives for sneaking around normal channels, I’ll refer to the target as your “mark” because I’m lazy.
Social engineering often involves pretending to be someone you are not. Many times, you may need to pretend to be a client, for example, in order to get their password from their domain registrar or internet service provider. You may have other, more sinister, motives for gathering sensitive data, too. Either way, you will need to be prepared with answers to key questions, appropriate reactions, etc. Research all the information you can about whatever you are trying to get access to as well as the person you are claiming to be (where applicable). For example, if you were to call a large ISP, attempting to get the password to your mark’s email account, you would want to know his or her full name, email address, and birth date at a minimum. Other helpful things to know are names of the girl/boyfriend, spouse, child, pet, etc., hobbies, bands or stars the person likes, and anything else very personal. More often than not, one of these things is the answer to your mark’s “hint” question, that question they ask you before divulging your password when you’ve forgotten it. Sometimes, that one word is all you need.
Some alarming facts
Around 2-4% of all people have a password of “password” or a pin/security code of “1234″. Many of the rest have passwords that can be found in a dictionary file (a file full of dictionary words used for guessing a password randomly). If your mark is 16 and her boyfriend is named Mark (but she calls him “markypoo” all over her MySpace page), you might be able to skip all the dirty work by just trying “mark”, “markypoo”, “ilovemark”, or “ilovemarkypoo” as her password. Just about every demographic seems to fall under the rule that you can usually guess a password within about 20 tries if you get to know the owner of the account. Some more clues that can help are birth dates, nicknames, sports teams, and movie/tv charaters. Know your mark (above) and the rest is pretty easy.
Get to know your source
When I say “source”, I mean the source of your information. This could be anything from an automated web form to a phone support representative, to a front desk employee at a hotel. The type of information you are looking for should dictate what your source is and is should be fairly obvious to you. Pretend, for a second, that you’re looking for that email password from above. Logic dictates that your source is going to the your mark’s ISP. Become a customer, client, or user. Sign up for an email account of your own and make note of the security questions. Test the password entry form and see if it has a minimum/maximum amount of characters or has any other requirements. Does the site suggest a username for you like Yahoo! does (eg: JohnDoe2008)? Any information you can glean through creative and thoughtful experimentation can be instrumental in your success.
Confidence is key
You’ve probably heard that before, but in another context. It’s a popular phrase when talking about sales or success in business. Confidence can drive your job interview home, it can get you sales, and it can even get you a date, but it can also be the key ingredient when trying to con a source out of information. If you act nervous in your efforts, it will likely get noticed and make your source suspicious. Speak clearly, act casual, and act like you’re supposed to get the information you’re asking for. Many times, you can even act as if you were waiting for a third party (whose name you now forget) to call you back with that information. Begin a support call by saying “I somehow got disconnected. I called in because I forgot my password and I forget who I spoke to, but he asked me the security questions and then the call dropped.” If you gently suggest to your source that another person in the company trusted your authority to access a password and was about to give it to you, this will sometimes lower their guard just enough to squeak by.
Confident does not mean sloppy
Sometimes you are acting in the best interest of someone who knows what you’re doing, but what if you’re just trying to snoop through someone’s email or you want to throw a surprise party for someone and just need to grab their contact list from their gmail account? If you don’t want anyone to know what you’re doing, you had better not leave a trail behind you. Getting caught can be embarrassing and get you into trouble with your mark. Worse, if you’re doing what I think you shouldn’t be, you could get jail time. That said, here’s some things to think about before you begin:
- Don’t use your real name… anywhere
- If using the phone, block your number
- If using the web, go through a proxy (from a library)
- If using email, get a throwaway email account and check via web mail (from the library)
- Know the legality of what you’re planning
- Try not to break the law if possible
The more careful you are, the less you have to worry about, and the more confident you can be when faced with the human interaction.
Get more than information
People-hacking works for more than just snooping on your ex-girlfriend’s email (stop obsessing and get over her). You can also work out discounts and deals by knowing how to deal with a particular source. Here’s an easy experiment you can do: Call a fast food joint on a weekday afternoon (right during the busy lunch time) and explain that your order was messed up. Your complaint should be believable, but bad enough that your meal was practically not edible to you. Say they put ketchup on your burger after you asked for no ketchup. Know ahead of time what you ordered (a popular combo meal will probably have been ordered in the last hour by someone at the drive-thru, making it more plausible). Almost every time, they will write down your first name (which can be any name you want to give them). The next day, show up and explain that you were told you would get a complimentary meal for the one they messed up. Give them the name you gave over the phone, order the same meal, and enjoy eating for free. I can’t publicly condone doing this, so if you happen to try it for the purpose of experimentation, even the score by donating $6 to charity or something.
There are many morally valid and many morally corrupt reasons for needing to obtain information, goods, or services via unconventional means like social engineering. Whatever your reason, identify what you want, plan it out, and go get it.
UPDATE: I raised the prize amount to 2,000 credits. Enjoy.
I have decided to give away a free 1 month ad block and Entrecard credits every month. So not only can you enter to win $100 every month of 2008, but if you have your own blog (or just about anything else) to promote, you can now win that 125 by 125 pixel ad space right up at the top in my header for a full month. I recently got this award for having the best Entrecard widget placement up there. Clearly, it’s a great spot for your ad to get noticed. Better still, I’m giving away another 1,000ec so you can get your ad on a bunch of sites in the Entrecard network!
How can I win?
This one will be just a little different, but like always, I want to make it easy to enter. Just do ANY of the following to enter:
- Comment on this post (1 entry)
- Send a visitor to http://www.joetech.com from your site (2 entries per visitor!)
- Sign up for my RSS feed via email (10 entries)
- Favorite me in Technorati (10 entries)
- Put http://www.joetech.com in your blog roll (30 entries)
- Write a post about this contest (MUST link back to this post) (50 entries)
- Write a positive review on your blog (MUST link to Joetech.com) (100+ words) of JoeTech.com (100 entries)
- Stumble one of my articles (20 entries)
REMEMBER: You do not have to do all of them. Any combination of any of the above works, but do all of them for the best odds. Bonus: If your site or blog has an alexa rank under 50,000, DOUBLE YOUR ENTRIES
Entry deadline is January 30, 2008.
What do I get if I win?
There will be one main winner, who will get the 125×125 ad block for the month of February as well as 1,000ec to be spent at Entrecard on even more ad space (or do whatever you want with it). I reserve the right to approve your ad, but if I deny it, you can submit something else until I approve it.
What do I get if I don’t win?
In my post to announce the winner, I will link back to any blog who posted about the contest, added me to their blog roll, or reviewed JoeTech.com. Additionally, I will have more prizes (to be determined) to give out to those who enter.
As a developer, this is huge. Depending on what Sun does with MySQL in regards to its open source-ness, this could change the way I do business to some extent.
Sun Microsystems Inc said on Wednesday it will buy open source developer MySQL AB for about $1 billion, allowing it to expand into an estimated $15 billion database market.
This could also change the way Sun does business. Either way, it’s a huge purchase.
I suck. Not generally, just at making money from sites with good traffic. I’m an affiliate marketing idiot and I need help. I have several sites that total about 1.8 million page views per month, yet I’m not making cash like this. Clearly, I need some kind of kick start.
Luckily, there’s a cure for what ails me, and that’s Affiliate Summit West in Las Vegas, Feb. 24 through 26. Unfortunately, a guy like me with a mortgage and credit card bills (and almost NO) affiliate income can’t afford the registration. So I’m appealing to the kindness of John Chow, who I’ve been a fan of (and talking about daily to my lovely wife) for months now. I hadn’t planned on John being so kind, but he’s traditionally been a giver, so it makes sense. All John asks is that I write a post about why he should sponsor me to go to Affiliate Summit West, so that’s what this is.
Without rambling any further, here’s the top reasons http://www.johnchow.com/go-to-affiliate-summit-west-on-me/ for Affiliate Summit West:
- I’m need affiliate schooling
- I will be the guy paying the most attention during the Super Affiliate Strategies that Work panel that John will be speaking on.
Get Higher Ranking in Google
