Gathering information

Before you start attacking someone, you should gather first some info. When that someone is a user, your best chance is stupidity. A lot of users are members of social networks such as twitter, facebook, LinkedIn etc. If you know a lot you can track them via their profiles. What happens though if you know only their twitter nickname?

The no 1 place where users share their photos with a lot of personal information is facebook. Facebook has a cool “feature”. User photos are stored using patterns. Go on and right click any image you want and copy its location. You’ll get something like this

https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash3/AAA_BBB_CCC_DDD_EEEE_n.jpg

Well, what I’ve figured out is that CCC is the profile id. This means that http://www.facebook.com/profile.php?id=CCC is the link that will get me directly to the user’s profile who has this photo. Btw I haven’t figured the other numbers yet, if anynone has any idea drop a comment.

Many people choose to use the same profile photo from facebook to any other sites and because they are lazy asses they choose to download the photo and upload it directly to the other social networks. This means that the photo is stored and then uploaded (in a lot of cases) as

AAA_BBB_CCC_DDD_EEEE_n.jpg

, as it is stored natively on facebook.  Even better Windows allows you to copy an image location and you can paste the hyperling (http://) and then finds the image from the /temp/ folder and uploads it as it is, meaning again the image is uploaded using the name that was stored in facebook.

Focusing on twitter now.  User A uploads a profile photo on twitter. The photo was uploaded as my_profile_pic.jpg, the photo is stored and referenced on twitter as my_profile_pic.jpg.

In twitter, many users use nicknames that aren’t directly related with their personal data such as name, surname etc. This ID spoofing is blown away though if a user uploads a photo directly downloaded from his facebook profile since someone can directly relate the twitter account with the facebook account and from that poing even go deeper diggin more info about that user.

Again, if someone knows what’s going on with the other numbers in the facebook storage pattern, let me know 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *