In 2004 a group of people were handing out free chocolate to anyone who would give them their passwords. It turned out that 70 % would reveal their password for a candy bar or perhaps that people are willing to lie to strangers in order to get free chocolate. Though this was some interesting statistics, it wasn\u00e2\u20ac\u2122t very useful to me. What I wanted was a username to go with the password and the name of the company where the person was working. However, I didn\u00e2\u20ac\u2122t want to stand alone in the subway handing out Snicker bars to people who didn\u00e2\u20ac\u2122t deserve them. I\u00e2\u20ac\u2122ll keep my candy treats for myself, thank you very much! Besides I wanted a something which was a tad more discreet.<\/p>\n
Mambo server to the rescue! Well I\u00e2\u20ac\u2122ve switched to Joomla after the split. Joomla is an excellent CMS system which I\u00e2\u20ac\u2122ve used to create my site laugh-and-a-half.com. It\u00e2\u20ac\u2122s a site where people go for a laugh; it\u00e2\u20ac\u2122s crammed with funny stories, silly pictures and videos with crappy quality. Out of the goodness of my heart I provide all these services free of charge as long as people register. Some teasers are available without logging in, but most of the site members come from recommendations by their friends (at least that\u00e2\u20ac\u2122s what the polls tell me) and they don\u00e2\u20ac\u2122t mind registering. I don’t ask for much; Alias\/Username, Real Name, Email, Password, Gender, Age and Occupation.<\/p>\n
Some people just enter gibberish, and that\u00e2\u20ac\u2122s fine, (that\u00e2\u20ac\u2122s what I would do), others are proud of their titles and neatly enters the correct information in every field; \u00e2\u20ac\u0153Sales Executive\u00e2\u20ac\u009d, \u00e2\u20ac\u0153Purchase Manager\u00e2\u20ac\u009d, \u00e2\u20ac\u0153Corporate Slave\u00e2\u20ac\u009d. I\u00e2\u20ac\u2122d like to ask for a phone number too, but I don\u00e2\u20ac\u2122t feel that bold. The information would be great to have in social engineering terms, but I don\u00e2\u20ac\u2122t want to make people too suspicious, plus I want valid information. Most members provide exactly that, and password reuse is practiced by most people who login to the site. It\u00e2\u20ac\u2122s not really their fault, they haven\u00e2\u20ac\u2122t been taught better.<\/p>\n
When the users login I also keep records of their connecting IP addresses, from nine to five this usually can be translated to companies.<\/p>\n
During the time when I was starting up the site there was a lot of work involved with collecting jokes and wrestling myself up in the search engines. But I can tell you the ROI has been substantial; nowadays the site has grown and more or less has a life of its own. 95 % of the content is now submitted by users. Everyone likes sharing a joke right?<\/p>\n
No one knows that I run the site. That is, no one on irc knows, they probably haven\u00e2\u20ac\u2122t even heard of the site and I\u00e2\u20ac\u2122m sure as hell not going to tell them. Why should I? The site is registered to some bloke name Peter. Yep that\u00e2\u20ac\u2122s me IRL. The people I do business with only know about tr0y and it would be most unfortunate if anyone connected tr0y to Peter.<\/p>\n
While Peter runs an innocent site called laugh-and-a-half, tr0y is in it for the information. There is some work involved with sorting out bad data from good, but overtime my Perl scripts have gotten quite refined.<\/p>\n
I get a thrill when a new company finds the site. It starts with one user, then he or she sends an email to his or her colleagues which they in turn forward. Some days I\u00e2\u20ac\u2122ve gotten 20 users from the same company!<\/p>\n
So what do I do with this information? Most of the time I trade it, if it\u00e2\u20ac\u2122s from an interesting company I might be able to sell it. Otherwise I have great fun using it myself. Some times I\u00e2\u20ac\u2122m able to just VPN in to a company based on the information I\u00e2\u20ac\u2122ve been given from my members. To some extent I guess I just like the mining.<\/p>\n
Lately I\u00e2\u20ac\u2122ve added some more features to laugh-and-a-half. First I\u00e2\u20ac\u2122ve got the face recognition software, the idea is that people upload their pictures and I tell them who they look like. Boy do people love to look like celebrities;
\n“Susan you look like Madonna, please tell your friends.”
\nOf course the software itself isn\u00e2\u20ac\u2122t working very well but the upload module works excellent.<\/p>\n
Then there\u00e2\u20ac\u2122s the horoscope where the members enter more information about themselves. This is a mix of “worthless stuff” and things I wanted to know but didn\u00e2\u20ac\u2122t dare ask during their registration. Members fill out a form; where they live, interests, favorite food, what they earn, what their boss is called, favorite animal etc. Based on their input I provide them with a randomized horoscope.<\/p>\n
Another popular feature of laugh-and-a-half.com is the weekly newsletter. Every Monday the site sends out a newsletter with the jokes which have received the best votes during the previous week. Mind you it\u00e2\u20ac\u2122s easy to unsubscribe. Heavens I don\u00e2\u20ac\u2122t want to get accused of spamming! The newsletter is a good way to remind people of the site. But then there\u00e2\u20ac\u2122s a little something called out of office replies.<\/p>\n
“Hi this is Brent, I\u00e2\u20ac\u2122m out of the office visiting customers this week\u00e2\u20ac\u00a6”
\n“Laura is on vacation this week; if you need anything call Mark at this number\u00e2\u20ac\u00a6”
\n“Hi this is Jonathan I am on vacation until 13\/7\u00e2\u20ac\u00a6”
\n“Hello, Sarah will be back on Wednesday\u00e2\u20ac\u00a6”
\n“Neil is on vacation\u00e2\u20ac\u00a6”<\/p>\n
These can be good to have for a bunch of reasons, but today I think I\u00e2\u20ac\u2122ll ping devin\u00e2\u20ac\u00a6<\/p>\n
– tr0y \u00e2\u20ac\u201c you there?
\n– devin \u00e2\u20ac\u201c hey buddy long time no see, sup?
\n– tr0y \u00e2\u20ac\u201c know anyone in kent?
\n– devin \u00e2\u20ac\u201c why?
\n– tr0y \u00e2\u20ac\u201c business
\n– devin, business business?
\n– tr0y \u00e2\u20ac\u201c yep business business
\n– devin \u00e2\u20ac\u201c shoot
\n– tr0y \u00e2\u20ac\u201c a guy named jonathan will be on vacation in Greece
\n– devin \u00e2\u20ac\u201c the deal?
\n– tr0y \u00e2\u20ac\u201c 6 %
\n– devin \u00e2\u20ac\u201c I\u00e2\u20ac\u2122ll get back to you
\n– troy \u00e2\u20ac\u201c I\u00e2\u20ac\u2122ll send you what you need when you do
\n– devin \u00e2\u20ac\u201c how do you know about this anyway?
\n– tr0y \u00e2\u20ac\u201c I ask politely<\/p>\n
Please note this is a purely fictional story any name found here are made up. I\u00e2\u20ac\u2122ve written this because I like writing, if someone reads it and enjoys it great. If they get more conscious about security, that\u00e2\u20ac\u2122s a bonus too.<\/span><\/p>\n Related Links:<\/span><\/p>\n Passwords revealed by sweet deal<\/span> Would you trade your password for chocolate?<\/span> Urban Legends Reference Pages: Crime (Grand Theft Auto Reply)<\/span> Passwordsafe<\/span> – is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs under Windows.
\n– http:\/\/news.bbc.co.uk\/1\/hi\/technology\/3639679.stm<\/a><\/p>\n
\n– http:\/\/www.theregister.co.uk\/2004\/05\/28\/password_advice\/<\/a><\/p>\n
\n– http:\/\/www.snopes.com\/crime\/intent\/reply.htm<\/a><\/p>\n
\n– http:\/\/passwordsafe.sourceforge.net\/<\/a><\/p>\n