Difficulty Rating: Suprisingly easy
Methods:
Idea: Watch someone type in their password.
Then use that password.
Problem: None.
Idea: Call them and ask for their password.
Problem: Sometimes they say no.
Idea: Send email to NSI. Get them
to change the IP address of an important server.
Problem: Only most machines are set
up this way. The best sites are not (except AOL).
Idea: Write a Java applet that asks
for their password when they access your site.
Problem: The dialog box has a warning
on the title bar.
AOL says it will never ask for a password, and some people believe it.
Only idiots are fooled, and they don't control the best sites.