[iwar] [fc:Dead.Men.Tell.No.Passwords]

• Next message: Fred Cohen: "[iwar] Top Security Experts Address the Real Issues in Computer Security"
• Previous message: Fred Cohen: "[iwar] [fc:ISC.BIND.9.DoS.Vulnerability]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-4768-1023313535-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 05 Jun 2002 14:50:13 -0700 (PDT)
Received: (qmail 5849 invoked by uid 510); 5 Jun 2002 21:46:42 -0000
Received: from n25.grp.scd.yahoo.com (66.218.66.81) by all.net with SMTP; 5 Jun 2002 21:46:42 -0000
X-eGroups-Return: sentto-279987-4768-1023313535-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.194] by n25.grp.scd.yahoo.com with NNFMP; 05 Jun 2002 21:45:35 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_3_2); 5 Jun 2002 21:45:35 -0000
Received: (qmail 49234 invoked from network); 5 Jun 2002 21:45:35 -0000
Received: from unknown (66.218.66.218) by m12.grp.scd.yahoo.com with QMQP; 5 Jun 2002 21:45:35 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 5 Jun 2002 21:45:34 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g55LmW326947 for iwar@onelist.com; Wed, 5 Jun 2002 14:48:32 -0700
Message-Id: <200206052148.g55LmW326947@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 5 Jun 2002 14:48:32 -0700 (PDT)
Subject: [iwar] [fc:Dead.Men.Tell.No.Passwords]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=1.1 required=5.0 tests=CLICK_BELOW,SUPERLONG_LINE,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: *

[FC - so why don't they call a security expert instead of a 'hacker'?]

Dead Men Tell No Passwords
By Michelle Delio

12:08 p.m. June 5, 2002 PDT

The man in charge of archiving and maintaining electronic copies of Norway's
most important historical documents is dead and so is access to those
archives.

So the director of the Norwegian cultural center is pleading for hackers to
help him crack the center's password-protected database.

The problem started when the technician responsible for the archives at
Norway's National Center of Language and Culture never divulged the password
before he died a few years ago.

Since then, employees at the center have been unable to access some of the
password-protected archives that contain data on a collection of thousands
of documents and books. A national database that allowed researchers access
to those documents is also partly inaccessible.

So center director Ottar Grepstad sent out an appeal Tuesday on a national
radio broadcast, asking for hackers to help crack into the system and
discover the programmer's password.

A spokesman for the center said they have received many more replies than
they expected, and are now trying to select the code wizard who can best
help them solve the problem.

Helpful hackers are hoping that the technician wasn't heavily into security
and used an obvious password, instead of the random jumble of letters and
numbers that security experts advise.

"It would be great if the password is his dog's name," said Marco Pasquale,
a Toronto programmer who volunteered to hack the center's database. "If it's
a gibberish password it'll be a real challenge."

The center's dilemma has sparked discussion among some techies who wondered
if there were any way to ensure that their projects would not suffer if they
were to die unexpectedly.

Some have decided to use Aryeh Holzer's "Dead Man's Switch," a program
intended to avoid any postmortem problems or embarrassment.

The switch, if not regularly reset, automatically carries out a series of
pre-designated tasks. It can post pre-composed messages to a geek's favorite
discussion groups, send e-mails to pre-selected addresses, and protect
sensitive files by encrypting or destroying them.

But some who have used the program advise caution.

"I went on vacation, and forgot all about the switch," said Kenny LaGuardia,
a Web designer from Los Angeles. "When I returned home, the program had
posted, 'So I guess I'm dead' messages to all the newslists I subscribe to,
and destroyed all my adult entertainment files." 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Download VeriSign's FREE guide, "Securing Your Web Site for Business" and learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here!
http://us.click.yahoo.com/P62TUC/MyKEAA/sXBHAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] Top Security Experts Address the Real Issues in Computer Security"
• Previous message: Fred Cohen: "[iwar] [fc:ISC.BIND.9.DoS.Vulnerability]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT