If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(C|Net)   Convicted hacker allowed into IT class in prison, and teaches prison a lesson or two of his own   (news.cnet.com) divider line 66
    More: Dumbass, prisons, Prison Service, unfair dismissal, Nicholas Webber  
•       •       •

10065 clicks; posted to Geek » on 04 Mar 2013 at 9:03 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



66 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-03-04 08:36:50 AM  
FTFA: Michael Fox claims that he didn't know Webber was a hacker.

I'd say his claim is on shaky grounds.
 
2013-03-04 09:13:45 AM  
"The perceived problem was there was a tutor who had been excluded by the prison and charged with allowing a hacking expert to hack into the prison's mainframe."

The sentence makes my head hurt.  Also, Mainframe, really?
 
2013-03-04 09:17:28 AM  
'Yeah. The funny thing is - on the outside, I was an honest man, straight as an arrow. I had to come to prison to be a crook. '
 
2013-03-04 09:21:10 AM  
Is this one of those "I D 10 T" errors?
 
2013-03-04 09:27:12 AM  
Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.
 
2013-03-04 09:28:11 AM  
It looks like a hack wrote this article as well.
 
2013-03-04 09:29:18 AM  
I'm going to side with the instructor on this one unless it was the instructor's responsibility to verify the criminal background of each of his students.  I doubt that.  That sounds more like the duties of the people in charge of the prison.
 
2013-03-04 09:35:03 AM  
showwatcher.com

"Get busy living or get busy nmap --open 192.168.1.1....and that's goddamn right."
 
2013-03-04 09:46:12 AM  

xanadian: FTFA: Michael Fox claims that he didn't know Webber was a hacker.

I'd say his claim is on shaky grounds.


Lulz.
 
2013-03-04 09:52:20 AM  

haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.


This.

Also, I highly doubt that a prison would need a mainframe computer, much less an isolated IT class network.  At the very worst, they might have had an old AS/400 on there, but definitely not a z-series.
 
2013-03-04 10:02:46 AM  

haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.


Very good question.

Is guessing weak passwords considered "hacking"?

I only watched a few minutes of War Games when it was on TV yesterday. Some of it reflected reality. In the '80s, people really did call every number in an area code trying to find a modem that would answer. That part was true.

There were also ways around paying for phone calls. That part was true too, especially since long distance phone calls were expensive back then.

Broderick mentioned they changed the password on his school's computer system every few weeks I'm not sure if that was true, but I doubt it.

CSB

I haven't changed my Fark password since I joined and even though I've been told it's reasonably "strong"*** it's actually quite simple and I would think easy to guess.

I'm not saying it's 12345, but it might be 12346,

/I actually expect a few dozen people who read this will now start trying to "hack" my password by guessing 12346, 12347, 12348, 12349.....ad nauseum. If you were Matthew Broderick's character you'd write a program to do it for you.. AFAIK, there is no lockout on Fark for getting the password wrong more than 3 times in a row, nor is there a timeout preventing you from guessing as many passwords as you can as fast as you can.

I actually hope I'm wrong about that, but I doubt it.

I'll give you "hackers" a hint. It's not the same password I use on my luggage.

Have fun!

Oh, and his school's password was "pencil" - a password easily guessed with a dictionary attack. It wasn't even "p3nc!l", just plain old "pencil".

But it didn't really matter how "strong" the password was since he knew where they wrote it down - probably on a post-it note attached to the school superintendent's monitor.

And THAT is the exact same weakness many systems suffer from today. Find the Post-it, gain root access, ?????,. Profit!!!!

*** I don't think Fark told me it's a "strong password", but I fail at security because it's the same password I use on another site.and they said so.

I look at it this way. If you "hack" my Fark password, you might make me look smarter than I actually am - or you might make me look dumber (if that's possible) or you might get me banned. Depending on which you did, I might be pleased or slightly annoyed. I'd get over it.

The other site I share my Fark password with? The consequences are even less - I don't even know why they require a password. The user names are different though.

Again, have fun!
 
2013-03-04 10:12:52 AM  

Flab: haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.

This.

Also, I highly doubt that a prison would need a mainframe computer, much less an isolated IT class network.  At the very worst, they might have had an old AS/400 on there, but definitely not a z-series.


I know the article is written very, very badly, but it does mention that the prison is specialized for prisoners under age 25, and that it's fairly modernized. The mainframe resources could be controlling a lot of automated facility tasks, and additional security measures above and beyond the physical presence of guards since it's supposed to be a maximum security facility.

My guess would be that the IT class was some sort of job training for after release since the offenders are younger, but that the list of prisoners eligible for the class wasn't screened to omit those found guilty of tech based crimes before being given to the instructor and whichever administrator screwed the pooch is letting the teacher take the fall for the mistake.
 
2013-03-04 10:14:40 AM  

xanadian: FTFA: Michael Fox claims that he didn't know Webber was a hacker.

I'd say his claim is on shaky grounds.


You went there...didn't you?

YodaBlues: [showwatcher.com image 245x270]

"Get busy living or get busy nmap --open 192.168.1.1....and that's goddamn right."


Win.
 
2013-03-04 10:29:14 AM  
The Secure Shell Redemption.
 
2013-03-04 10:32:47 AM  
I don't think it should be the techer's job to screen the rap sheets of everybody interested in his class. He's there to teach.

A spokesman for the prison told the Mail: "At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible

So... whats the big deal?
 
2013-03-04 10:32:57 AM  
FTFA - "The system has been bedeviled".

We've found a techo-witch, may we burn him?
 
2013-03-04 10:36:05 AM  
Chris Matyszczyk?

Didn't Superman send him back to the 5th Dimension years ago by tricking him into saying "Kyzczsytam"?
/Sirhc!
 
2013-03-04 10:39:22 AM  
Employees of the criminal justice system do not have to be "the best and the brightest" to get a job, so these things will happen.
 
2013-03-04 10:42:57 AM  

Amberwind: Flab: haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.

This.

Also, I highly doubt that a prison would need a mainframe computer, much less an isolated IT class network.  At the very worst, they might have had an old AS/400 on there, but definitely not a z-series.

I know the article is written very, very badly, but it does mention that the prison is specialized for prisoners under age 25, and that it's fairly modernized. The mainframe resources could be controlling a lot of automated facility tasks, and additional security measures above and beyond the physical presence of guards since it's supposed to be a maximum security facility.

My guess would be that the IT class was some sort of job training for after release since the offenders are younger, but that the list of prisoners eligible for the class wasn't screened to omit those found guilty of tech based crimes before being given to the instructor and whichever administrator screwed the pooch is letting the teacher take the fall for the mistake.


lulz @ AS400.....

The AS400 programmers I knew at my last job consisted of:

* A girl of indeterminate age who actually used to work in the factory and worked her way up. She's smart and a nice person (much respect for her), but everyone agreed she looked like the Wicked Witch of the West from the Wizard of Oz. (She was probably smoking hot about 45 years ago)
* A Jugallette about 40 years old (I'm not kidding; also a very smart and good person)
* A younger contractor who smoked crack because if he smoked pot it might show up on a drug test. (kind of stupid)
* A fitness fanatic in her 60s who ran marathons and looked anorexic, but really wasn't - she just exercised that much (marathons and biking; kind of a biatch)

Quite a diverse group there.
 
2013-03-04 10:50:35 AM  

Happy Hours: haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.

Very good question.

Is guessing weak passwords considered "hacking"?

I only watched a few minutes of War Games when it was on TV yesterday. Some of it reflected reality. In the '80s, people really did call every number in an area code trying to find a modem that would answer. That part was true.

There were also ways around paying for phone calls. That part was true too, especially since long distance phone calls were expensive back then.

Broderick mentioned they changed the password on his school's computer system every few weeks I'm not sure if that was true, but I doubt it.

CSB

I haven't changed my Fark password since I joined and even though I've been told it's reasonably "strong"*** it's actually quite simple and I would think easy to guess.

I'm not saying it's 12345, but it might be 12346,

/I actually expect a few dozen people who read this will now start trying to "hack" my password by guessing 12346, 12347, 12348, 12349.....ad nauseum. If you were Matthew Broderick's character you'd write a program to do it for you.. AFAIK, there is no lockout on Fark for getting the password wrong more than 3 times in a row, nor is there a timeout preventing you from guessing as many passwords as you can as fast as you can.

I actually hope I'm wrong about that, but I doubt it.

I'll give you "hackers" a hint. It's not the same password I use on my luggage.

Have fun!

Oh, and his school's password was "pencil" - a password easily guessed with a dictionary attack. It wasn't even "p3nc!l", just plain old "pencil".

But it didn't really matter how "strong" the password was since he knew where they wrote it down - probably on a post-it note attached to the school superintendent's monitor.

And THAT is the exact same weakness many systems suffer from today. Find the Post-it, gain root access, ?????,. Profit!!!!

*** I don't think Fark told me it's a "strong password", but I fail at security because it's the same password I use on another site.and they said so.

I look at it this way. If you "hack" my Fark password, you might make me look smarter than I actually am - or you might make me look dumber (if that's possible) or you might get me banned. Depending on which you did, I might be pleased or slightly annoyed. I'd get over it.

The other site I share my Fark password with? The consequences are even less - I don't even know why they require a password. The user names are different though.

Again, have fun!


It's a trap
 
2013-03-04 10:51:51 AM  

Happy Hours: haws83: Could they define "hacked"?  Did he just gain access to unauthorized systems or did he do some damage of some kind?  Stupid article.

Very good question.

Is guessing weak passwords considered "hacking"?

I only watched a few minutes of War Games when it was on TV yesterday. Some of it reflected reality. In the '80s, people really did call every number in an area code trying to find a modem that would answer. That part was true.

There were also ways around paying for phone calls. That part was true too, especially since long distance phone calls were expensive back then.

Broderick mentioned they changed the password on his school's computer system every few weeks I'm not sure if that was true, but I doubt it.

CSB

I haven't changed my Fark password since I joined and even though I've been told it's reasonably "strong"*** it's actually quite simple and I would think easy to guess.

I'm not saying it's 12345, but it might be 12346,

/I actually expect a few dozen people who read this will now start trying to "hack" my password by guessing 12346, 12347, 12348, 12349.....ad nauseum. If you were Matthew Broderick's character you'd write a program to do it for you.. AFAIK, there is no lockout on Fark for getting the password wrong more than 3 times in a row, nor is there a timeout preventing you from guessing as many passwords as you can as fast as you can.

I actually hope I'm wrong about that, but I doubt it.

I'll give you "hackers" a hint. It's not the same password I use on my luggage.

Have fun!

Oh, and his school's password was "pencil" - a password easily guessed with a dictionary attack. It wasn't even "p3nc!l", just plain old "pencil".

But it didn't really matter how "strong" the password was since he knew where they wrote it down - probably on a post-it note attached to the school superintendent's monitor.

And THAT is the exact same weakness many systems suffer from today. Find the Post-it, gain root access, ?????,. Profit!!!!

*** I don't think F ...


I like this post a lot.

Most of the security we engage in is total theater. Back in college, 8+ years ago now, not a single person knew how to secure their wireless. Those were the days of free connect to anyone's home network. Then all the news things about, "could randoms be leeching off your wifi?" and suddenly every wireless is password protected, usually with an insanely long string of letters and numbers. The passwords are so complex, people usually have to write them down and leave them nearby for when company comes over and wants to use them, defeating the entire purpose of the password being complex. And to protect against what exactly? The infinitely small chance someone is going to gain access to your home internet to do anything other than look at pics of lolcats?

My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

Another hint. 'Remember my password' questions are some of the most unsecure things possible. It is relatively easy for someone to gain access to your mother's maiden name (especially if it's YOUR middle name), the street you used to live on, the car you drive, your work's name, or even your pet's name. Instead of using a password that can be easily compromised, come up with the equivilent of a safe word. Something that you always remember to try or can be triggered tangently based on the question. Basic example - "Insecurity," can be your codeword because you remember when you personally setup your questions, you know how insecure they are. For bonus points make it include numbers for letters to break up any random word attack.
 
2013-03-04 10:52:26 AM  

Happy Hours: Oh, and his school's password was "pencil" - a password easily guessed with a dictionary attack. It wasn't even "p3nc!l", just plain old "pencil".


imgs.xkcd.com

/oblig
 
2013-03-04 10:55:58 AM  

justtray: The infinitely small chance someone is going to gain access to your home internet to do anything other than look at pics of lolcats?



How about someone using your internet for things that can land you in jail for a long time or make you get sued by the RIAA or MPAA?
 
2013-03-04 10:59:57 AM  
Isis specializes in prisoners under 25. It is situated next to Her Majesty's Prison, Belmarsh. This is described as a maximum security facility.The BBC reports that Isis has been "'bedeviled' with faulty technology."

I think what they really mean is that it was intended to serve as a maximum security facility, but it really doesn't deserve that classification since it is bedeviled with faulty technology (and by all appearances inatentive or incompetent staff).
 
zez
2013-03-04 11:01:50 AM  
asset0.cbsistatic.com

I thought the picture of the writer was of the prisoner because of the orange shirt.
 
2013-03-04 11:02:07 AM  
Security.
It ain't just physical.
 
2013-03-04 11:16:15 AM  
At Isis?

What whaaAT?

encrypted-tbn1.gstatic.com
 
2013-03-04 11:20:47 AM  

serial_crusher: I don't think it should be the techer's job to screen the rap sheets of everybody interested in his class. He's there to teach.

A spokesman for the prison told the Mail: "At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible

So... whats the big deal?

Aren't the prison officials claiming that somehow the guy used an isolated network to gain access to the prison's mainframe. I would say that that is the big deal.

If you ask me the prison is using this "hacker" and the teacher as scapegoats for an intrusion into their system which they haven't been able to figure how it happened or who did it.
 
2013-03-04 11:26:09 AM  
You would think with the coming cyber war as nation states engage in active cyber theft and crimes we could tap a resource of talented people who could assist us in this war.

...but nope, we'd rather send them to jail
 
2013-03-04 11:28:23 AM  

Rwa2play: xanadian: FTFA: Michael Fox claims that he didn't know Webber was a hacker.

I'd say his claim is on shaky grounds.

You went there...didn't you?


Oh yeah.  I went there, bought the T-shirt, took a picture, then came home.

....

The picture is a bit blurry, though...
 
2013-03-04 11:30:31 AM  

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


FYI- you aren't as clever as you think. 'Security through obscurity' is certaintly a thing that exists in the tech world, but what you are doing is no where even close to 'obsecurity'.

'Doesn't broadcast a signal' (aka not broadcasting SSID) may stop your mom from connecting without you showing her how, but it definitely wouldn't take "a software engineer to create a program to scan for non-broadcast'.  Nearly every computer and smartphone is capable for scanning for non broadcasting networks.  Heck, you can download an iPhone ap that does that.  It is literally a matter of just changing a setting on your windows network manager to show non-broadcasting SSIDs in the list of available wifi networks (just like you can filter it to only show secured WEP connections or only WPA connections).  Consider it the equivalent of taking the "Toyata" decal off the side of your car.  It doesn't make your car disappear, nor does it make it harder for a thief to steal your car if your doors are unlocked.

Let me refer you to this post that explains why so many people seem to believe the same myth that you do.  SSID is simply a NAME for your network.  link:  Removing the name doesn't 'hide your network'.
 
2013-03-04 11:31:18 AM  

justtray: The passwords are so complex, people usually have to write them down and leave them nearby for when company comes over and wants to use them, defeating the entire purpose of the password being complex. And to protect against what exactly? The infinitely small chance someone is going to gain access to your home internet to do anything other than look at pics of lolcats?


imgs.xkcd.com

I'd like to enforce pass-phrases via GPO, but Windows has a 14-char max for length enforcement.

.... Guess it's kinda silly, either way.
 
2013-03-04 11:34:57 AM  

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


Oh oh oh!  More analogies:

-That's like claiming not wearing a name tag when meeting a new person would render you invisible to them.  No, they can see you just fine, they just don't know what you want your nickname is (but what do they care?).

-That's like claiming not putting a dog-tag on your puppy will keep the dogcatcher from picking it up if it runs around without a leash.

-That's like saying if you leave the subject heading of an email blank, the recipient can't read the body of the message.  Yeah, this is probably the best analogy come to think of it.
 
2013-03-04 11:38:47 AM  

OceanVortex: justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

Oh oh oh!  More analogies:

-That's like claiming not wearing a name tag when meeting a new person would render you invisible to them.  No, they can see you just fine, they just don't know what you want your nickname is (but what do they care?).

-That's like claiming not putting a dog-tag on your puppy will keep the dogcatcher from picking it up if it runs around without a leash.

-That's like saying if you leave the subject heading of an email blank, the recipient can't read the body of the message.  Yeah, this is probably the best analogy come to think of it.


Come on now. I think he gets the point.
 
2013-03-04 11:43:13 AM  

ongbok: Aren't the prison officials claiming that somehow the guy used an isolated network to gain access to the prison's mainframe. I would say that that is the big deal.

If you ask me the prison is using this "hacker" and the teacher as scapegoats for an intrusion into their system which they haven't been able to figure how it happened or who did it.


You're giving them far too much credit.  My guess is whoever was making the decision didn't understand the limited extent of access and went into panic mode as every bad hollywood movie about hackers flashed through their heads.  "This guy could have made a GUI interface using Visual Basic to track peoples' IP addresses fer chrissakes.  Shut.  Down.  Everything."

/Or alternatively it was supposed to be an isolated network, but somebody screwed up
 
2013-03-04 11:47:00 AM  

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


Sorry to keep harping on you but one last thing you should know so you don't ever accidentally sound foolish talking to someone who knows about security (technological or otherwise):
The phrase "security by obscurity" that you remember from the Bond movie is actually a phrase commonly used in the tech industry but is not seen as a good thing, as you seem to have interpreted it.  In reality, when security professionals mention "security through obscurity" it's almost always to point out a weakness rather than a strength.  The phrase is a joke - a way to mock a badly designed system.  Think about it, basically you are saying "my item is secure as long as no one ever looks at it."  I.e., "I have a pile of gold hidden under my bed and it is safe as long as no one ever knows its there."

So again, I don't mean to attack you and my goal isn't to make you feel bad.  I just wanted to give you a heads up that you are using that phrase wrong in case you ever try to use it as a pickup line at a party or something on a cute engineer girl.

/your techie wing-man
 
2013-03-04 11:49:29 AM  

ongbok: OceanVortex: justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

Oh oh oh!  More analogies:

-That's like claiming not wearing a name tag when meeting a new person would render you invisible to them.  No, they can see you just fine, they just don't know what you want your nickname is (but what do they care?).

-That's like claiming not putting a dog-tag on your puppy will keep the dogcatcher from picking it up if it runs around without a leash.

-That's like saying if you leave the subject heading of an email blank, the recipient can't read the body of the message.  Yeah, this is probably the best analogy come to think of it.

Come on now. I think he gets the point.


You're right.  And again, I'm not trying to be a jerk (though it appears I'm accidentally being one).  Sorry, just had a long week explaining this exact concept to my bosses as to why it was worth the time/energy/cost of securing our network.

Anyway, justtray, I think you are a good person and a valuable human being and I hope you have a lovely day!
 
2013-03-04 11:54:49 AM  

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


I LOLed when I learned how the algorithm for computers to find and connect to their preferred wifi networks worked.  Basically your computer just says, "hi I'm a computer and I'm looking to connect to one of the following access points: ".  Any access point can respond with "oh, I'm linksys!" and if there's no encryption your computer will believe it.  There's even a product on the market that automates that whole process for less than $100.

But yeah, your router is totally secure by just not broadcasting the SSID.  Just make sure you don't set your computers to automatically connect to it.

/For bonus security, you should set up MAC address screening...
 
2013-03-04 12:00:26 PM  

justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.


I like the idea of error messages as SSIDs, and I never thought of that, but the only reason I can think of to broadcast an SSID is for the lulz or to make very subtle snarky comments towards your neighbors. For a brief period I used, "ShutYourYappyDogUp" and "FBISurveillanceVan#2" (yeah, real original). If you know the SSID, I'm ot even sure broadcasting it makes it easier for those devices you want on your network. Am I missing something?

Another hint. 'Remember my password' questions are some of the most unsecure things possible. It is relatively easy for someone to gain access to your mother's maiden name (especially if it's YOUR middle name), the street you used to live on, the car you drive, your work's name, or even your pet's name. Instead of using a password that can be easily compromised, come up with the equivilent of a safe word. Something that you always remember to try or can be triggered tangently based on the question. Basic example - "Insecurity," can be your codeword because you remember when you personally setup your questions, you know how insecure they are. For bonus points make it include numbers for letters to break up any random word attack.

I'll give the hackers another clue. I ALWAYS lie in response to those questions. It sometimes makes life difficult for me especially if I make them up when I've been drinking. "What's your pet's name?" "Snoopy" (of course - I'm so clever, I'm sure I'll remember that later). What street did you live on when you were born? "1313 Mockingbird Lane" (of course, how can I forget the Munsters?).

Smart people use a different person's answers so they just have to remember that person's answers.

For example, substitute Winston Churchill for yourself. What was Winston Churchill's pet's name? I'm sure someone knows, but not me.

Even smarter people will rotate the answers. What's Winston Churchill's pet's name? They'll answer with his mother's maiden name instead, but now it's getting more complicated and harder to remember.

The cable company asking me for the last 4 digits of my SSN really burns me up too. That's the most unique part of your SSN. Why does a customer service rep need that info? Well, to identify you of course. You know, to make sure we're talking to the right person. So someone won't cancel my HBO? That's a HUGE security risk. I might miss the next episode of Game of Thrones!

Look, I just want to pay my bill. But the cable company must know that it's me who is paying my bill. Gawd forbid someone call them up and impersonate me and pay my bill for me. That would be identity theft.

Yeah, but if you know a little about me you can reasonably guess the first 3 digits and if you have the last 4 you only have 2 digits left to go and you have my identity.

You already pointed out how easy mother's maiden name is to figure out.

I'm tempted to just start answering "42" to every security question. I can easily remember it and it's very unlikely anyone would think the answer would be the same for everything. Oh, you need 4 digits for the last 4 digits of my SSN? Okay, it's 4242. Or maybe I should just convert it to a lower base system until 42 becomes 4 digits. For simplicity sake, convert it to binary and only use the last 4 digits, thus 42 becomes 0010.

But even for someone who understands binary that becomes a bit complex so most people will go the easy route.

And when you consider that it's even better security to give different answers to different people, that becomes even harder.

It's only a matter of time before one's head explodes.

Imagine this:

Cell Phone Provider's CSR: "What's the last 4 digits of your 'social'
Me (ponders whether the cell phone provider was octal, hexadecimal or even some more obscure base; or maybe I used Winston Churchill's SSN): "I have no friggin' idea!"
Cell Phone Provider's CSR: "That is correct, how can I help you?"

I sometimes miss the "good ole days" when I would bring my passbook and my driver's license to a bank and present them and they'd look at the picture on my license and see how much money I had. But on 2nd thought, that's a horrible security risk too, because those are probably even easier to fake.

This is why I don't use banks or credit cards. I would keep it all under my mattress, but that's too obvious. For security's sake I break into my neighbor's house each night and store it under their mattress. Nobody would ever look for my money there.
 
2013-03-04 12:01:33 PM  
To be fair though, the "hide your SSID" trick will keep the laziest of freeloaders at bay.

CSB time: When one of my neighbors posted on the neighborhood facebook page that they'd seen a suspicious guy wardriving the neighborhood, I got all worked up and started thinking of ways to mess with him.  Then in a moment of clarity I looked at the SSIDs in my immediate vicinity and saw "linksys".  Went ahead, connected to that, opened http://192.168.1.1 with password "admin" and took the liberty of securing things for them.
Assholes posted on the facebook page whining about having been "hacked" once the Geek Squad came in and fixed things for them.  You're welcome, ungrateful bastards.
 
2013-03-04 12:03:39 PM  
In other news, security technology continues to be poorly understood by bureaucrats, while scapegoating technology retains its universal popularity.

Also:

OceanVortex: "I have a pile of gold hidden under my bed and it is safe as long as no one ever knows its there."


Dammit, now I have to move my pile of gold. Thanks a bunch.

/box spring actually sits flat on the floor, so there's nothing there but flat carpet
//as far as YOU know
///would get a bed frame if it meant I could have a pile of gold
 
2013-03-04 12:04:42 PM  

Happy Hours: justtray: My favorite line from the newest 007 movie is "security through obscurity." My home wireless network isn't secured, it simply doesn't broadcast a signal. I'm sure a software engineer could easily create a program to scan for non-broadcast signals, but how would they know where to look? That way, all I have to do is tell people the name of my network, which I call something like, "User Error," or "404 Gateway" for confusion purposes.

I like the idea of error messages as SSIDs, and I never thought of that, but the only reason I can think of to broadcast an SSID is for the lulz or to make very subtle snarky comments towards your neighbors. For a brief period I used, "ShutYourYappyDogUp" and "FBISurveillanceVan#2" (yeah, real original). If you know the SSID, I'm ot even sure broadcasting it makes it easier for those devices you want on your network. Am I missing something?

Another hint. 'Remember my password' questions are some of the most unsecure things possible. It is relatively easy for someone to gain access to your mother's maiden name (especially if it's YOUR middle name), the street you used to live on, the car you drive, your work's name, or even your pet's name. Instead of using a password that can be easily compromised, come up with the equivilent of a safe word. Something that you always remember to try or can be triggered tangently based on the question. Basic example - "Insecurity," can be your codeword because you remember when you personally setup your questions, you know how insecure they are. For bonus points make it include numbers for letters to break up any random word attack.

I'll give the hackers another clue. I ALWAYS lie in response to those questions. It sometimes makes life difficult for me especially if I make them up when I've been drinking. "What's your pet's name?" "Snoopy" (of course - I'm so clever, I'm sure I'll remember that later). What street did you live on when you were born? "1313 Mockingbird Lane" (of course ...


Makes setup a little easier for guests since they can replace some typing with a single mouse click....

Happy Hours: I'll give the hackers another clue. I ALWAYS lie in response to those questions. It sometimes makes life difficult for me especially if I make them up when I've been drinking.


You can usually get through phone support people if you just say, "shiat I probably just put in a big string of random letters and numbers".  Kind of defeats the purpose.
 
2013-03-04 12:05:21 PM  
what's with Fark sometimes quoting the selection I've hilighted, but quoting the entire post other times?
 
2013-03-04 12:18:19 PM  

serial_crusher: what's with Fark sometimes quoting the selection I've hilighted, but quoting the entire post other times?


If you highlight the portion of the person's text you want to quote first before hitting the 'quote' button at the header of their post, it will only quote that selection.  If you don't select anything, then hitting the quote will get everything
 
2013-03-04 12:19:48 PM  

serial_crusher: You can usually get through phone support people if you just say, "shiat I probably just put in a big string of random letters and numbers".  Kind of defeats the purpose.


And that's another problem too. I even told a service rep who was "helping" me out a while back that I had been drinking and would surely forget the security stuff I was telling them. What are they going to do? Deny my setup? Of course not. And I have forgotten. I was sure I was being so clever at the time, but I used those answers ONCE. I have no clue what I said. How am I to recover my account?

They SHOULD make it hard. They should require me to come in face to face, but that's ridiculous as they have no offices anywhere near me.

I'm thinking biometrics, but even that could be spoofed. They wouldn't necessarily have to cut my eyes out or my fingers off - they just need THAT data. I hope I never have to explain that to an identity thief with a knife while I'm tied down.

It brings me back to a movie I mentioned in another thread today where a character said something like "The only way to be free is to be poor". (I've probably mangled the quote, but I think that was the idea)

B=b-b-but if I'm poor how will I ever get to drive a Bugatti Veyron? Give it up, dude. I'm never gonna be that rich anyway.
 
2013-03-04 12:30:18 PM  

AllyOop: At Isis?

What whaaAT?

[encrypted-tbn1.gstatic.com image 258x195]


Oh thank god, I was wondering if I was going to be the only one!

/That'll do piggly, that'll do
 
2013-03-04 12:32:45 PM  

OceanVortex: serial_crusher: what's with Fark sometimes quoting the selection I've hilighted, but quoting the entire post other times?

If you highlight the portion of the person's text you want to quote first before hitting the 'quote' button at the header of their post, it will only quote that selection.  If you don't select anything, then hitting the quote will get everything


yeah I know, but sometimes I select a snippet and it quotes the whole thing anyhow (like it did one post above that one).  I think it has something to do with which parts you have selected (i.e. you miss the first word of somebody's username so it ends up with a broken html tag (</a> with no corresponding <a>), reverts to quoting the whole thing)?
 
2013-03-04 12:39:26 PM  
Speaking of security theater... you guys ever watch Stargate and wonder why an alien race so technologically advanced that they could build an intergalactic network of stargates, would protect their valuable secrets and experimental weapons with mere riddles?  I mean, the DHDs have enough computing power to calculate planetary drift in real time, but to get into Merlin's secret layer you just have to pour some water on the right tile in his workshop floor?  Really?  You'd think he would have put some encryption on that.
 
2013-03-04 12:39:33 PM  

serial_crusher: OceanVortex: serial_crusher: what's with Fark sometimes quoting the selection I've hilighted, but quoting the entire post other times?

If you highlight the portion of the person's text you want to quote first before hitting the 'quote' button at the header of their post, it will only quote that selection.  If you don't select anything, then hitting the quote will get everything

yeah I know, but sometimes I select a snippet and it quotes the whole thing anyhow (like it did one post above that one).  I think it has something to do with which parts you have selected (i.e. you miss the first word of somebody's username so it ends up with a broken html tag (</a> with no corresponding <a>), reverts to quoting the whole thing)?


All started with "Use formatting buttons" change.

/not over it
 
2013-03-04 12:43:36 PM  

StoPPeRmobile: serial_crusher: OceanVortex: serial_crusher: what's with Fark sometimes quoting the selection I've hilighted, but quoting the entire post other times?

If you highlight the portion of the person's text you want to quote first before hitting the 'quote' button at the header of their post, it will only quote that selection.  If you don't select anything, then hitting the quote will get everything

yeah I know, but sometimes I select a snippet and it quotes the whole thing anyhow (like it did one post above that one).  I think it has something to do with which parts you have selected (i.e. you miss the first word of somebody's username so it ends up with a broken html tag (</a> with no corresponding <a>), reverts to quoting the whole thing)?

All started with "Use formatting buttons" change.

/not over it


Yeah, I really miss the old layout, back before Dew sold out.
 
Displayed 50 of 66 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report