Discussion on:
View:
Show:
What will it take to compel you to divulge the passwords in your head?
Want my passwords, sure. All yours.
My life isn't worth a password.
Dan
My life isn't worth a password.
Dan
Linux passwords are encrypted so that even if crooks get then they will not work.
Somehow I'm not seeing how Linux would've helped in this situation...
If you, the actual honest-to-goodness user are being totured for the username and password (which you know, or they wouldn't be toruring you)... how would Linux password encryption, or any type of encryption, help?
Nearly as effective as having physical access to the box is having coercive access to the user ('cept for the whole 'witness' thing)... If you are able to access the system, then your attackers could extract the info necessary to also gain access... short of biometrics (though they could even do that if they're not very sqeamish, or you are).
If you, the actual honest-to-goodness user are being totured for the username and password (which you know, or they wouldn't be toruring you)... how would Linux password encryption, or any type of encryption, help?
Nearly as effective as having physical access to the box is having coercive access to the user ('cept for the whole 'witness' thing)... If you are able to access the system, then your attackers could extract the info necessary to also gain access... short of biometrics (though they could even do that if they're not very sqeamish, or you are).
No technical system will protect you: if a gang really wants a password, they will want something that work, and so they will want you to share all the secrets that allows the password to be usable by you.
Even if the kidnapped person had his system highly secured by military-grade securitysystems, it would not have avoided the illegal access.
As long as the security system only depends on YOU and nobody else trusted to share parts of the needed secrets with you, YOU are the weakest element of the security chain, and if YOUR life is exposed to a risk, NO technical system will provide a security to make the password unusable.
The most valuable secrets are ALL protected by multiple independant persons; even a country's President with the nuclear power forces cannot enact it only with his personal keys. He has the right to decide, but his security requires that his personal secrets are secured by other trusted people (that he has the right to choose using some long selection procedures).
Even if the kidnapped person had his system highly secured by military-grade securitysystems, it would not have avoided the illegal access.
As long as the security system only depends on YOU and nobody else trusted to share parts of the needed secrets with you, YOU are the weakest element of the security chain, and if YOUR life is exposed to a risk, NO technical system will provide a security to make the password unusable.
The most valuable secrets are ALL protected by multiple independant persons; even a country's President with the nuclear power forces cannot enact it only with his personal keys. He has the right to decide, but his security requires that his personal secrets are secured by other trusted people (that he has the right to choose using some long selection procedures).
I type in a user name and the correct password and somehow Linux encryption is going to stop the log-in from proceeding?
Do you really handle a network? Scary!
(Or were you very tired when you posted this?)
Do you really handle a network? Scary!
(Or were you very tired when you posted this?)
Even a very secure network using the most secure OS will not protect it from unauhtorized access by people getting the right digital credentials.
So protecting only the network with technical measures, even if it is the most secure system, will not work alone if the values to protect on the network are not ALSO protected by a humane assistance of its granted users.
A machine can't know really who's behind a credential, it only grants access according to the exposed digital credentials, not according to physical humane grants.
What this means is that every network protected because of the high value of its data and services needs also a humane plan to resolve humane issues. This includes:
* possibility given to users to cancel their existing grants at any time.
* possibility (and requirement) given to users to contact the administrator to inform him that a security issue has accured, and that valued data or services may be exposed to risks.
* assistance to users for any question related to their granted access.
* internal management of risks that have occured, or about seinsible data that has been exposed (including coverage by insurances for associated risks, and a judiciary plan prepared in advance)
* training users (necessary and mandatory if those users are using thr network for work) about their rights and obligations.
* revizing the plans after evaluating the newly discovered exposure risks, and working with legal authorities for any risks or consequences of illegal accesses.
* informing other users and let them know when their personal data has been exposed, allowing them to take part of a joint legal action if needed, but also to allow to take other personal preventive measures that they will consider useful for their personal protection...
So protecting only the network with technical measures, even if it is the most secure system, will not work alone if the values to protect on the network are not ALSO protected by a humane assistance of its granted users.
A machine can't know really who's behind a credential, it only grants access according to the exposed digital credentials, not according to physical humane grants.
What this means is that every network protected because of the high value of its data and services needs also a humane plan to resolve humane issues. This includes:
* possibility given to users to cancel their existing grants at any time.
* possibility (and requirement) given to users to contact the administrator to inform him that a security issue has accured, and that valued data or services may be exposed to risks.
* assistance to users for any question related to their granted access.
* internal management of risks that have occured, or about seinsible data that has been exposed (including coverage by insurances for associated risks, and a judiciary plan prepared in advance)
* training users (necessary and mandatory if those users are using thr network for work) about their rights and obligations.
* revizing the plans after evaluating the newly discovered exposure risks, and working with legal authorities for any risks or consequences of illegal accesses.
* informing other users and let them know when their personal data has been exposed, allowing them to take part of a joint legal action if needed, but also to allow to take other personal preventive measures that they will consider useful for their personal protection...
So what! They don't want the encryption key, they want the password!
Doh!
Doh!
I don't think I want this guy administrating my network. "Here you can have my password because it is encrypted. Oh, by the way, you can telnet in, because Linux is secure."
Oh, brother.
tj
http://cmssphere.blogspot.com/
Oh, brother.
tj
http://cmssphere.blogspot.com/
You kind of sound like my ex boss... Who "voluntarily" quit after making comments like this for a while.
Id try to get that post removed.. friendly suggestion!
Id try to get that post removed.. friendly suggestion!
Take example on bank employees: they are told not to resist when they are faced to a threat to their life; It'snot their job, and they are not equipped and safely trained to resist to such attacks, despite the banks are severely secured.
That's why we have police forces, insurances, and a justice. for just a game password, what is the interest of resisting to torture?
The gang needs anyway to be prosecuted. what they did (if this is true) is a severe criminal offense. They merit jail and fines, and some other sanctions like forbidding them any futural personal access to a computer, the Internet or a gaming room.
That's why we have police forces, insurances, and a justice. for just a game password, what is the interest of resisting to torture?
The gang needs anyway to be prosecuted. what they did (if this is true) is a severe criminal offense. They merit jail and fines, and some other sanctions like forbidding them any futural personal access to a computer, the Internet or a gaming room.
I like to think of myself as tough, but I don't think I could hold up to much torture from a really focused and/or creative individual.
For most all of my passwords... you can have 'em. I don't have that much credit, savings, or secrets anyway... I'll keep my health, thanks.
If somebody's life was at stake, I would endure all that I could short of my own death (except for my family and kids, then I plain hold out no matter what... at least I would like to think I could)
For most all of my passwords... you can have 'em. I don't have that much credit, savings, or secrets anyway... I'll keep my health, thanks.
If somebody's life was at stake, I would endure all that I could short of my own death (except for my family and kids, then I plain hold out no matter what... at least I would like to think I could)
Here again, the good question to ask is:
* who is exposed to risks?
If there are other people exposed if you reveal your secret, that's a good reason to resist (even to some level or torture, as much as you can) and try to escape later, or trying to convince the gang that they have what they felt was needed when in fact what they get has limited usage (in that case you reveal only a part of the secret and don't reveal all what you can still do later).
But if your own personal life only is exposed, there's no value to resist.
Now, i'm feeling that if the person was kidnapped and resisted for 5 hours, it's not only because the gang wanted the gaming password, they wanted something else that was damaging to the person's life (raped?)
* who is exposed to risks?
If there are other people exposed if you reveal your secret, that's a good reason to resist (even to some level or torture, as much as you can) and try to escape later, or trying to convince the gang that they have what they felt was needed when in fact what they get has limited usage (in that case you reveal only a part of the secret and don't reveal all what you can still do later).
But if your own personal life only is exposed, there's no value to resist.
Now, i'm feeling that if the person was kidnapped and resisted for 5 hours, it's not only because the gang wanted the gaming password, they wanted something else that was damaging to the person's life (raped?)
"...they wanted something else that was damaging to the person's life (raped?)"
Bright little ray of sunshine aren't you?
Bright little ray of sunshine aren't you?
"They merit jail and fines, and some other sanctions like forbidding them any futural personal access to a computer, the Internet or a gaming room."
Either way.. it's organized crime on one hand and *way* too much personal importance placed on gaming on the other. The victim was lucky to get away mostly. As for the attackers, well, what do you figure I'd do with them based on my chosen alias?
Either way.. it's organized crime on one hand and *way* too much personal importance placed on gaming on the other. The victim was lucky to get away mostly. As for the attackers, well, what do you figure I'd do with them based on my chosen alias?
mmmm....
beat them to death with colorful electric signs?
beat them to death with colorful electric signs?
It's much easier to apply a sanction like forbidding any personal access to a computer or Internet, than forbidding them to carry a firearm (especially in Sao Paulo where firearms are everywhere, and their traffic is quite high and at very low cost).
The interest of such sanction is that this will void their initial interest in online gaming. And if they even retry, getting proof about this forbidden usage by them becomes easy (given that these where hard gamers, they won't resist playing for hours from easily identifiable places).
Indirect sanctions like this have shown their interest, they don't cost a lot to the community (unlike jails...), and can be quite easily controled later at any time (it's hard to hide a computer, especially if you want to play with it for hours,or to hide the fact that you are present in an external gaming room for hours and days, where you are easily recognizable by the workers and other clients in that shop).
The interest of such sanction is that this will void their initial interest in online gaming. And if they even retry, getting proof about this forbidden usage by them becomes easy (given that these where hard gamers, they won't resist playing for hours from easily identifiable places).
Indirect sanctions like this have shown their interest, they don't cost a lot to the community (unlike jails...), and can be quite easily controled later at any time (it's hard to hide a computer, especially if you want to play with it for hours,or to hide the fact that you are present in an external gaming room for hours and days, where you are easily recognizable by the workers and other clients in that shop).
Take my passwords, it is just a game after all.
"I want your World of Warcraft password"
"I want your Gmail password too"
Take em. Just put the gun away.
"I want your World of Warcraft password"
"I want your Gmail password too"
Take em. Just put the gun away.
In general, the threat of harm to one held dear is much more effective.
That makes me wonder... which wall? There are a few that can put one in the state you describe in so very few words. Would you like to talk?
The necessities of business took me away from TR from a while.
If you like, you can PM me via the link on my profile.
If you like, you can PM me via the link on my profile.
As soon as they get what they want, you're DEAD.
This guy was SMART!
This guy was SMART!
True - anyone who would commit a felony to get a gaming password they thought was worth $8k would probably be dumb enough to kill you to eliminate the witness. Having worked with law enforecement I have seen the truth in the statement that criminals usually do dumb things because they are.
..and yet they released him. I get the feeling he probably knew his captors and knew them to be incapable of going through with their threat. This is assuming this even happened.
"My life isn't worth a password."
A password isn't worth your life.
Is it?
A password isn't worth your life.
Is it?
I will not die over a password if I can help it. I will gladly provide the password.
Dan
Dan
OK. "A password isn't worth my life".
This is a minor confusion (English is a secondary language for me, in French we typically say this in a reversed order). I could have said more precisely that "my life has a higher value than a password".
It's not really a ordered comparison, it is just a difference comparison to say that their relative values are different and unrelated.
This is a minor confusion (English is a secondary language for me, in French we typically say this in a reversed order). I could have said more precisely that "my life has a higher value than a password".
It's not really a ordered comparison, it is just a difference comparison to say that their relative values are different and unrelated.
For example, imperative sentences all
contain an implied "You", as in "(You) give
me your password or I pull the plug on your
computer." In this case, the implied words
are "as much as": "My life isn't worth (as
much as) a password." As Dan has already
explained, he did in fact mean the opposite
of what he originally posted.
contain an implied "You", as in "(You) give
me your password or I pull the plug on your
computer." In this case, the implied words
are "as much as": "My life isn't worth (as
much as) a password." As Dan has already
explained, he did in fact mean the opposite
of what he originally posted.
A couple of slices of cold pepperoni pizza will get you a game password without any problems at all. A entire hot pie will get you the password to my network account; it doesn't have any privs anyway. Two tickets to the Miami-Homestead NASCAR weekend will get you my ATM PIN.
Has anybody bothered to check this report with other sources? No complete names, no dates. The Inquirer isn't exactly the Wall Street Journal or the New York Times.
Has anybody bothered to check this report with other sources? No complete names, no dates. The Inquirer isn't exactly the Wall Street Journal or the New York Times.
Which I don't exactly know how to read. Someone at the Gizmodo does apparently (Link in the article itself).
But it is your cup of tea (or coffee), you can check out Folha Online at http://www1.folha.uol.com.br/folha/cotidiano/ult95u312691.shtml
But it is your cup of tea (or coffee), you can check out Folha Online at http://www1.folha.uol.com.br/folha/cotidiano/ult95u312691.shtml
Original in Portuguese checks with English version. It provides the full names of all involved. Igor's girlfriend attempted to buy the account online prior to the kidnapping. When she failed to secure the purchase a meeting was setup at a Sao Paulo mall. Igor was waiting and you know the rest of the story.
Now with the details it's clear: the gang was armed.
I would not even have resisted this way.
Particularly in Sa? Paulo where kidnappings are so frequents and often fatal (Sa? Paulo is one of the most dangerous cities of the world with so many kidnappings, ransums, gangs... and many deads just for a handful of reals or dollars). The firearms are "speaking" very fast there.
I would not even have resisted this way.
Particularly in Sa? Paulo where kidnappings are so frequents and often fatal (Sa? Paulo is one of the most dangerous cities of the world with so many kidnappings, ransums, gangs... and many deads just for a handful of reals or dollars). The firearms are "speaking" very fast there.
I would want a root beer with my pizza. LOL
But then nobody wants my 9th level Wuss character!
But then nobody wants my 9th level Wuss character!
All I have are the passwords to the 5th, 9th, 13th, 17th, and 20th levels of Pipe Dream.
There just video games, I would of given it to them on the spot. These people need to get a life
I would not risk anything; I would reveal immediately the password they want, then I would complain to the police and would contact the service to have my account secured and the password changed again.
I can't believe that someone can resist to hours of torture just, when there are easy ways to escape it and remain safe, and giving the password will not cause you serious troubles, and no serioustroubles for the service as well.
A life is more precious than any password, and we should act exactly like with the protection of our credit cards.
I can't believe that someone can resist to hours of torture just, when there are easy ways to escape it and remain safe, and giving the password will not cause you serious troubles, and no serioustroubles for the service as well.
A life is more precious than any password, and we should act exactly like with the protection of our credit cards.
Either the gamer in question is Jack Bauer, or he knew that there wasn't much of a threat in holding out. 5 hours of 'torture'? Like what, threatening to sign the gamer up for SPAM? Blaring out Celine Dion through loudspeakers on a loop ala Panama? My guess is that the facts have been exaggerated. Probably no bamboo under the fingernails involved.
If someone held a gun to my head, I'd certainly have no problem giving them my GAME password. However I would probably resist if there was something 'real' at stake. But I guess how long I held out depends on the level of torture applied.
There again, holding out might keep one alive in that situation. Just have a hard time trying to fathom anyone kidnapping and torturing someone for a game account password (and for that matter, someone resisting 5 hours of torture to protect it).
Something isn't what it seems to be. That's a good one for Snopes to investigate.
If someone held a gun to my head, I'd certainly have no problem giving them my GAME password. However I would probably resist if there was something 'real' at stake. But I guess how long I held out depends on the level of torture applied.
There again, holding out might keep one alive in that situation. Just have a hard time trying to fathom anyone kidnapping and torturing someone for a game account password (and for that matter, someone resisting 5 hours of torture to protect it).
Something isn't what it seems to be. That's a good one for Snopes to investigate.
But didn't the original blog say that this gaming profile was worth several thousand dollars? Which is why they wanted it?
I would have still given the password, but there was a monetary value to the gamer here that he just might not have wanted to lose.
If I'm wrong, I apologize.
Dan
I would have still given the password, but there was a monetary value to the gamer here that he just might not have wanted to lose.
If I'm wrong, I apologize.
Dan
In many online games, despite the best efforts of the game developers, people will figure out a way for others with money to cheat.
In WoW and Runescape, you can earn valuable objects and trade them to others. So people make deals through email, and send each other money through paypal. And then in the game they exchange something fo value for something of much value. But it would be difficult to "legislate" or program this out without imposing really strict rules on trading and ruining the free wheeling aspects of the game.
In other words, being able to negotiate a good trade is part of the game. Negotiating for real world $$ is for lazy stupid players.
James
In WoW and Runescape, you can earn valuable objects and trade them to others. So people make deals through email, and send each other money through paypal. And then in the game they exchange something fo value for something of much value. But it would be difficult to "legislate" or program this out without imposing really strict rules on trading and ruining the free wheeling aspects of the game.
In other words, being able to negotiate a good trade is part of the game. Negotiating for real world $$ is for lazy stupid players.
James
So, I just don't know.
Thats why I asked though.
My loss for never getting into it. ;o(
Dan
Thats why I asked though.
My loss for never getting into it. ;o(
Dan
Even if it is bluff, accepting to engage ourself in a poker game by entering such "Bluff" would be a no-option.
The game is tweaked from the start: you can't play fairly poker with a gun pointed to your head, if you don't have the same gun pointed to the headof your opponents.
You can use bluff when playing poker, only because you can loose the same thing as your opponents. With normal poker rules, no one risks his life.
Really NO NO!
I would not accept such unbalanced "game rules", so I would not use bluff.
The game is tweaked from the start: you can't play fairly poker with a gun pointed to your head, if you don't have the same gun pointed to the headof your opponents.
You can use bluff when playing poker, only because you can loose the same thing as your opponents. With normal poker rules, no one risks his life.
Really NO NO!
I would not accept such unbalanced "game rules", so I would not use bluff.
I hold my passwords sacred and they would have to torture me. sort of like Ask Me three times from Austin Powers.
Even ask me with a mean voice and I roll like a marble on a San Francisco street
Even ask me with a mean voice and I roll like a marble on a San Francisco street
If he gave out his password, then what is to keep his kidnappers from doing the same thing again and again to others?
It sounds stupid for a game password, but then again, what if he did give out the password?
If he gave out the password, then the kidnappers have what they want and they could kill him. Without the password, they have nothing if they kill him.
It sounds stupid for a game password, but then again, what if he did give out the password?
If he gave out the password, then the kidnappers have what they want and they could kill him. Without the password, they have nothing if they kill him.
Whever the gang repeat or not their illegal action is NOT based on the fact that they got what they wanted or did not get it.
The only relevant fact is that they have ALREADY violated the law, and that their action is already ignoring it. So they can repeat it at any time, until they get caught.
And no, they will have less reasons to kill you if you give them what they want. But if you resist and they ignore the law once again by maintaining you "jailed" illegaly andby applying torture, the number of law violations is increasing; they have then more reasons to violate the fundamental law. Don't give them this chance of repeating their illegal acts.
You don't know the rules and you don't know what they are ready to do in addition to their kidnapping. But what they will do is not based on your acceptation of their rules.
They will do it anyway because they already know that they have accepted to violate the first laws without immediate risks for them.
The situation would be quite different if this was not a gang, but a unique agressor, because ALL his illegal actions would be based on HIS own decisions, and it will be much more difficult for a single man to cross each legal line. In a group, things are really different: one of them can decide but not act, another will act but will justify his action based on what another has decided.
A group is ALWAYS much more dangerous than a single man, not because of their intrinsic combined force (which is not additive because this force is not combined efficiently and their actions are not fully coordinated), but because of the dillution of responsability "felt" by each of its members.
The most dangerous groups can be as large as a whole country (this gives wars) or community (this gives genocides), following the orders of a single recognized head (that directly makes nothing himself).
The only relevant fact is that they have ALREADY violated the law, and that their action is already ignoring it. So they can repeat it at any time, until they get caught.
And no, they will have less reasons to kill you if you give them what they want. But if you resist and they ignore the law once again by maintaining you "jailed" illegaly andby applying torture, the number of law violations is increasing; they have then more reasons to violate the fundamental law. Don't give them this chance of repeating their illegal acts.
You don't know the rules and you don't know what they are ready to do in addition to their kidnapping. But what they will do is not based on your acceptation of their rules.
They will do it anyway because they already know that they have accepted to violate the first laws without immediate risks for them.
The situation would be quite different if this was not a gang, but a unique agressor, because ALL his illegal actions would be based on HIS own decisions, and it will be much more difficult for a single man to cross each legal line. In a group, things are really different: one of them can decide but not act, another will act but will justify his action based on what another has decided.
A group is ALWAYS much more dangerous than a single man, not because of their intrinsic combined force (which is not additive because this force is not combined efficiently and their actions are not fully coordinated), but because of the dillution of responsability "felt" by each of its members.
The most dangerous groups can be as large as a whole country (this gives wars) or community (this gives genocides), following the orders of a single recognized head (that directly makes nothing himself).
You wouldn't be surprised to see this as part of a James Bond plot, where the password is for the launch codes or something.
But the idea that a password to a video game should be worth enough to commit a felony is just insane. Too many people need to get some lives.
But the idea that a password to a video game should be worth enough to commit a felony is just insane. Too many people need to get some lives.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
