Friday, January 29, 2016

Welcome to hunter2.net!

For a long time, my day job involved keeping people and corporations secure on the Internet. My avocation branched out into all forms of electronic and cybersecurity, and the things I've seen are the stuff of both comedy and nightmares.


Sadly, but unsurprisingly, the situation hasn't improved over the decades. Rather, as technology progresses, and with human nature being what it is, the risks are even greater now. My hope is that this blog will both entertain and educate you, perhaps making you giggle while you learn a little more about today's amazing devices that can connect you with almost anyone, anywhere on (or off) the planet, and share the details of your life almost instantaneously with them--and with their computers--whether you want them to, or not ... and whether you know about it, or not.

Here's a riddle:
Q: What's worse than typing your password into a command prompt?
A: Typing it into a chat window. On a Friday afternoon.
Yes, really. So I did what any responsible, security-conscious, 21st century cybercitizen would do. I changed it. Sadly, hunter2 was already taken* so I settled on the last 10 digits of pi as my new one. But it's been a week, and I'm still typing the old one everywhere. Muscle memory is hard to overcome.

So, what's with all this about hunter2? Because some poor, gullible person, known on Internet Relay Chat as AzureDiamond almost two decades ago, unwittingly made history by taking a stranger at his word:

<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.


*Yes, I've actually seen a web site that rejected passwords that were already in use by other users.
My shirt says it's the last 8 digits, but at a billion guesses per second it would take only 100 ms to crack an 8-digit password. The 10-digit password's good for a full 10 seconds.
Posted by at

1 comment:

Subscribe to: Post Comments (Atom)