[ISN] Dead Men Tell No Passwords

From: InfoSec News (isnat_private)
Date: Thu Jun 06 2002 - 02:29:47 PDT

  • Next message: InfoSec News: "[ISN] Black Hat 2002 Speakers Announced"

    By Michelle Delio 
    12:08 p.m. June 5, 2002 PDT 
    The man in charge of archiving and maintaining electronic copies of
    Norway's most important historical documents is dead and so is access
    to those archives.
    So the director of the Norwegian cultural center is pleading for
    hackers to help him crack the center's password-protected database.
    The problem started when the technician responsible for the archives
    at Norway's National Center of Language and Culture never divulged the
    password before he died a few years ago.
    Since then, employees at the center have been unable to access some of
    the password-protected archives that contain data on a collection of
    thousands of documents and books. A national database that allowed
    researchers access to those documents is also partly inaccessible.
    So center director Ottar Grepstad sent out an appeal Tuesday on a
    national radio broadcast, asking for hackers to help crack into the
    system and discover the programmer's password.
    A spokesman for the center said they have received many more replies
    than they expected, and are now trying to select the code wizard who
    can best help them solve the problem.
    Helpful hackers are hoping that the technician wasn't heavily into
    security and used an obvious password, instead of the random jumble of
    letters and numbers that security experts advise.
    "It would be great if the password is his dog's name," said Marco
    Pasquale, a Toronto programmer who volunteered to hack the center's
    database. "If it's a gibberish password it'll be a real challenge."
    The center's dilemma has sparked discussion among some techies who
    wondered if there were any way to ensure that their projects would not
    suffer if they were to die unexpectedly.
    Some have decided to use Aryeh Holzer's "Dead Man's Switch," a program
    intended to avoid any postmortem problems or embarrassment.
    The switch, if not regularly reset, automatically carries out a series
    of pre-designated tasks. It can post pre-composed messages to a geek's
    favorite discussion groups, send e-mails to pre-selected addresses,
    and protect sensitive files by encrypting or destroying them.
    But some who have used the program advise caution.
    "I went on vacation, and forgot all about the switch," said Kenny
    LaGuardia, a Web designer from Los Angeles. "When I returned home, the
    program had posted, 'So I guess I'm dead' messages to all the
    newslists I subscribe to, and destroyed all my adult entertainment
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 05:20:38 PDT