8 Jan
2019
8 Jan
'19
2:23 p.m.
On 01/08/2019 04:29 PM, Grant Taylor via cctalk wrote:
Cleartext on paper in my handwriting... ok, that may mean loosely encrypted.
Generally anything useful is walled off or encrypted.? I also maintain
an air gapped
archive.? Hardware is cheap and disk cheaper.? Someone hacks this
machine with
ransomware, I wipe and reboot as a 64gb disk is not big and not the
motherlode.
Better is the stuff on the VAX under VMS user account...? I put it on
the net on occasion and
the fun begins as the script kiddies try to log in.? Mind you need both
an account name and
a password longer than 15 chars.? Standard lockout after three fails is
15 minutes.? No Apache
and other webby stuff plus Decnet over IP messes with them.??? Once I
put up an VMS account
with the directiories all write-locked? with virus copies (maybe a few
megabytes of oldies) in it
and a guest password it was funny to watch the access and then nothing
Or hilarity!? As a women it was funnier to read.? Like, really!?!
A millibuck is a pFFT
(raspberry noise) to someone demanding kilo bucks.
I have mostly contempt for them.? Been at it longer too.
The usual is that that password accessed as many as a dozen or more
sites and accounts.
If one is hacked then which one of the many if even remembered.
Yes, many when forced to do that on 30 or 90 day rotations use poor
passwords (weak) or worse write
them down and tape them under the keyboard.?? The interval can be random
and long or anytime a hack
has been reported somewhere even if not the known systems. ? I worked
one place where "123" was a
low level password for a decade and still every Monday I'd get called
"did the password change?"
because they forgot it.? If used from outside it got you mostly nothing
and access to very slowest
machines if you made it through the firewall (discrete hardware).
Allison
On 01/08/2019 02:09 PM, allison via cctalk wrote:
Still am.? Hence the reflector as mycall at arrl.net.? But the reply if
there is one will be from
a different address.? Anyone with a functional brain can look that up.
Its actually funny.? The password given is three
yahoo (groups) hacks
ago (about 10 years) but the email address used was a public one way
reflector (arrl.net).
So you are (or were) a licensed ham.? 73 to you.? :-) So all and all its a crude phishing attempt.? I
write down old
passwords to keep from reuse and I use long mixed ones.? So I know it
was from that and meaningless.
Hopefully you keep that list in a way that's not cleartext on your
computer.
from that IP.
I too have lists of old passwords in my password
vault.
Like I said the reflector is public and they used the right call, easy
to look up and verify.
The source is useless as the address is a bogus
hack as well.
I'm still curious.? Mainly because I run my own mail server and wonder
if the messages would have been stopped by my filtering.
Same claims of
rude and crude caught off the camera save for the
systems use never had one or are blocked/disconnected(laptops) and at
best a stupid threat. I run linux on multiple flavors/platforms so
typical M$ hacks don't fly either.
Scare tactics.
I was tempted
to buy the smallest bitcoin possible maybe 0.1 cent (1
milliDollar) for laughs and send that as they deserve the very least
for a dumb hack.
I would avoid doing anything good to the miscreants. Ignore the phoolz and if the password matches
current change it.
Yep. consider
changing them periodically.
I thought there had been some research and reports, particularly from
NIST (?) about a year ago where /forced/ periodic password changes
were actually a bad thing.