CNN 'tech analyst' on NAKED CELEBS: WHO IS this mystery '4chan' PERSON? "If your password is password, change the 's' to a dollar sign." That's the advice from US news network CNN's "technology analyst" Brett Larson, who also thinks that 4chan is some sysadmin bloke who knew how to "hack things" so he could leak saucy, private photos of Jennifer Lawrence and other female celebrities. The confusion …
EVERYTHING is at the same level.
"news organisations" are blatently wrong about so much stuff in areas that people who do know their shit about can pick it apart. What gives you any confidence that they're any more accurate in areas you don't know about?
There are very few actual journalists and even fewer specialist journalists.
The thing that tickles me shitless is that they still call people that break into systems for nefarious purposes 'hackers' when the term they need to use is 'cracker'. Once they use the H word, I have to move on to the next thing because I know that the rest is just hot air.
Actually, yeah. I define hacking as manipulating a system in an unexpected way to achieve an optimal result. Now the expected can be legit, or not (cracking), totally off-the-wall, whatevah. And the system can include people, not just hardware. Cracking is just one sub-type A and the safe-hacker will, I'd bet, look in all the places people hide the combination in which case he/she is doing social-hacking as well.
I'm engineer by inclination as well as professionally. I've been hacking everything, even doing the dishes or my laundry. I suppose that falls under chemical/process engineering. Again whatevah. It keeps my mind always looking at the systems around me which is always to the good. And BTW, I do them by hand.
Over fifty years a hacking and not letting the grass grow under my feet (which is logically impossible, so far).
Oh dear. Someone who actually read those 45 pages at the start of a unix textbook.
Sorry mate, that war was lost almost as soon as it began.
And you can say "safehacker" if you want. You'll sound silly unless the rest of your circle start saying it too, but it's a free country.
What gives you any confidence that they're any more accurate in areas you don't know about?
Why, the Gell-Mann Amnesia Effect, of course.
Personally, I find the GMAE bites the hardest while watching police procedurals, which these days do so love the Stupid Computer Tricks. They're obviously just magic that the writers appeal to whenever they can't, or can't be bothered to, figure out a sensible way to advance the plot. Procedurals that pretend to be about forensic science are the worst - Fox's Bones is a particular offender.
But then I never watch TV news, so I'm spared the sort of thing described in the article. I read the newspaper and other sources, but they rarely do interviews so at least I needn't witness the grim spectacle of some self-professed expert making idiotic pronouncements.
(Except when the expert is me, of course. And I enjoy that.)
"Procedurals that pretend to be about forensic science are the worst - Fox's Bones is a particular offender."
I don't even question the stuff on Bones - it's so fantastical that it just registers as sci-fi on my scale.
A recent episode of Major Crimes on the other hand... They physically took some servers and their tech geek says this: "The data will still be intact, but you're gonna need some help getting through their firewalls."
But as if that wasn't enough, they went on with the train wreck:
"Well, mom, these are most likely load-balanced servers running Apache. Or, uh, maybe Fedora under Linux. Nothing advanced I could probably get these booted up and reset the root passwords."
I don't even question the stuff on Bones - it's so fantastical that it just registers as sci-fi on my scale.
Agreed, but sometimes it's painful even then, like the bit a couple years back where the wizard ("hacker") used his magic powers ("hacking skills") to infect some system through RFID stickers on library books. Ow.
A recent episode of Major Crimes on the other hand... They physically took some servers and their tech geek says this: "The data will still be intact, but you're gonna need some help getting through their firewalls."
Yes, that one still stings too. And usually Major Crimes avoids the IT stuff entirely, which makes it one of the more-watchable procedurals in my book.
In the old days perhaps the best reason for not taking photos of your embarrassing bits (aside from the more obvious concern that nobody wants to see *that*) was that the lady behind the photo counter in Boots would get to see them.
Now, just replace that lady behind the photo counter with someone at Google/the NSA/The Sun and you still have exactly the same good reason for not taking photos of your embarrassing bits.
Yup it says so on the new US digital declaration of Independence:
"We hold these truths to be self-evident, that all bits are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Social Media, Uncensored Selfies and the pursuit of kitten videos"
Now, just replace that lady behind the photo counter with someone at Google/the NSA/The Sun and you still have exactly the same good reason for not taking photos of your embarrassing bits.
You have more reasons: the digital variety is easier to replicate and distribute on a truly *vast* scale.
"Really chaps and chapesses keep your frocks on unless the plot justifies it"
'This is a nude scene! I'm not doing it unless the plot absolutely justifies it!'
'What'd she say?'
'She said that she wouldn't do it unless it was absolutely essential to the plot"
'Ah. Will $5000 cover it?'
I think possibly for the only time ever in recorded history the religious right may be correct, abstinence is the only answer. You don't want your pink bits displayed to all and sundry, well don't immortalize them in digital form. It's the only way to be sure...
"Some people seem to be under the impression I took those with a smartphone or some such - they're welcome to attempt to haxxor my SD card and/or the fully non-smart non-wireless-enabled compact camera it resides in. Take your time, I'll wait..."
So speaks a man who has somehow never heard of the word "burglars".
If the very purpose of taking this kind of picture is to share it with someone else or view it later, then you're likely to keep them around in some form, otherwise you can't use it.
If you're thinking that it is safer not to put it online, yes it is, but not completely safe. Remember these celebrity videos stolen from their home? Smaller chance, but still a chance.
"...abstinence is the only answer"
Not really. It's just a normal human activity; and like any other activity there are risks involved. It's relatively new, however, and the risks may not be that obvious to anyone not in the technology game. And the risks go way, way up when you're a young, attractive high-profile celebrity because there's more people who want to see you naked...a certain percentage of whom are going to be amoral with the necessary skills to ninja your phone. Get beyond a certain level of famous, and the result is pretty well inevitable unless you take countermeasures.
Also, a big reason to take these photos in the first place is to send them to other people; which is doubling the risk. You're not only trusting their integrity; but their IT knowledge and personal security too. Plus the integrity of everyone who could get hold of the transmission.
The choices are: i) Don't do it; ii) Put the effort in and learn what you're doing; or iii) Live with the results. Given that the people involved were young and in varying stages of love/drunkenness, the second option is the least likely to happen.
I don't think anyone's career is going to be harmed by this. The response has been mostly sympathetic.
Nothing magical, just (ab)use of UTF-8 text. This page http://stackoverflow.com/questions/2995340/how-does-u%CA%8Dop-%C7%9Dp%E1%B4%89sdn-text-work explains it in a bit more detail. The encoding of the above URL gives a hint as to how this works.
Edit: Looks like you found an automatic online tool to do it for you...
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
I prefer to use simple, impossible to forget words, such as supercalifragilisticexpialidocious.
(Though when I was using that I did pick a l33tspeak rendition of it and included two misspellings. Well, the misspellings were not intentional, but they did make the password harder to crack.)
Nicely done, see icon; thankfully I have a washable keyboard for this, (and possibly one or two other) eventualities.
More seriously : I'm always astounded at the lazyness of the media around tech issues. There are now millions upon millions of people on this planet who have a basic understanding of day to day techie stuff. Can the BBC / CNN / UK GOV not manage to track one down? Just one?
"There are now millions upon millions of people on this planet who have a basic understanding of day to day techie stuff. Can the BBC / CNN / UK GOV not manage to track one down? Just one?"
Like most anything else days, it's not what know, but who you and what school you went to. If you aren't part of the club or inner circle, well, you just will not do.
Now think about recent events in the news.
Yes. Yes we are all effed.
This post has been deleted by its author
Further north, it might become pa??word because it looks like they have not yet figured out which currency to use if Scotland becomes independent.
Then that'd be Pa¤¤word.
Isn't "¤" the most uselss latin/unicode symbol ever?
The currency sign (¤) is a character used to denote an unspecified currency.... It was proposed by Italy.
Ah, that explains it.
This post has been deleted by its author
Am I the only one who find the idea of celebs who happily show acres of flesh and simulate having sex with other celebs when being paid lots of money to do so, getting upset about having more of the same publicised without their consent, just a little hypocritical?
.. and we have the Daily Fail today telling their readers that when people upload to the Cloud they aren't uploading their photos to a real cloud.
http://www.theguardian.com/media/mediamonkeyblog/2014/sep/03/daily-mail-icloud-celebrity-photos-hacked-naked?CMP=twt_gu
They're all clueless. That's not hacking. Hacking is the act of changing the behaviour of a program by modifying its source code. Cracking is the act of bypassing the security of a system, usually by guessing a password (dictionary attack) or exploiting some kind of inherent and superficial weakness. That's my definition anyway.
The meaning of hacker in popular language has come to be the same as cracker. The two are now pretty much interchangeable. We the congoscenti will either have to find an alternative to replace the original meaning of hacker. How about code artiste or vim jockey or extreme keyboarder or even god forbid programmer? More likely we'll just have to be smug in our superior knowledge.
If I'm talking to a non-technical person I always say hacker when I mean cracker. Life's too short to fight the crowd on something which makes no difference to anyone.
Language does change. The meaning of gorgeous is literally "like a pile of of gore". How it got to mean beautiful over the aeons is anyone's guess.
> The meaning of gorgeous is literally "like a pile of of gore"
Not, according to a usually reliable source.
late 15c., "splendid, showy" (of clothing), from Middle French gorgias "elegant, fashionable," of unknown origin; perhaps literally "necklace" (and thus "fond of jewelry"), from Old French gorge "bosom, throat," also "something adorning the throat."
Edit: Vic beat me to it!
Hacking is the process of making ANY system(computer or otherwise) do something interesting/novel that it was not intended to do. A hacker is someone who works such magic.
Cracking is the bypassing/breaking of security.
Thus a hacker may well crack the security on a door, safe or computer system
A hacker also invented the steam, petrol, diesel engine, hackers invent lots of things
A hacker that makes a lot of money is sometimes called an entrepreneur or when in the company of less monied hackers, a wanker
... xkcd on passwords there should be plenty of work for all...
unfortunately the 44 Character password as suggested in xkcd is not usuable for most application because often the password is restricted to 12 10 or even 8 characters.
But is does have to inlcude a number so pa$5word is often used by the user
and when the password has to be changed after 6 months the number is counted upwards...
and so on ... til 9 because the password history has a length of 6
Then it starts again from the beginning.
Would you restart with five, one or zero?
The chap's not heard of 4chan. Does that make him ignorant, or fortunate?
It is very sad when the mainstream media talk about most specialist subjects. But they are particularly pants on IT, which is rubbish considering how much they depend on DTP, t'internet, Google, Twit&Face, mobile phones and laptops.
AH, but you're forgetting the pecking order of showbusiness... IT is just about the lowest form of life as seen from the Floor, hell they're not even directly associated with it, and they can probably not even comprehend the fact that there just may be people around that actually know Stuff.
Even if someone does, the mere thought of giving someone that low on the Ladder actual airtime will probably cause a couple of heart attacks and aneurisms.
True with TV. But I was actually thinking journalists, epsecially the print ones. Who write copy on computers and tablets, have smartphones, are always pirating copy off Facebook and Twitter, plus whatever photos or blogs they can grab. And all busily Googling and Wiki-ing as well. You'd hope that a little bit of knowledge would rub off in this process...
For a few years, I've been bugging my better half to use a Password Vault. (KeePass and LastPass for example, local, with a synced backup copy on an external drive). Then the other day she showed me the little book she uses and keeps in her handbag, I had no answer (other than if she loses the book), really, since she uses a word (she remembers) and a number/letter/symbol sequence from the book for each site. Can't argue with that.
Sometimes, us techies can be taught a thing by the non-techies.
That's actually along the lines of the method I've been hearing the security experts I respect recommend for years now. I have a password card that I use for my most important stuff. It has a grid with the top row and left column being the alphabet and 0-9 and the rest random characters. I line up the first letter of the site name on the top with the last letter of the site name on the left, count off 15 characters from that point in the grid, and that's my password for that site. I only bother with it for things that would be devastating were my account to be breached, like my bank. I don't actually have to pull it out very often. For any site I visit with any kind of regularity I end up memorizing the password whether I make an effort to or not.
Gawd nose what they'd do if they had to use a system that checked for double characters, any real names,series of numbers (including Pi), password used within the last two years, minimum 10 characters and others.
It was a system that allowed access to anywhere on a circuit - and you could re-boot an entire exchange if you really wanted to.
(It got so tedious trying to find a new password every four weeks that most people wrote down the password and previous ones.)
Am I the only person that does this?
Allow me to explain. I don't use any names or words of any kind at all. Ever.
Instead I use patterns on the keyboard. Each site has a different pattern and combination of uppercase and lowercase lettering and a few numbers thrown in for good measure. So for example (purely and example) if it was twitter I would use 12QWasZXweSDZX simple pattern, easier to remember a pattern too.
It's dead easy here. After doing it a few time it's easier than using passage, with its own pattern followed by scrolling, copy, then paste, if the site even allows it, yada, yada. I'm the least competent at mechanical things (except design), but excel at pattern recognition.
For the junk sites, I use one of a few junk passwords. The important ones get at least 56 bits of entropy.
All my passwords for my important stuff are generated by the random character generator in cPanel.
Here's where the "passpattern" bit comes in. In the beginning, I had to type the newly-generated passwords by reading them off a page in my notebook, but after a while, I discovered that I was memorizing them through repetition -- not by learning the actual character sequence, but through "muscle memory", that is, by remembering keystroke finger positions, if that makes any sense.
Kinda the same way I'm typing now, as I learned to "touch type" in high school in preparation for all those research papers I'd have to write in college.
Be careful... some of the more common keyboard patterns have found their way into password brute-force dictionaries. The folks at SANS recently started monitoring the passwords used during SSH brute-force scanning attacks. The top two are of course "admin" and "password", but you don't have to go very far down the list before you start seeing things like "1qaz2wsx" and "123qwe!@#". See https://isc.sans.edu/ssh.html
"* Here in the UK, people with the password "password" should no doubt change the "s" to a pound sign, which looks like this: pa££word."
Thanks, El Reg. Now I'll have to change my password, again
Mine is the one with the "encryption" in the pocket.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
