* * * * *
Word to the wise
Word to the wise: Requesting a password reminder is not hacking an account.
I normally try to avoid online drama, but events between two people whom I
read got pretty much out of hand, and while I avoided leaving any comments in
their respective websites, one point is still gnawing at me. So I'll comment
here, in neutral ground (and I know both of them will read this) and
(probably against my better judgement, but that's never stopped me before)
give my two bits worth.
A bit of the backstory: Alice and Bob (obviously not their real names) were
an item (albeit a long distance item) and during the time they were together,
Alice helped Bob register a few domains, and setup one or two web-based
communities. Life happened, and several moons ago Alice and Bob broke up. But
contact and billing information for the domain hosting and community sites
were not updated. Or updated correctly. Or something to that effect.
This brings us up to Friday.
Alice notices that she's still listed as a moderator on the community site
run by Bob. Curiosity getting the better of her (and I suspect, a desire to
fix the problem right then and there and remove her information), she
requested a password reminder.
Which Bob was notified of:
> Word to the wise: When you request a password reminder on XXXXXXXXXXX, it
> goes to the e-mail address on record for that account. So the person
> associated with that e-mail address now knows that you tried to hack [the]
> account.
>
> Okay. Do you really think I'd be stupid enough to fail to change the e-mail
> address and password on a community I now moderate?
>
> How stupid does that make you? *laugh*
>
It was that comment that struck me badly.
Yes, accessing a computer you are not allowed to access is a Federal offense
(not that I totally agree with it, but that's the law as it is currently).
But note that in order for it to be a Federal offense, one has to actually
access the computer in question. Attempting to gain access? That's a
different question. And attempting to gain access to a computer that at one
point you had access to? That might not even be a Federal offense.
Case in point. My account at FAU (Florida Atlantic University) [1] lasted way
past my last days there. For all I know, I may still have an account there.
Let's see …
> [spc]linus:~>ssh
[email protected]
>
[email protected]'s password:
> Permission denied, please try again.
>
[email protected]'s password:
> Permission denied, please try again.
>
[email protected]'s password:
> Permission denied (publickey,password,keyboard-interactive).
> [spc]linus:~>
>
Hhmmm … guess I no longer have access there, but I know that this will show
up in the logs; something like:
> May 9 23:25:11 XXXXXXX sshd[22328]: Failed
> password for spconner from 10.0.0.2 port 36180 ssh2
>
But will FAU (Florida Atlantic University) (or the department this machine
was in) do anything about it?
I doubt it. It's a one time thing. Now, had I tried multiple times, say,
five, ten, a hundred times, then yes, that would definitely be a hacking
attempt. Once? Just seeing if the access is still there.
Other examples of hacking?
> May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=26379 F=0x4000 T=107
> May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=26381 F=0x4000 T=107
> May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=26383 F=0x4000 T=107
> May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=26384 F=0x4000 T=107
> May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=30400 F=0x4000 T=107
> May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=30401 F=0x4000 T=107
> May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=30403 F=0x4000 T=107
> May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=30405 F=0x4000 T=107
>
Someone trying to get into my home network. Well, rather, mutiple someones.
51 different sources for 166 attempts (18 from one IP (Internet Protocol)
address alone).
And that's just today.
That's a hack attempt.
Requesting a password be emailed?
I'm sorry, that is not a hack attempt.
I suppose Bob's comment hit me rather hard since I've been on the receiving
end of hacking attempts multiple times (and still am, as you can see above).
After a while, it simply becomes noise and the only hack attempts that are
worth consideration are those that actually break in and do damage [2].
I'm not trying to slight Bob here—after all, I doubt Bob has much experience
with being hacked [3], but I do think that the schadenfreude is misplaced in
this instance. Alice did not attempt a hack, nor is she stupid:
> With regard to [the] allegation, I have this to say: Yes, I triggered the
> password retrieval function of the community. Here's why—
>
> The userinfo page on … the community in question still list me as the
> community moderator. About two days ago, I sent … a politely worded e-mail
> asking [Bob] to take my name off the userinfo page for … the community in
> question. I did not think that this is an unreasonable request,
> particularly since we broke up over five months ago.
>
> I noticed earlier today that the userinfo pages had not been changed, and I
> idly wondered if my e-mail address was still listed on the community. I was
> pretty sure that this was not the case, since I was pretty careful to
> remove myself when I handed it over to [Bob] back in November, but I was
> curious, so I hit the password retrieval tool.
>
Just curious. And had I been in a similar situation as Alice, I would have
done the same.
Guess that would make me stupid then …
[1]
http://www.fau.edu/
[2]
gopher://gopher.conman.org/0Phlog:2000/01/30.1
[3]
gopher://gopher.conman.org/0Phlog:2003/12/17.1
Email author at
[email protected]
