Thanks, Steve,
Its terrifying how naïve I am. But you already knew that. Nick Nicholas S. Thompson Emeritus Professor of Psychology and Biology Clark University <http://home.earthlink.net/~nickthompson/naturaldesigns/> http://home.earthlink.net/~nickthompson/naturaldesigns/ From: Friam [mailto:friam-boun...@redfish.com] On Behalf Of Steve Smith Sent: Monday, November 18, 2013 11:18 AM To: The Friday Morning Applied Complexity Coffee Group Subject: Re: [FRIAM] Forum hacked Nick - Just send me the $2500 and don't worry your pretty little head about it... I'll be sure he gets it. Or at least that it gets spent. Actually there are a whole class of phishing schemes that are slightly too oblique for me to guess exactly what they are about. Sometimes I think it is (to extend the phishing metaphor) chumming... tossing out bait with no hook to get a frenzy going. For example, if they send out 1.9 million requests for various things ($2500 loan because of robbery in Phillipines, or $900 for a plane ticket to get back to Manila from Denver to help the family, or ...) and then scrape the open web archives of lists like FRIAM for that same text, they can find how receptive folks (like yourself) are to that particular scam. Let's say your question to the list was "how do I get the money to him, I"m sure this is legitimate, he must have forgotten to give me the info where to wire the $2500) then they recognize that their scam is good and to elaborate it for you (and others like you), or even to just follow up in person (... Nick, I forgot to tell you in my last e-mail... can you wire-transfer that $2500 to XXXyyyZZZ in Manila right away... and it would really help if you send me your Driver's License #, Credit Card #s with expiration and security code, and maybe your mother's maiden name "just in case"?) Another possibility (slimmer) is that the ReplyTo field in the original e-mail is different from the From: which you recognize. When you blithely hit "Reply", it goes to another e-mail. Given that e-mail addresses have two parts (the common name, and the actual address such as "Nick Thompson <mailto:sasm...@swcp.com> <sasm...@swcp.com>") someone (like me) can make it feel like the recipient is replying to you while actually replying to me... it takes a tiny bit of sophistication but... heck, for $2500/mark, why not stretch oneself a bit and learn some tricks? Could anybody translate Owens message into ordinary language? Or shouldnt I bother my pretty little head about it. Probably not, but let me try riffing on it in pidgen Zuni and Basque: Basically, someone who runs the forum (mail list? Web Site discussion group?) indicated to the constituents that their server(s) had been compromised (we don't know how or how they know it)... they apparently indicated that the hackers (probably? surely?) got access to the forum users' Database which would have "personal information" (name, e-mail, more?) and apparently (encrypted) passwords. One way to discover clear-text from an encrypted list (passwords) is to encrypt (using various methods?) a dictionary of likely words/phrases and compare the resulting encryption to the password list. If any of the encrypted words/phrases match something in the list, then you know that clear text (password). This depends on your using words that are likely to be in their dictionary. Their dictionary needn't be a list of english-language words (though that is an obvious collection to include), it could be a collection of likely or already known passwords (e.g. "password" or "f*ckoff!", etc.)... thus if they crack your password on one site, they can add that to their "dictionary" and if you have used it on another site, it will pop right up with this form of attack. If the site administrator/system uses "salt" (see wikipedia link), each password gets folded in with a psuedo-random number so that it no longer looks anything like the original password that might show up in a dictionary. user:nickt password:nickt becomes user:nickt password:gob@#ledy$%go%ok , with the latter less likely to be in their dictionary (which might also be custom-built based on your personal information such as DOB, paternal uncle's favorite cat, mother's maiden name, Pet Cockatiel's DOHatch, etc.). Ikusi arte, So' a:ne, Adios, Ciao, Carry on! - Steve Meanwhile, this morning, I got an urgent message from an acquaintance asking me to loan him 2500 dollars on account of his being robbed at gunpoint in the Philippines. A call to his home revealed that he was safe and sound in Denver. Here is the puzzle. The spoofer gave me nowhere to send my money. Thus, I have 2500 dollars to send and nowhere to send it. The only way I had of getting back to him/her was via the spoofed email address. No link. No bank account number. No phone number in Manila. How does THAT work? Nick Nicholas S. Thompson Emeritus Professor of Psychology and Biology Clark University http://home.earthlink.net/~nickthompson/naturaldesigns/ <http://home.earthlink.net/%7Enickthompson/naturaldesigns/> From: Friam [mailto:friam-boun...@redfish.com] On Behalf Of Owen Densmore Sent: Monday, November 18, 2013 10:13 AM To: Complexity Coffee Group Subject: [FRIAM] Forum hacked A forum I belong to has been hacked, including personal info as well as passwords. How do they use this information? I presume they try the hash function on all combinations of possible passwords. (Naturally optimized for faster convergence). They see a match, i.e. a letter combination resulting in the given hash of the password. If they crack one password, does that make cracking the rest any easier? And does "salt" simply increase the difficulty, and indeed can it be deduced, as above, by cracking a single password? .. or is it all quite different from this! -- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
