> On 08/23/2016 07:25 PM, Chris Laprise wrote: >> What threat model does this fit? If a skilled attacker tricks you into >> thinking you created an account at sigaint, but you later cannot use >> it... what is the advantage of that? The possible gain seems to be >> little or nothing. > > Well, (s)he has changed all its passwords. Tricking someone into > changing all passwords has been done before.
Indeed. Psyhchological harassment can often by the goal, not necessarily theft of credentials. (There's nothing left to take, in my case, lol.) And when I said I had a psycho ex, I truly meant that she has truly shown all the signs of being a textbook psychopath or sociopath, and invested heavily in having me harassed online. (I don't think she's a genius hacker herself, lol.) When you're dealing with a psycho/socio-path, logical and rationality doesn't always factor into things, which can be hard to get your head around at times. Sheer destruction can be the goal (in her case, a stated goal). That being said, I can believe that the recent password weirdness was probably PayPal anti-fraud mechanisms being careful (or confused) with Tor. (I'd say it could also be someone trying to grab all credentials from a dodgy exit node, but the fact I saw the SSL lock/certificate and the real PayPal URL makes me doubtful, unless the browser was compromised and lying.) Part of the leverage of psychological harassment is that you start seeing unrelated screwups as part of the harassment. It's good to be careful to try and separate the two. Not always easy. Cheers. :) JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72e45af0b5117271fbbff0ae7e40d5c8.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.