Slashdot Mirror
Crack a Password, Save Norwegian History
Christian writes "With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the data became inaccessible. The result? A nationwide radio appeal asking for "hackers" to volunteer to help solve the problem! The
Norway Post has the story." I wonder if they looked under his keyboard yet..
Does my name get to be a part of history for single handly saving it?
"There is no real right or wrong, just what the majority accepts at the time."
what is Norweigan for "password".
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
Mesenger: John is Dead!
Meseum: (in sync) Ahhh, he was a lovely fellow, never bothered a soul... wonderful guy... absolutely great...
Mesenger 2: He was the only one who knew the password to the history archive!
Mesuem: That F&%cker! How dare he die... mother f%#cking asshole!
Messenger 2: Hey... don't kill the messenger!
when an entire archive is maintained by one mortal person. I wonder how many other times cases like these have come to surface. Sure, they may be on a much smaller scale, but something is to be said about archives of data maintained by one person, or one person having the only password to access these archives. But I guess we all know about too many cooks in the kitchen...
5. Juni 2002
Hackers respond to password challenge
Hackers have responded in large numbers to an appeal from the director of a culture center and literary museum on the west coast of Norway.
The password to one of their library archive systems is missing.
The museum built in honour of the famous Norwegian linguist Ivar Aasen received a gift of more than 1600 books and documents which had been catalogued and registered in a national data bank, which researchers and interested people may access.
Only trouble was that the expert who had helped the donor with the archiving work had died, and had failed to pass on the password.
In order to get access to the data base, Director Ottar Grepstad appealed on nationwide radio for help to solve the problem.
The response was above expectations, and the director is now busy chosing the expert most likely to solve the problem.
(NRK)
(this loaded very slow, but I got it.)
The truth shall set you free!
is the call for hackers to find a way to circumvent the login system to retrieve the data, or do they want the password 'recovered' by using a dictionary attack, or another brute-force method?
Though, at this point, they probably aren't too particular.
The name of his dog!
What? He didn't have a dog?
Oh, well.
I mod down anyone who uses M$ in their posts. I like to live on the edge.
I've already cracked it. Got the archives open right here. Let's see:
In the year 1005, the 1337 v1k0rs raided the English coast for raping and pillaging...
I have been thinking about this for a while. If I died suddenly, from the view of the online community, I would just disappear. No one would know to contact them. Most people would forget, or never notice, but some should really be contacted. Now I'm thinking I should make a list and put it on my hard drive to be found, (right next to the prOn) and have instructions on who needs informing.
120 chars of filth!
...this only happens in Norway :)
Did Cowboy Neil die and take all the passwords with him?
I have been pwned because my
trustno1
... sometimes I fly with the white swan to my Liffey home.
Anyone have a mirror to the article?
Crack a password, save history.
Get a cable modem, go to jail..
What kind of crazy backwards world are we living in?
Yeah, because of terrorist, you have no right for privacy, because of terrorists, all rights should be revoked and police state is the most enlightened system. And what about the US government & military terrorists? NSA is enough already
http://216.239.37.100/search?q=cache:http://www.no rwaypost.com/content.asp?folder_id=1&cluster_id=19 820
Damn, I can't even figure out how to post a link... anyone care to enlighten?
Ivar Aasen is famous in Norway. Created the language New Norwegian (Nynorsk). Norway use two languages. nynorsk and bokmaal.
Sig e godt =)
This is an interesting issue. Any -minimally skilled- IT operator knows he should never tell passes to other people. But, what if this person dies? How can we safely store passwords so that those can be retrieved if "shit happens"? Probably we cannot use encription (you need a pass to decrypt stuff), so what? Probably for most of us, a piece of paper in a safe place at home is enough, hackers *usually* do not break-in to get passwords. But I guess there is people around protecting *really* important data, and they do not trust anyone... what can they do to make passwords "undiscoverable" until "death" or sudden amnesy?
:dikappa
common utilities
1) tar
2) ar
3) grep
4) ps
and not so common
5) rep (well its installed on my system, but I'd never heard of it, further investigation reveals it to be a standalone lisp interpretter from the librep package (see "info librep", I am indeed learning something new every day))
A little info:
The database is from Dbase 4, I don't know how the security is on that format. It contains data about the norwegian linguist Ivar Aasen. For those interested in giving it a try, just search on norwegian pages to find the directors email address (name in another post). He's received quite a few emails already... (No, won't give the address here, pity the one who gets his email published on Slashdot).
Please excuse crappy english, save your grammatic flames.
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
Netcraft.com:
The site www.norwaypost.com is running Microsoft-IIS/4.0 on NT4/Windows 98.
Sad, isn't it?
Anyway, two ways to attack this problem: brute force it or be clever and see if this can be done by social engineering. If there are any people that know him well enough they might. Otoh, the way I choose passwords it might be tough even when people know me.
I remember this story about a similar incident a long while back. Somebody encrypted a file using a new algorithm and couldn't believe how fast that went. To verify the speed he then proceeded to encrypt the backup too and forgot _both_ passwords. This was a long time ago and to this day I don't believe it but the moral of the story is: keep an unecrypted version in an off-line, off-site backup medium in a vault for digital media in duplicate.
Karma? What's that again?
If it was american history, it would probably be shorter than the password.
RMN
~~~
I wish I could help, but I do intend to travel to the US at some later time in my life, and I don't want to be arrested for circumventig a protection device or something... Boy, do you americans have stupid laws...
free the mallocs!
Use HTML and make sure the posting mode is set to "Plain text" or "HTML formatted":
<A HREF="http://slashdot.org/">this is a link</A>
...becomes
this is a link
RMN
~~~
Is this a job for Beowulf?
A simple program... something to send that important email, decrypt the data that you honestly don't have to safeguard anymore, etc. A program to take action when you haven't proven (password | biometric | whatever...) your continued existance on a pre-arranged schedule.
And wouldn't you know it, one exists!
I caught this discussion at Ars Technica last month. It refers to a cool-sounding program called "Dead Man's Switch (DMS)", which caught the attention of the New York Times.
Just a few issues...
- Don't go on vacation for a longer period of time than you have the 'bot set for
- What happens when you actually do pass on to the great unknown, don't manage to pay your bills, and your (ISP | power company | shell host) kills your service?
- Or, more simply, what if your next of kin just tag the 'ol power switch?
Oh well... no person (or thing!) is perfect. Norway is keenly aware of this right now.(see either link, "If you're reading this, I'm dead!" type goofs have happened!)
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
Maybe you'll be part of history. The article does not name the guy who died.
You think the dead guy's hand or eye would still be recognized by the biometric identification device?
After seeing the interest in for example the RC5-56 challenge and others, it is a fact that there is a huge amount of people interested in participating in things like this. Maybe a distributed computing project, willing and open to take any (non criminal) tasks would not be that bad idea afterall. If there would be volunteers for building the crunching code using API provided, it would be possible to run projects with quite short lifecycle. I don't see SETI and RC5-56 and similar projects very interesting anymore. The task should be clear, reasonable and the estimated brute forcing time should be reasonable (like in 3 months maximum.) A dozen of little tasks per year, might prove more interesting.
:) and in this case probably no distributed brute forcing is needed - just the plain old crackerjack should do. :) .
Anyway, in this particular case, and 99% of others, the password is "IAmGod"
I bet some 14 year old will crack the password, and the world will find the archive replaced with a black page and blinking text saying "YoU'V3 b33n 0wn3d by da 1337 kr3w!"
"Knappe i andre enden !"
Translates to "Buttons on the other side!". Guess you used freetranslations to do that, eh? (since it resembles Danish, since these are similar languages)
Twice in recent years I've had the unhappy task of attempting to recover password protected personal files created by friends who have died. In each case the files contained financial information that the next of kin needed.
While password security is undoubtedly a good thing, it goes a bit beyond its remit if it locks out the wrong people. In most jobs I've had it has been common practice to keep hardcopies of passwords in sealed and signed envelopes placed in safes. While this is probably overkill for home users it's worth considering doing something like this for your family or friends and letting them know about it. Especially if you're someone I know. I really, really don't want to have to go through this again.
I would be a paid subscriber if Taco and Hemos weren't such cunts
...if the European version of the DMCA is passed, this would be an illegal act, likely to get the participant thrown in jail. Just to generalize, if the system is used commercially as a copy protection scheme by anyone, it would immediately fall under the category of "circumventing a copy protection device" by "cracking" it.
Of course, I am sure those in charge would happily my exceptions to this rule when it suits them. Still, this could be a great opportunity to speak out against such legislature.
Why bother.
When they do crack the files, they'll just find his grocery lists.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Well? What's the URL so we can all try it? They gotta trust me, I'm swedish! ;-)
A-ha! I knew that was you Mr. Ashcroft!!
Have they tryed pressing the ESC key yet?
"Oh no, not again"
just hook up the computer to the internet with a NT/IIS webserver, and voila, within a few hours it should b hacked.
"I think it would be a good idea" Gandhi, on Western Civilisation
...where's that old ouija board of mine gone?
I've put the contact details of who should take over the stuff I run (and the required passwords) in my testament. The only hassle is updating it regularly.
They are lucky that this unfortunate employee was not using biometrics to protect the archive.
The app i'd write would probably violate the DMCA,
may get into the hands of terrorists,
and tred on the toes of a few patents.
thank God the internet isn't a human right.
That only works if you clean the keyboard off first. You think all they use the keyboard for is to enter passwords?
Synergy is your friend
They apparently have physical access to the archive, so unless strong encryption was used the password itself probably isn't necessary. I've had to do this before, I received a demo machine for literally pennies on the dollar at my old lab. The only catch is that the root password was lost. I mounted the hard drive in another machine and just modified /etc/passwd that way. I eventually did a full reinstall but at the time my installation media was on loan elsewhere.
Chris Kuivenhoven is a thief, beware
Did they try 'password', the employee's dog's name, the signifigant other's name, the current month, or any other of these exceedingly hard to crack passwords that no hacker will ever be able to crack without a dictionary?
Duris MUD - The best pkill MUD. Ever.
There's even a better way with encryption such as PGP. We use it here at work. All critical files are encrypted not only with the keys of those who need to see it, but with a special escrow key that we all have on our key ring.
In the safe deposit box is a couple CD-R's with the private key and the passphrase. And just in case, the protected private key is stored on paper.
Other alternatives would be to use true key escrow. Employee keys are broken up in n parts, which are given to different departments, locations, etc. A certain number of these key parts can be used to recreate the complete key pair. A nice feature of the now defunct NAI PGP division. Grrrr.
The site is down...
I wonder which would be more difficult; cracking the password or cracking the encryption on the data? They know the context of the data, so some clever cryptanalysis would work. On the other hand, the password is probably a dictionary word, so a norwegian dictionary attack would be even easier.
This is actually a pretty serious issue with any kind of system where only one person has the password.
The ISP I once working for nearly went out of business several years back because the only tech with high level access was in a serious car accident and out of action for a month or so.
Its all very well not writing down passwords, and saying that nothing is going to happen to you, but in the real world, people get ill, run over, fall down etc. - In large companies its more then likely not a problem, but in a small company that has only one tech person doing everything, people need to make sure there is a plan of action for if that person becomes unreachable for any reason.
I saw the light at the end of the tunnel... But it was just someone with a flashlight bringing more work.
Rep (standing for "read evaluate print") is a dependancy for sawfish, which is probably why you have it. May be phased out in sawfish in favor of guile, but the sawfish author wrote rep, so don't hold your breath.
...and this lie crawls out of its mouth: 'I, the state, am the people.'
When the expert died, no-one had the password for the database. But the Ivar Aasen museum has maybe found a solution.
The Ivar Aasen museum is a national documentation center for nynorsk (Red: We have two versions of our written language, bokmål and nynorsk) language culture (?). They got a huge database of more than 1600 books and magazines in nynorsk by the Ivar Aasen expert Reidar Djupedal who passed away in 1989. Unfortunately, the database was password protected and no-one knew the password. Therefore, manager Ottar Grepstad went to the national radio channel NRK P1 to attract the attention of hackers. Now, tips are coming in from everywhere. - I've got 20 e-mails and 5 or 6 phone calls. It seems like this is something that really interest computer freaks (translation note: could be geek/nerd, in Norwegian "frik"), says Grepstad to dagbladet.no. The old database program "DBase 4" has been used. The Aasen museum has tried every thinkable password. In addition they have contacted Bibsys (Note: the national coordination of library databases) in Trondheim, who also had to give up.
Parapsychological organization
- I've even been contacted a couple of times by a parapsychological (psychic) organization. They told me that maybe people with special abilities could help us finding the password. They said it could be a regular word spelled backwards, says Grepstad. The manager hasn't had the time to go through all the tips, but many can be good. - Some tips propose alternative programs that can be used. Others send me links to websites that can help and some propose firms that can help us break the password, he says. The IT division will now go through all the tips to see if any of them are any good.
Roses are #FF0000, violets are #0000FF, all my base are belong to you
"But Your Honor, I had to load all that pirated software on my machine. Norweigan history was at stake!"
------
Today's Top Deals
I think someone needs to help out Norway with a good backup strategy. Obviously important information stored at one site? Only a single person knowing how to get into the archive?
--- rapper/producer/bachelorette party stripper
The National Centre of the New Norwegian Language and Culture
The New Norwegian Language
Ivar Aasen
Roses are #FF0000, violets are #0000FF, all my base are belong to you
But I bet he had a dog, it just died during his Viking funeral and can't tell us it's name any more.
If dogs name does not work use "Override".
Eve Fairbanks says I drive a hybrid!LOL
The norwegian tech news website Digi.no reports (http://www.aasentunet.no/)that manager Grepstad and the other people at "Ivar Aasen-tunet" on monday even got emails from to parapsychological groups who intended to help to find the passwords. A new way of hacking (even more successful than social engineering; psychic engineering!)?
:)
.
By monday they had recieved more than thirty emails from helpful people. I guess that number will rise a bit after being Slashdotted
By the way - their website is at http://www.aasentunet.no/
The database is of type dBase4.
Grepstad claims that total amount of work to get all data catalogued again would exceed four years.
Jakob Breivik Grimstveit
"I love deadlines. I love the whooshing noise they make as they go by."
Lutefisk?
(!)
What I fail to understand is why the database was password protected in the first place!
If it is in a museum then everybody had to have free access to the information. If the database is purely password protected for writing (as in read-only) I would understand it as well!
Maybe it is one of those Microsoft Word pop-ups where it asks you a password if you want to open the file for writing. I have stopped counting the number of people mailing me for the password for documents 'cause they cannot read it, turning out the password was not required at all!
BTW DBase is so old and the algorithms used for protection are all well-known. They could not be using anything better than DES and the average 2.4GHz machine can crack that in a couple of weeks nowadays so I fail to grasp the crisis.
"With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the website became inaccessible. The result? A nationwide radio appeal asking for "slashdotters" to volunteer to help solve the problem! The Norway Post had the story"
I'll have something intelligent to add one of these days...
Long long time ago, when me still was a littke kid I 'cracked' a database with super leet skillzzz.
;)
That is, the application had a password, dut you could read the plain text database with Norton Commander.
But wait. I have the solution. Distributed brute force. People, all over the world stop searching for ET, the biggest prime or the cure for cancer. One week later the password must be found, I guess
Privacy is terrorism.
That library is running a Gibson XP with a 128-bit hack-proof firewall with triple redundant fault re-routers.
Prevent linux based DDOS's!
http://linux.denialofservice.org/
...we all unite and call ourselves europeans and make fun of the americans (not including canadians).
Guess who's become the latest poster child for password escrow?
It's supposed to be completely automatic, but actually you have to press this button.
...with explicit instructions to ignore the porn, anti-company propaganda, and other contraband they find in your accounts ;)
Seems ironic to me. Something was so secret it needed to be password protected, but now they're begging for people to tell them what it is.
Do you even lift?
These aren't the 'roids you're looking for.
I can see it now... "Hacker saves museum database, is charged under DCMA"
Of course, then the RIAA would sue them, just because they can.
Dark Nexus
"Sanity is calming, but madness is more interesting."
Once we had an old server, for which we needed the password to get some old data off of it. After spending a couple hours trying to track down the guy who would know what it was, I got bored and started trying different things. To my amusement, the first thing I tried worked. "password" How original. I wonder if they've tried that yet?
The snow doesn't give a soft white damn whom it touches. -- ee cummings
But why?
Seriously though, how often do problems like this occur? I never have important information entrusted to the care of any single person, including myself, for reasons that this article should make apparent.
--Kevin
What's norwegian for "password"?
blahblah Lameness filter is itself lame... ironic...
Just wait till some crappy band steals your nic.
Maybe I should swing by and give it a shot.
Hmm. XYZZY? PLUGH? Decisions, Decisions.
"I'm sorry Cr4Ck3r DuD3, but there's no check. However, we've been looking for you regarding a DDOS we got last week..."
Q: You've got a real heart beating inside your chest.
Picard: So I won't die?
Q: OF COURSE YOU'LL DIE!! It will only be on a later date.
(from the episode Tapestry)
...need to find a new hiding spot for my passwords. Under the monitor maybe?
Can I bum a sig?
dBase module
Or a $75 service. Password Crackers Inc.
I don't get what's with all the ideas of putting the password in a safe? How is putting the password in a safe and deciding who knows the combination to the safe different than simply deciding who knows the password?
I can and would do it... but norweigan kids would hate me for doing it... they would have to study it in school.
I prefer to be a hero for saving those poor norweigan kids. Therefore I hereby swear not to do it.
This is not my sig.
Slashdot readers in the USA: You have violated US law by reading this article, which is an attempt to bypass a protection device.
Did they try "1,2,3,4,5"?
"That's the combination for my luggage!"
I really hate signatures, but go to my website.
Days ago, Ottar Grepstad, director of the culture center and literary museum on the west coast of Norway, was busy selecting his expert of choice to hack a password known only by a dead man. It has been revealed that only minutes after his public appeal for a skiller hax0r to recover this password, his archive was ow3nd by Kevin Mitnick. The notorious hacker released information found in the archive that seems to indicate that Britney Spears was concieved by using frozen sperm from non other than Mike Tyson himself. The egg donor was only referred to in the archive as "Camilla" and it is suspected she is the same woman that Prince Charles is dating.
I'll rant a bit (it's Slashdot, after all) trying to figure out a way to avoid this in the first place:
My first instinct is the really low-tech alternative: hire a lawyer to deal with your confidential information when you die. Just like any other "unsolved business" with your state, your passwords,etc. would be given to someone you deem capable of dealing with the issue...
But almost no one prepares for death that way either, so what are the technical alternatives?
- A cron job of sorts? Would depend on the server running indefinitely until some stipulated date when it would release the information... if it used some distributed system, it could avoid the vulnerabilities that come to mind at first sight. But a system that requires you to identify yourself and register would require almost as much preparation as the lawyer, and an anonymous system would be too open to abuse (heck, the first too).
- Some kind of "degrading cryptography"?
It may seem like defeating the purpose of cryptography in the first place, but assume that we don't want to keep the information secret forever, just for some years... not only do we not care if the information is revealed then, we DEMAND it is revealed at a particular point in time.
Is there some way to encrypt data such that it can demonstrably be decrypted only after X amount of time?
I imagine it would be extremely hard to figure out something like that, but maybe someone already has. I can only think of three approaches to not-depend on processor power, both perhaps impossible:
i) A method that collects information from some constant (data is reliable and at a constant rate) source of information (solar flares?) and needs to collect X amount of information before decrypting the key and revealing it.
The problem is that in order to ensure this information will make the decryption possible you have to be able to anticipate it. Then anyone can simulate the information at an accelerated pace and get to the key...
Maybe if we can use the key to select which information to process, and use a source of massive amounts of data, we can make unfeasible to accurately simulate all the data. But that would be trusting our current technical limitations to hold, wouldn't it? Unless we can prove simulating the source is an NP problem...
ii) Having a system that creates a unique algorithm for the key that needs to be run for X time in order to "degrade" to the key. The idea would be to escape the dependence on external information of the first problem. But even if it's possible, we would need to depend on an external source for a trusted "beacon" or "ticker" that tells how much time has passed.
iii) Perhaps the only sensible solution (and the last I thought of, obviously): Would it be useful to have digitally signed time measurement on the Internet? An atomic clock owned some trusted government or international entity that officially tells you "today is time X"?
You encrypt the key to be decrypted only when a message digitally signed by agency Y confirms a certain date has been reached. When agency Y makes the message "today is time X" public on the Internet, your boss gives that message to the system and the system pops out the password you need. "time X" and "agency Y" could (and would) be made public to all interested parties, but unless "agency Y" cheats, no one can do much about it.
This could also provide an automated means to publish confidential material whose confidentiality has an expiration date. Declassification would then not require too much work on the part of agencies that have no great interest in declassifying in the first place: once the time is reached, the keys are available and people can decrypt it.
Freedom is the freedom to say 2+2=4, everything else follows...
This was actually good news. in Norway we have two languages. The one that 90% use and "The Other (evil) Language".
These books are based on "TO(e)L" and have played a big role in "TO(e)L"s developement.
"TO(e)O" is constructed by Ivar Aasen and by some fscked up reason we now have two equal languages - and we have to learn both at school. School is just as boring here as elsewhere in the world. Try to imagine how it would be to have the class "Redneck" for three hours straight!
~/.sig
This is a quick translation of some of the technical bits in on of the articles - please excuse the bad english.
"The database is made around 1990 [...] The files are in dBase format version IV [...] There should be around 11.000 postings. It is hard to say anything about the quality of the database. We have the data files, but we do not have the right software to access the files. [...] We have 18 leafbooks(?) [ - 'Ringpermer' in norwegian] with printouts of all the postings in the database sorted after ID-numbers and not book-title. The database is stored on three floppy disks."
Some local IT-departments have tried to open the database files, but have failed, party beacuse the database have been password protected.
Do we have passwords protecting portions of our national treasures as well?
Your monitor is staring at you.
As cracked my good ole Leslie:
login : login
passoword : password
should work.
Voltaire: God is dead.
God: Voltaire is dead!
Castanza, you killed my mother.
This is not troll, I am a human and make funny jokes, haha.
In order to write the password for all secure places I have, I would implement a time password. I would keep in my will the formula to recreate my password. This way I can have a password as often as I want, that is unique, but if people know how often I change my password and when I died, they can deduce the pass. Of course said formula would be in a safe place.
Now I need to figure out a formula for all my passwords. Ohh I know newpass= oldpass, I really need to change my passwords periodically.
The biggest problem is finding someone who will admitt that they knew DBase IV, and is will to use it again.
If only one person had the password to this supposedly "vital" information, I can't imagine all that many people were actually accessing it. If they were, the individual who knew the password would have done little else except unlock the archive for people. I doubt anyone so high up would have such a boring job. And if nearly no one is accessing the information, how important could it really be?
You see? You see? Your stupid minds! Stupid! Stupid!
I knew we shouldn't have let thore Norsemen have their own king and all. This is what happens; they lose passwords left and right.
Besides, I'm sure that the password is just a misspelt danish word. I mean, c'mon, if you can't pronounce danish properly, don't go and call it something else, like Swedish or Norwegian...
Blearf. Blearf, I say.
This sort of thing works both ways and the powers that be aren't going to learn that if you come to their rescue. They'll eventually figure out the password, but if you let them do it on their own, and you tell them why you aren't going to assist them then maybe, just maybe, they'll learn a lesson. Something about doing to others as you would have them do to you.
Prevent email address forgery. Publish SPF records for y
"Of cultural interest" is more like it.
Bergen til eg dør
However, since I am using Windows, I doubt anyone will have much difficulty getting in :)
Would have been a nice use for a fingerprint or retinal scan. The login would still be accessible. Although, I wouldn't want to be the one to do it. eww...
The following info would help:
Combine that with the dictionary, mix well, apply cracking script and, most likely, open sesame.
As Richard Feynman used to say about safes, 99.9% of what keeps people from getting in is the perception of security, not real security. This from a guy who used to sneak in & out of Los Alamos at will during the Manhattan project.
The only tool you've got against psychosis is experience.
If you're reading this, then *BSD is dead...
Help find a cure for cancer!
I'd say to ask Jon Johannsen, but then the MPAA would just use it to prove that he's an Evil Terrorist Hacker(tm).
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Have they tried "password" yet?
To make a pun demonstrates the highest understanding of a language
What's the word for "friend" in Norwegian (or Elvish for that matter)?
the most used key would probably be w, as in www. and it won't necessarily be in his pw. if he lived in an english speaking land, probably rstnl and the vowels would be the most used... you only have to log in once to type a very long document, you know....
Love,
Jay and Silent Bob
Baravelli: Who are you?
Wagstaff: I'm fine, thanks, who are you?
Baravelli: I'm fine too, but you can't come in unless you give the password.
Wagstaff: Well, what is the password?
Baravelli: Aw, no! You gotta tell me. Hey, I tell what I do. I give you three guesses. It's the name of a fish.
Wagstaff: Is it Mary?
Baravelli: Ha-ha. That's-a no fish.
Wagstaff: She isn't, well, she drinks like one. Let me see. Is it sturgeon?
Baravelli: Hey you crazy! Sturgeon, he's a doctor cuts you open when-a you sick. Now I give you one more chance.
Wagstaff: I got it! Haddock!
Baravelli: That's-a funny. I gotta haddock, too.
Wagstaff: What do you take for a haddock?
Baravelli: Well-a, sometimes I take-a aspirin, sometimes I take-a Calamel.
Wagstaff: Say, I'd walk a mile for a Calamel.
Baravelli: You mean chocolate calamel. I like that too, but you no guess it. Hey, what's-a matter, you no understand English? You can't come in here unless you say "swordfish." Now I'll give you one more guess.
Wagstaff: [To himself] Swordfish. Swordfish. [To Baravelli.] I think I got it. Is it "swordfish"?
Baravelli: Hah! That's-a it! You guess it!
Wagstaff: Pretty good, eh?
Ok you lost the password. There are other ways of getting back to the data and changing it then hacking the computer and compromizing security.
/etc/passwd and whipe out the * in the root password
1 You Take the Harddrive out of the PC/Workstation.
2 Put it on an other working PC/Workstation that you do have a password for.
3 Mount the drive.
4 Go in that drive
5 Put the hard drive back in the old computer.
6 boot it up.
7 loogin as root no password asked
8 change the root password
This is much simpler then having a person try to hack a password. in case if it is a good one could take a really long time to crack. Unless of course the guy who knew the password is the only guy in the country that knew how to move a harddrive.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
... some sort combination of Windows, IE, Access, VB Script and IIS, I'm sure they wouldn't have to go public with the annoncement and just hack their way into it. I think that sysadmins should consider insecure data storage in the future in the case of their death.
Distributed.net
We get a client, we'll have the password in a couple days. No sweat.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
But have they tried "bork-bork-bork" yet?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
INT: Courtroom, Day
Assistant DA: "The DNA evidence is indisputable!"
Defense Attorney Han Solo: "I object!"
Judge: "What grounds?"
Defense Attorney Chewbacca: "RAWWWWR" (Smashes table over Assistant DA)
Judge: "Let me suggest a new strategy...Let the wookie win."
"Bugger this, I want a better world." - Jenny Sparks
Johaness Kepler came up with his 3 laws which govern planetary motion or motion along an elipse due to gravity really. He needed to verify that his laws were correct but he didn't have the data to back up his claims. He knew an individual, Tycho Brahe, who had the data but was quite insistant on not giving it to Kepler. Kepler just wated for the dude to die (hehe, "waited") and then stole the data.
I wonder if the guy who died wanted the data to go away with him. I wonder if he thought he deleted the last remaining copys. I wonder if the stuff is just historical data.
Was this guy really just an independant expert who had no tie to the data?
Enough conspiracy theories, but I hope the people who decide to help out are wise enough to ask before they do the work.
Password, procudures, etc... are *written* down and immediately put in a file which someone in the legal department then puts into your company's secure storage vaults (be they onsite or offsite).
--- I do not moderate.
It's a ruse! That password will get them some important secret info that they wouldn't otherwise have access to, all couched with a fancy cover story about some guy croaking without succession plan. It's my conspiracy theory and I am sticking with it! :)
If someone was interested in this data, they should have covered this kind of situation under a risk management plan. Hindsight being 20/20 and all that, they did not, and someone is now holding the bag. Because there is a file that is known to contain the data they want, they hold out hope that it will be salvageable.
:-)
In reality, this situation is almost the same as if a fire had destroyed the building along with the data, or even as if the person responsible for the data intended for it to die with him. There is a chance, however large or small, that the data will be recovered, but from a business perspective, an appropriate response would be to consider it a loss, start collecting the data again, and learn from the experience. Retrieving the data from the encrypted file is an interesting exercise, but one with uncertain results. Push the file into an academic circle and hope for the best.
In this case, having the file is misleading a management decision, because it appears as if they still have the data. In reality, they do not, unless an unlikely contingency occurs where someone can retrieve it. Since nobody seems to be able to put a delivery date on that retrieval, or even state the degree of cetrainty with which it can be retrieved, the correct business decision would probably be to consider it lost.
I'm guessing it's a loss not covered by their insurance.
This is a harsh assessment of the situation, and I'm only making it because I'm not the one with the data that needs to be recovered
Another thing I notice is that the party responsible for the data seems interested in limiting the number of people who will get the opportunity to try to crack this, as opposed to just posting the thing to the world as a challenge, perhaps with a reward to the first person to break it. Remember the King Arthur legend -- Arthur wasn't authorized to try for Excalibur!
The details in the article are sketchy. The title of the Slashdot article seems to be pretty misleading. The file in question doesn't contin the historical documents themselves, but an index to them?
I'm sorry to hear that a researcher has died in Norway.
-fb Everything not expressly forbidden is now mandatory.
All they do is every combination of word, in 27 languages, and combinations of upper and lower case, backwards, sidewides and any other direction you can think of. Well, this is all good and gravy until you come to a system that locks an account due to too many failed login attempts. Notice how they don't even say sorry if this happens, they simply don't take your money. Not too ingenius in my opinion.
It seems that Mr. Grepstad is consulting the wrong group of experts ...
UN Peacekeepers were sent in to Scandinavia today to avert the escalation of an increasingly bitter round of invective between representatives of the area's countries. Tensions began to abate, however, as the traditional taunting gave way to the relatively modern sport of "USA-Bashing."
Milo
you just think like the popular kids now because they've got you thinking you're accepted but they're really laughing just as hard at you when you're not around because now they've turned you against your own kind.
they use(d) the same argument against drugs.
Who else but the Norwegian cracker most widely known to Slashdotters and Linux DVD watchers. (Maybe they'll give him a "Get Out of Jail Free" card in appreciation.)
Trollem mirabilem hanc subnotationis exigiutas non caperet
"Years ago, I picked a password that's random as hell and was very difficult to remember. No password cracker-- dictionary *or* brute force-- has broken it yet. I use this password on about ten systems."
:)
Methinks you better look up the definition of "brute force"
I browse at +5 Flamebait- moderation for all or moderation for none.
OK, so thousands (maybe millions) of pages of text may be lost to some guy who was a control freak and decided to compress and encrypt a database[0], but the short term benefits of this are not entirely being used. Anti-DMCA and Anti-Euro-DMCA, showing the world that 'hackers' (White, Black, Grey, Blue, etc...) are not the evil bane of existance of the Internet.
Granted, I'm not a fan of Norgys, particularly due to an IRC channel I'm on that has had to ban *.no because of constant "A/S/L?" and mass-msg "Hi, I am a cute girl from Norway, do you want to cyber?" messages... but the point being... there -is- the chance that the Norgys did something -GOOD- for once. What if this is a spoof, hoax, trick... a Library/Institution that decided that people do actually need hackers in the world to work on all those stupid problems that otherwise would go unaddressed because people are stupid and lazy.
Erm... maybe... then again, maybe not, and well - that's giving Norgys a lot of credit...
0. However to the best of my knowledge, dBase passwords are very easy to break
I cannot confirm nor deny the allegation or allegations you may or may not have just made
What I'd like to know is, why was it ...
... unless the Norwegians actually discovered ...
encrypted in the first place? An archive
of 16,000 books of Norwegian history doesn't
sound like sensitive material, unless
space travel around the year 600 AD and have
been communicating with aliens ever since
Then it would be alot easier to get the password.
Too bad the Lone Gunmen aren't available.
Or do you hire a clerk to rebuild the database by looking through the books? At some point, that probably wins, at least to the extent that the indexing is mostly gruntwork rather than creative thought. That doesn't mean it's not worth posting the file to the web and asking for volunteers to hack it, which would be a fine idea.
A long long time ago, on an IBM System34 far far away, somebody out in the shop wanted to turn off his welder by flipping circuit breakers, and found the computer room before he found the welder, and the 34's quaint little operating system wasn't designed for that sort of thing; the open file which represented six or seven hours of typing by our accounting clerk got truncated to its last good state. I spent about 5 hours on the phone with IBM tech support doing the hexedit on the disk drive to find the right pointers and patch it so we could recover the file. If it had taken much longer, we'd have been better off retyping the thing.... But of course, sometimes you only know that in hindsight.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But Linus Torvalds (look at that surname) is a Finnish Swede (or however you call that 6%).
Candian World Domination
...I meant to say that like a Gumby.
Surströming
People who eat this stuff leave Smalahovud for pregnant women and the elderly.
Surstroming is when you put herring in a barrel for a few months, bury it, let it rot, can it, hire a bomb squad member to open the tin, and eat it with lots of akvavit.
So dBase IV was created at JPL, which is run by NASA, and it contains a vital security flaw that means it can be hacked by simple software. Not surprising, huh?
Ah auh ahhh.. You didn't say the magic word..
Ah auh ahhh..
Ah auh ahhh...
The database has now been made publicly available on the following url:
http://www.produktivdata.com/download/dbase.zip
It it beeing linked from www.aasentunet.no in this article.
Tell them that its posible the data can never be recovered and they need to upgrade... Add a new hardrive install your favorite *nix*cough*Slackware*, kazoontite, then mount the ol drive and exclaim, hey look Linux comes with norweigen history, databases!
Norwegian hardware site http://hardware.no [norwegian text only] is reporting that the database file [dBase IV] has been made available for download at: http://www.produktivdata.com/download/dbase.zip [2.9 MB] Some tips: -Social engineering has been tested so dont spam his relatives or the Ivar Aasen tunet museum -The password might contain the norwegian letters æ, ø, and å (possible not correctly shown on _your_ screen) so brute force or a dictionary approach might not be succsessful.. The solution/password can be sent to aasentunet.no (no im not putting their email out at slashdot) Good luck
Melius mori in libertate quam vivere in servitute.
But I believe we have something like that in Norway. Rakfisk. There is a risk it will develop botulism in the rotting process. Nasty, nasty stuff, too.
;)
Anyhow, this is all sad, sad stuff. People were starving, had some rotten fish or a sheep's head after a (bear|pack of wolves) ate the rest, and made the best of it. I just don't understand why well off people feel the need to eat these leftovers from historical lows in order to feel "Swedish" or "Norwegian". Christ, we're even corresponding in English
Stop the brainwash
Yes, it really is done. For the interested this is the first 200 rows of it http://www.student.hig.se/~na98jbr/bok.htm The formatting is crap but at least it shows that it's done. Took an hour to do but it was a fun challenge. Just hope they have some use for it. All 11106 rows of it.
digi.no has an article about the slashdot effect on Norway Post, sadly only in Norwegian.
Here's an attempt to translate the most interessting in the interview with Carl Eric Fuglesang of Norway Post:
After the article was posted on Slashdot Wednesday morning, Norwegian Post went down. Mr. Fuglesang tried to restart the NT server - unsuccessfully. This has happened before by server overload. It seems like it get's "corrupted" after beeing overloaded, says Fuglesang, that also states that he sat up until midnight with representatives from Microsoft trying to get the site up and running...unsuccessfully.
Now he's tired of the problems and want to change webserver.
Yes, we have to get new equipment. Normaly we don't have more than 20.000 hits per day, but we have old equipment and can't afford to upgrade.
Hmmm. It seems like he needs a _software_ upgrade if you ask me. Someone should send them a linux distribution.
- Lars Preben S. Arnesen
Good job. Please tell us how you did it:)
The password is: ladepujd (djupedal reversed). [and it is created by Norton Backup 2.0 or above, which took me a day to dig up] No big deal.
Password is found, and it was... 'ladepujd'
The guy's last name was Djupedal.
:-)
Jakob Breivik Grimstveit
"I love deadlines. I love the whooshing noise they make as they go by."