How the Secret Service Cracks Encrypted Evidence

tabdelgawad writes "The Washington Post offers this writeup about how the U.S. Secret Service uses a Distributed Network Attack program to crack encryption on computers and drives seized as evidence. How can brute force still succeed with 256-bit encryption, you ask? Customized password dictionaries from the seized computer's email files and browser cache: People still use non-random passwords."

Passwords?!

[Enze6997]

King Roland: The combination is: one . . . Dark Helmet: One. Col. Sandurz: One. King Roland: Two . . . Dark Helmet: Two. Col. Sandurz: Two. King Roland: Three . . . Dark Helmet: Three. Col. Sandurz: Three. King Roland: Four . . . Dark Helmet: Four. Col. Sandurz: Four. King Roland: Five . . . Dark Helmet: Five. Col. Sandurz: Five. Dark Helmet: So, the combination is: one, two, three, four, five. That's the stupidest combination I ever heard in my life! That's the kind of thing an idiot would have on his luggage!

Re:Passwords?!

[ArsonSmith]

Note to self: Change combination on lugage when I get home.

Re:Passwords?!

[ScoLgo]

You're lucky if you really have a 5-digit combo on your luggage. My cousin came to visit from Sweden a couple of years ago. He had locked his (most common) 3-digit combo lock before the 10-hour flight and then promptly forgotten the combination. It didn't take me long to start running through the 1000 possibles. Had it open in 10 minutes.

He sure was happy to get to a clean pair of drawers. :)

(Yes. I've seen Space Balls. And yes, the 1-2-3-4-5 combination joke is wearing pretty thin.)

Re:Passwords?!

[tlhIngan]

There's always 24445 as a valid combination that can be spoken as 1-2-3-4-5... (One 2, Three 4s, 5).

People always seem to stumble on that when they ask for my combination and I tell them that. Then I show them the correct combination and a light dawns on their heads...

Re:Passwords?!

[Bingo+Foo]

I hope I never think any of my passwords are so clever that I feel compelled to tell everyone about them.

Re:Passwords?!

[JustKidding]

Actually, it isn't really all that stupid. It's a perfectly valid combination from a 5 digit set.
If you were to exclude this, and many other "stupid" combinations, there would be very few left, which, therefor, would be stupid combinations, because you would only be using a small subset of the whole set of possible combinations.
There is, for example, not a single 4 digit code (like a PIN number) that isn't somehow easy to remember when entering it into a keypad. There is always some clear pattern to remember.

Re:Passwords?!

[plover]

INTER-OFFICE MEMO

From: Info Security
To: All staff
Subject: Secure PIN requirements

We have determined that you are using an insecure PIN, because it has a pattern in it.

Through extensive research, our staff has determined that many PINs are insecure because they contain patterns, birthdays, anniversaries, etc. By excluding all combinations of duplicate numbers, keyboard-pattern entries, and significant numbers, we have determined that the most secure PIN you can use is 7439. Please change your PIN to 7439 immediately in order to ensure our company's assets are properly protected.

Thank you for your cooperation.

Re:Passwords?!

[ScoLgo]

I work in the custom luggage industry. Most combo-lock mechanisms that I see are 3-digit. Yes, you can get locks with more digits but three is most common, (which is why I put "(most common)" in my post - maybe you missed that part? I kinda doubt that since you quoted it in your reply). But to answer your question; No, I don't believe there is a number shortage in Sweden at present. They are probably just conserving and planning for the day when there might be an actual number shortage. (Don't ask; it's a Swedish thing :).

Also, keep in mind that most luggage has these things called 'handles'. If a thief really wants your stuff, they will grab it by the afore-mentioned 'handle', take it home, and drill the fucker open. IOW, luggage locks are only there to keep the honest people honest.

Another thing: here in the States, you aren't allowed to lock checked baggage anymore. Airport screeners require that luggage be left unlocked to facilitate spot-checking of baggage. (Don't argue with this or you may well be labeled a terrorist.)

(Cue swelling, patriotic music...)
I, for one, sleep much better at night knowing that bags everywhere are unlocked and available for inspection by hordes of shiny-faced, wide-awake baggage inspectors all across this great land of ours.
(Swelling patriotic music crescendoes...)

</sarcasm>

Re:Passwords?!

[theLOUDroom]

I hope I never think any of my passwords are so clever that I feel compelled to tell everyone about them.

Reminds me of one of my favorite userfriendly strips:

Tech: Hello

User: Hi, I need (some random tech support thing)

Tech: Sure, what's your password?

User: Asterix asterix asterix asterix asterix asterix

Tech: (stunned silence)

User: HA! You can't tell if I'm being stupid or clever.

Re:Passwords?!

[Alsee]

INTER-OFFICE MEMO

From: Indianapolis Business Journal Headquarters
To: Info Security
Subject: You're fired

It has come to our attention that 7439 written in base 20 is IBJ. It is our considered opinion that this is a brain damaged security recommendation for use here at the IBJ.

Thank you, but your services will no longer be required. Goodbye.

-

It's like social engineering, without the person

[Phoenixhunter]

Sounds pretty logical to me.

Isn't the effectiveness now compromised?

[iammaxus]

Why did they not keep their tactic of creating customized password dictionaries secret? Seems like they just gave potential criminals a big warning...

Re:Isn't the effectiveness now compromised?

[Scarblac]

Why did they not keep their tactic of creating customized password dictionaries secret? Seems like they just gave potential criminals a big warning...

Because it doesn't matter one bit. Right now, most places where you must pick a password, there is already a warning that you shouldn't pick a word, pick something alphanumeric, something random. Nobody cares. If that doesn't change people's behaviour, this news story won't either.

Re:Isn't the effectiveness now compromised?

[saskboy]

Criminals are not going to write their own webbrower ap, or file sharing program, they will use a common comercially available package that the Intelligence community can use against them, just as script kiddies use the fact that Windows XP is the primary OS against law abiding people.

And criminals, who are none-to-bright to begin with, aren't going to use a password like DSdfWe3421.

Re:Isn't the effectiveness now compromised?

[khrtt]

A friend of mine ran crack over /etc/passwd on his physics department's unix system, successfully cracking 20% of the passwords on file. He sent the results to his sysadmin, with a note asking the sysadmin to implement crack system-wide, and was promptly reprimanded.

On VAX VMS you had to pick a password from a list of randomly generated "pronouncable" strings, if I recall correctly. On many properly-managed UNIX installations the crack program is used to check the user's passwords and will not allow you to use a crackable one. Is there as option to allow only hard passwords on Windows? I honestly don't know...

On the whole, soft password problem seems like a healthy n00b-usability-over-security type thing.

Re:Isn't the effectiveness now compromised?

[X0563511]

Yes, you can mandate that users can only choose strong passwords.

Windows 2000 and up, go into the Local Security Policy (in mmc). Look for "Require Strong Password" (or similar, its been a while).

Why nobody uses it, I don't know.

Re:Isn't the effectiveness now compromised?

[Sepodati]

Requiring "strong" passwords just means users will write them down and put 'em under the keyboard.

---John Holmes...

Re:Isn't the effectiveness now compromised?

[khrtt]

Well, the people trying to hack into your system remotely won't be able to look under the keyboard.

Re:Isn't the effectiveness now compromised?

[scottv67]

A friend of mine ran crack over /etc/passwd on his physics department's unix system, successfully cracking 20% of the passwords on file. He sent the results to his sysadmin, with a note asking the sysadmin to implement crack system-wide, and was promptly reprimanded.

A friend of mine tried a lock-picking tool on the front door of every house in his subdivision, successfully opening 20% of the locked doors. He sent the results to the local police department, with a note asking that the lock-picking tool be tried on every door in town, and was promptly arrested.

Not a problem for me

[Dark+Paladin]

My password is totally unguessable - I mean, who else has the password asdjklf;@#$#@jjdakl?

No - wait, I meant that *wasn't* my password! Hey, stop ssh'ing into my box! No - not my 20 GB of Sailor Moon music collection!

Well, guess I'll have to use my backup password of qwurf$#@ff5a` from now on - No, wait -

Damn it!

Re:Not a problem for me

[0x461FAB0BD7D2]

Pfft. Your password is unguessable? Try my nick!

In other words..

[doormat]

If your password is something you've ever written on your computer, its likely they'll crack it? Interesting.... moral of the story: dont use words found in the dictionary as your password. Inject spaces or numbers or punctuation into the word if you do. And dont write it down on a sticky note under your keyboard.

Re:In other words..

[14erCleaner]

Inject spaces or numbers or punctuation into the word if you do. And dont write it down on a sticky note under your keyboard.

Or just remove punctuation (like apostrophes).

(Sorry....couldnt resist :)

Now I don't look so crazy...

[redmo]

for having my hard drive encrypted by a key, on a flash drive, which is encrypted by a password that is generated randomly every five minutes and hased twice before I lock it in my safe deposit box.

Re:Now I don't look so crazy...

[W3bbo]

Law Enforcement can gain access to safety deposit boxes, so your plan is slightly flawed there.

Re:Now I don't look so crazy...

That's why I store my jump drive in my ass, it comes in a handy suppository case!

Re:Now I don't look so crazy...

[The+Other+JoshG]

Law Enforcement can gain access to your ass, so your plan is slightly flawed there.

Re:It's like social engineering, without the perso

[Rosyna]

Which kind of makes much hard for conspiracy theories that the FBI/NSA/Secret Service require all these back doors into encryption software and/or operating systems. What's the point when humans are still the weakest link?

Because people are stupid/lazy

[Andy+Dodd]

It's always been known that a fully random password is more secure.

But it's a bitch to remember, so people use easier-to-guess passwords anyway.

Knowledge of this technique changes nothing. Any crook smart enough to use totally random passwords after this incident probably is already doing so.

Security = People not computers

[breakbeatninja]

In cases like this (and many others) security is only as strong as the person who manages it. Choose a weak password, choose weak security. I'm sure, however, if this information is public that their actual system is much more advanced. Sort of makes you wonder how sophisticated the NSA's equipment is.

I feel pretty safe under Fedora.

[cfalcon]

I use the built in crypto in Fedora (the device level encryption passed to a loopback file mounted under /enc). I doubt that, absent a key sniffer, my passwords would *ever* be discovered. I have some english words in them (most are long phrases with nonsense punctuation thrown in at several places), so I guess that could be some kind of issue. But overall, I feel pretty secure.

Of course, I'm not actually defending any data that the government would care about, so it's all moot ;)

(Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!)

Re:I feel pretty safe under Fedora.

[cfalcon]

Yes, I'm assuming that. Obviously, if torture is in the realm of the possible, things get much worse. But there are then two kinds of data:

Data whose exposure will end up with you being persecuted for.

Data whose exposure will end up harming a cause you value above yourself.

Torture is a great way for getting either of those, but it will work at 100% efficiency for type 1. Example: assume that me bitching about a girl who threatened to kick my ass if I asked her out (not to imply that this event actually occurred or anything) is a crime punishable by something bad. If the system is so broken that I can be tortured to reveal the password, then it stands to reason that it is so broken that they can inflict "something bad" on me without trial, confession, evidence, or not.

In other words, type 1 data is useless to the government that can torture and endlessly imprison: they already have that power, and that's all type 1 data wins you.

But if you are a captured CIA agent in China, now you have to worry about type 2 data- something that is important to someone besides you. That changes your rules somewhat as well.

Anyone know how that steganographic filesystem is coming?

Re:I feel pretty safe under Fedora.

[Quixote]

Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!

... and so, it appears, are you. ;-)

Comment removed

[account_deleted]

Comment removed based on user account deletion

So, to interpret this article:

[reality-bytes]

The U.S. Secret Service is having success with breaking keys using dictionary-attacks.

Now, reading between the lines:

The U.S. Secret Service has just perfected a brilliant new method of brute-forcing 256-bit keys in a matter of minutes using the same processing power as a pocket calculator.

Therefore the previous dictionary-attack system can safely become public knowledge.

Re:I bet they can't crack this!

[tbase]

Well, not until you put it in my browser cache. Thanks a lot, buddy.

Computer users are stupid - details at 11

[14erCleaner]

This ties in nicely with the "BBC Writer Tries PC Repair" thread. Most people don't understand their computer's software, even if they're criminals trying to hide evidence, apparently.

no shit

[bdigit]

"People still use non-random passwords."

What's easier to remember, Your dogs name or z*4jhDm28&:1~. Now I will wait for someone to reply with "but my dogs name is z*4jhDm28&:1~"

And you know what happens when people use a random password? They write it down and either put it in their top desk draw or on a nice post-it note on their monitor.

Re:no shit

[Slashdot+is+dead]

My parents only let me use alphanumerics to name my dog.

Re:no shit

[pla]

And you know what happens when people use a random password? They write it down and either put it in their top desk draw or on a nice post-it note on their monitor

Not everyone does that... Personally, I open a text editor, enter well-mixed gibberish until I find a key sequence that "feels" comfortable to type, then type it over and over until my fingers remember it.

I couldn't actually tell you my passwords, and could swear to that in court without perjuring myself... "I" simply don't know them. But I can type them with no problem.


Also, another trick that I recommend everyone adopt for their own security... Memorize three "good" passwords (as in, more-or-less indistinguishable from a string of random characters). Use one for public purposes (ie, normal websites), one for normal moderate security use (normal user accounts at work and home), and reserve the last one for root/admin accounts and online financial sites.

Now, that alone will do better than nothing, but one further very easy to remember step will make each one very nearly as good as a separate random string for every single one - Pick an arbitrary character (or two) of your password, and replace them with something about the place you use it. For example, you might change the fourth and seventh characters for the last two letters in the name of the site or machine.

Combining those, you have a basically secure password that you can easily remember, and having one use of it compromised reveals absolutely nothing. Only someone that knows at least two of them has any shot at all of guessing the rest, and even then, only within one of your three classes of password.


Of course, personally, I've simply memorized how to type around two dozen "good" passwords. But for those who don't feel quite so paranoid, the above works rather well.

Secret Services Cracks?

How the Secret Services Cracks Encrypted Evidence

Looks like someone used Microsoft's Grammar Checker to create the headline.

Passphrases get around this

[PxM]

Dictionary attacks and other brute force attacks still don't work too well on passphrases so those who use them can protect their drug money for a little while longer. It should also be noted that the DNA attack won't work unless the Secret Service has your private key file. The actual encryption can't be broken easily so they have to attack the weak encryption on the digital private key that's stored on your computer. If the key is stored in a manner that they can't get to it, then your data will still be safe. E.g. the key is stored on an IC in the computer that self destructs if it is tampered with like IBM's ultra-paranoid laptops. The IC would detect a brute force attack and destroy the key.

--
Want a free iPod?
Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
Wired article as proof

Random

[IPFreely]

If I thought these guys had any since of humor at all, I'd make a 1.5 Gb file of random binary from a random number generator and store it in a file with a suspicious name.

Of course I'd probably end up in Camp-XRay being tortured for the password. That's not where I want to spend my summer vacation.

Re:Random

[drspliff]

Even better would to have a spare hard disk, fill it with 100 different random 1gb files, all with random names, then store all your 'insert highly illegal topic' data in one of those files.

Then for additional measure, have a process running in the background that modifies the access time and modification time randomly on all of them.

The bottom line is, anybody who actually wants to secure their data, and make it almost impossible for anybody to recover it will probably already be doing this.

The article is refering to average joes who think encrypting their stuff will make it more secure (as you can tell by the wording of the article).

Re:You think?

[Rorschach1]

"This is probably because people still have non-random memories."

Pfff. I can remember the opcode for the 6502 halt-catch-fire instruction. I can't, however, remember what I had for breakfast. How's that for random?

Private Dictionaries

[Doc+Ruby]

It's becoming increasingly clear that human language facility is mostly a giant system of cross references. Sometimes those references attach to other experiences outside the language network, like other sensations and actions. But the language itself is a highly flexible collection of weighted references. There's no intrinsic "meaning" to the words and other language elements, just our shared experiences, including our experience of language itself. These private dictionary attacks are an extremely sophisticated attack on the very human space of personal language constraints.

Tron

[Dachannien]

You know, it's amazing that Kevin Flynn had such trouble getting the info he needed to hang Ed Dillinger out to dry, considering that the password for the Master Control Program was "master".

I guess we've come a long way in the past quarter century. Except when it comes to choosing passwords.

Re:It's like social engineering, without the perso

[Shadow+Wrought]

What's the point when humans are still the weakest link?

Especially when all they have to do is offer them chocolate before they bust them;-)

Acronym passwords are a good compromise

[Rei]

You don't have to use random passwords to be secure. Slightly modified acronym passwords tend to be almost as good as completely random passwords, and people tend not to mention the phrase that the acronym is from very often.

For example, a password 'JWfimf#aIgtVae' is about as good as random; and yet, it's simply an acronym for "Juffo-Wup fills in my fibers and I grow turgid. Violent action ensues." with a hash sign thrown in for good measure. Any Star Control II fan would have an easy time remembering it after just a couple uses.

Re:Acronym passwords are a good compromise

[Rei]

Way too long to type. I personally wouldn't want to spend all day trying to type in my password without error; I'd much rather be out playing frungy or something.

Re:Acronym passwords are a good compromise

[Rei]

Oh, another problem with geometric passwords: they're *very* easy to see looking over someone's shoulder. Trust me - I used one back in high school, and before long had all my friends logging on to my account :P

Re:Acronym passwords are a good compromise

[JustKidding]

I used to use a L0pthcrack (LC4 by @Stake) proof password on my w2k box. It contained a non-printable ascii character (alt + keypad combination), that LC4 doesn't scan for, and you can't enter it in the custom search range field.
I stopped using it because I suspect it caused problems with authentication over a network (w2k + xp prof).
I don't know if LC5 (just noticed a new version is out) is able to find it.

Re:Acronym passwords are a good compromise

[John-D]

No, those are all horrible. If it is based on a real word, it will be tried first.

Any good cracking program will substitute $ for S, 4 for A, 3 for E, 7 for L, so on and so on.
This problem is even easier if (like most places, hopefully not microsoft) your IT dept still uses NTLM passwords for window auth. The password algorithm breaks your character into 2 7-char halves and generates a hash via DES. So your great 12 char password is really one 7 character and one 5. The 5 character part will be broken in under 1 hour ( I broke the NP4UL! portion of your password as I typed this; 7minutes, 27 seconds). Even worse are "policies" that enforce 8 character passwords under Windows. Guess how long it takes to 'break' a 1 character password. Those passwords halves are also non-salted and only DES. DES is made to be fast. look up some of the magic you can do with the MMX registers to make DES really fast in certain circumstances - where you are breaking about 60 or more password halves at once.
So if you have a list you are in luck because you can now compare the hash of the half you just broke with all the other halves in the list. Then you may save it off into a database to look up next time you are cracking passwords. Pre-calculation and other methods (so-called Rainbow tables) make cracking these passwords even easier.

Regular crypt passwords under Linux are almost as bad, except the salt makes them much more resistent to pre-calculation.
MD5 passwords under Linux are much more robust if you choose a moderately hard password; as all of the characters in your password count towards the hash, and MD5 is SLOW compared to DES.

My advice is to generate a random password and use that. Include non-printables (alt + numpad). Avoid real words. Write it down and keep it on you until you remember it; 3-4 uses for me usually does the trick. Play with John The Ripper - it does ntlm passwords now.

PS If you use samba, its passwords are also stored in NTLM format; so you should use a different password than your standard MD5 Linux login.

Re:It's like social engineering, without the perso

[Ayaress]

It all comes back to the old axiom: If you rob a bank, make damn sure you pay your taxes.

The basic idea is, if you break the law, you cover every hole you can think of, no matter how trivial. Just like Al Capone should have paid his taxes, criminals (and everybody else for that matter) today need to start using better passwords.

Choosing a password.

[bmalia]

Enter a new password: ***** [penis]

Sorry, your password is not long enough.
Enter a new password:

Re:Still won't work.

[Homology]

People just cannot memorize enough randomness to defeat that kind of attack.

Erh, yes they can : The Diceware Passphrase Home Page

Re:It's like social engineering, without the perso

[ScentCone]

criminals (and everybody else for that matter) today need to start using better passwords

Well, OK, so you're talking about this in more or less academic terms... but, I'd say that what criminals really need to do (um, espcially the ones that are smart enough read up on this sort of thing) is to use their brains for, say, something other than crime.

Passphraes and diceware

[Get+Behind+the+Mule]

Passphrases are the only sensible solution I've ever heard of for divising keys that are both relatively easy to remember and sufficiently random so as to be secure. A random string of characters cannot be reliably memorized. Any word, no matter in what language and no matter how obscure, can be cracked by a dictionary attack. A sequence of words chosen at random can be memorized, and if it's about six or seven words long, is probably beyond the reach of cracker software, even the Secret Service's.

One of the best ways I've seen to construct a secure passphrase is Diceware. Arnold Reinhold constructed a list of about 7500 words of up to six characters in length. Roll five dice to pick out a word in the list; do this a few times to create a passphrase, commit the phrase to memory, and burn anything you might have written down. He calculated that if you choose a passphrase consisting of seven words this way, you have about 90 bits of entropy, which a cracker probably couldn't break in this lifetime. His sample phrase is cleft cam synod lacy yr, which probably takes some practice to memorize, but it can be done.

Re:256-bit encryption?

[bofkentucky]

You've never seen the "shoot here to destroy" stickers that Uncle sam sticks on his computers, usually they are just slightly off center of the hard drive spindles, not sure how a multi-disk box gets tagged, but its probably in a similar manner.

Remember that P-3 that landed in chicom airspace back in 2000/2001, supposedly hammers were used to beat the interior of that bird all to hell when the pilot realized they weren't going to make it to a safe landing area.

How To Make Easy Random Passwords

[cliffjumper222]

This might not be new to some, but it's quite easy to create random passwords that you can remember, although, I suppose you could argue that they are not completely random. Anyway, here goes:

1. Think of a sentence that you can remember, e.g., "My two lovely kids Spike and Mary eat noodles every day!"
2. Take the first letter of each word and use some common substitutions: "M2lkS&Mened!" - Bingo, not only is it a pretty random collection of letters but it includes numbers, upper case and lower case mixed and even punctuation. All lovely stuff to blunt brute force password attacks.
3. When you type it in, say the sentence to yourself in your head. It's really quite easy to remember that way. Also, you can even just about get away with writing it down (in an office environment) and not many people will understand it. Of course, I don't recommend this but people are people.
4. Don't forget to dump the sentence every few months or so and make up a new one. It's no big deal, they're easy to remember.

Hope that helps some.

Re:How To Make Easy Random Passwords

[SmokeHalo]

I read an article from SecurityFocus a while back that had the suggestion of using song lyrics as a password. In the example it gave, the first line from Led Zeppelin's "Stairway to Heaven" was used. Thus the line:

There's a lady who's sure all that glitters is gold

Becomes

Talwsatgig

Of course, you would then add in caps, numbers, or non-alpha characters as you see fit. And if you're thinking of hanging the "decryption key" on your cube wall, it's much less conspicuous with song lyrics than a sentence such as the parent's example.

Password is not correct

[MachDelta]

At my former job, one of the programs we used would return "Password is not correct" if you input the wrong password.

So, for a month, my password was "correct".

Hey, at least I had a handy reminder if I ever forgot what it was. :P

Eat this!

[Maradine]

Hey, SS!

Go stick a pig
-----BEGIN PGP MESSAGE-----
Version: PGP 8.1

qANQR1DBw04DB6hKqQuGABkQD/4ndRFLEcpsuHpf24/Moh2W MS bDwKKMWLDYRUG8
4Jap4LfE3kpiVoiHvKWpSTz2z6lxbknY88 15gzDnFVPCDgH9L/ 0Rzyh7hF1J5xm2
nVF1z1EkQPgNJhk8nrzSs3fu96D9wSuLEt wZhkXjCaTR02/H9+ AQ8lDFKVDQYYAi
XI4Z1knJn+kLvXhyDOXfoyBp8htnRsG5AA wGUJc/GOgAbO668a KoitTl8bwK8Amr
HNgk/wpSGPODVb1VQ3CL8uy1F1efM1UWmO SpddpBa2gWgfs8lm b6KUrfCes38xSe
tzfZ1b0RxyeKJkkSAwJFRH9pJb3cmXfw75 b05d6LKHphwyXXb1 rrDaw2ct6Qt5lA
Ot8+RMrUVd1w3EXEZFO2lV0NeHyWlw0V8q qIFNM+UHcIQCP6kE eIj6niRoG87m7X
EbdUD8Q7rrW8ELD1MBYR/uW0paxJKClUfU mRfoYnj9H4WpHd2X PdIT6AZX23rWK8
GLJPRDo+1DK5JWGzCDmpCqPCk/hC6IaTY4 dj+A1ee7y/w255AS JxBoteG0EKC1j8
EEgdDMGn0/7PVP221FfvUmHiEptXaOIfrH jouJ6RdammqmHWYC sjpmATiWHEP6jf
V1Vw12K2pNTt5h9oVhf0N0g1GyD4jLLmpM OPb0qSCyk8DWaEt0 IZIjqS/QwVV3Ng
i6516BAAj4IEcxfYcbEyxvfyDqwkxzJ6R2 GSy2D9i1P6/xiy6a ASo8qSeArFO4KZ
ATj5YyIDe2HnX66b6z9KaJrRlStSAhKr8l E05enZbjjD9zuliM M09a1L9RDGwB1T
glArSeHh09AKDyYOYRA3eOp6Tdlog4quaQ M8AszGHfdK07+VI7 4sODIqxI46pd/a
frOd100aZXP0w5928LbQT4HSUw9pQAsILN Oftik4aRCNozbquR 0wJ+UDaX8f2Qf3
tvX51ONAm2hSsjkWiBO9n2TMnYYV4th1m4 BVR0sFMO/Pw8tktG 70WC3Y6rDt02G9
ZE6hbscNP2dPGk9Zn1xn0HJSzogOqOYwc7 nCPRIkfrZQ6GUNIQ jDhNphAkJjZQg7
4X31KiVUuJ4LsTNrpvLwl1P+rvzrPHr3Eg IZRGRTBiSTyC4u9d fF1NLlh/iDHEwH
MdarZSX1QRgEJt/ncSvfhqHwGo21HR9lZ7 l00xu9nQCt5PA+qf xIkJN4vsIidT0h
YcopCBgJX61SHI+zdZkvbZ+z0NrrnTx5QD HP7FGrsEsjtrSEDE wEXjKPAltPlmQT
dzMXIikb/312gs99vRUxKh+4tQlSQKlrWr ms/8QXoDCJ/TGbFR b8vpes6+8ce5ii
7iIxoRlYaN5QcwPizj9cFy6AQBGHZGnXDO RX0rs8uzlaDNYnP+ PSwMYBPLhLEbzn
JD0YluWuDrSeGkgFtYzFSf/HPdv8jrHPdV hyvtB0UxjP8VeVGY +ZIMgT+pnKyuGb
liHKlUowBHmL7pbP5F/A348XNovPFL/YG/ xR7XScBtV7W4dSPu 0uiwSnoprHDY10
rRO7SHaproOa+CchbNySs2raYmqk02vebG ZKL17aTZzxxwLgcC q0EfCKNuAR09pm
P54a5qvTc3f3qv5MhvktHrQV6BGzBJvZPs q/bQw8y5OG0j96ym h5CA4YlCfJvdGV
pfRCp8Np+DUPqT7CswmULPjYlsJJjHsxaT 3z/mHqNvkddu5QPj iIn4BXsLTIUMBv
+yPSaWVugMtoyBwruemTV9AwgE90W6nw50 GWlHtF9zrDZ4JO8z aubc1mOsEDI1hf
LPNVSamLx1VY4rwe7yePeAredp8VuT+nJE KGIGd+I0l32NbU1n OB6ju7MtqzYGga
yiiy1f9TE3GVMogQ00c4OIpWXjNMa2GZFZ kcP1uN1mKiFtMQxF QxiPU+bUJhvCI=
=qYai
-----END PGP MESSAGE-----
and you mother, too!

M

OMG!

[temojen]

Unlike other distributed networking programs, such as the Search for Extra Terrestrial Intelligence Project -- which graphically display their number-crunching progress when a host computer's screen saver is activated -- DNA works silently in the background, completely hidden from the user. Lewis said the Secret Service chose not to call attention to the program, concerned that employees might remove it.

"Computer users often experience system lockups that are often inexplicable, and many users will uninstall programs they don't understand," Lewis said. "As the user base becomes more educated with the program and how it functions, we certainly retain the ability to make it more visible."

Wait... Secret Service employees have administrator rights? This is just wrong. Their IS department should know better.

Re:that's all about the brute force

[crimethinker]

There's another one my former boss (an Iranian emigree in 1977) told me.

Three guys from the CIA, Mossad, and the Iranian Secret Police have a competition. Each of them has a burlap sack, and must go into the jungle to capture a wild boar. The CIA goes first. 30 minutes later, he's back, with a wild boar in the sack. Mossad goes next, and he comes back in just 15 minutes with a similar catch.

The Iranian Secret Police goes next. He's back in 2 minutes. The CIA and Mossad are shocked. "No, you can't have alreayd caught a wild boar."

"Open the sack and see for yourself." The CIA and Mossad look in the bag and see a rabbit with cigarette burns, bruises, cuts, and possibly a few broken bones.

"That's not a boar, that's a rabbit. You lose."

On hearing this, the rabbit shrieks out, "no!!!!!! I'm a wild boar! I've been a wild boar for seven years. I can give you the names of other wild boars who are still loose in the jungle!"

-paul

Reminds me of a story... (offtopic)

[hanshotfirst]

A minister wakes one Sunday morning to a bright sunny day. He decides to play hooky for a day, and calls his Jr. Pastor to cover services for him as he is very sick.

He then proceeds to get his golf bag and head for the links. The course is beautiful, the sun is shining, and his game is great.

Up in heaven, St. Peter asks God "Aren't you going to do something about this?" God replies, "Wait and see."

As the round of golf continues, the minister is shooting the best game of his life. On the 18th tee, The minister swings... God commands the ball and it bounces off the water, out of a bunker, and right into the cup.

St. Peter is incredulous. "Why are you REWARDING this man for shirking his duty!? I don't understand?!"

God replies "Who's he going to be able to tell about it?"

Re:It's like social engineering, without the perso

[MrAnnoyanceToYou]

Nah, they just need to steal more so they become revolutionaries or businessmen. "One lawyer with a briefcase can steal more than a thousand men with guns"- The Godfather.

Re:It's like social engineering, without the perso

[MrAnnoyanceToYou]

Logic fails you.

"Criminals with enough money are businessmen" and
"Businessmen with enough money are criminals"
are two different statements. I do not agree with both. HOWEVER, often the means of accumulating large sums of money are closer to crime than should be allowed. Skirting the rules of groups as a whole and "morality" is rewarded too often within the boundaries of our current social systems. I don't particularly believe in morality but i have to sleep with my own dreams, which means I'm not rich and slightly bitter that I'm smart enough to have bad ones when I do bad things.

Quit dragging me off topic with your 'karma to burn' self.

Re:Reminds me of a story... (even more offtopic)

[commodoresloat]

So a guy walks into a church and goes to confession. He tells the priest: "Father, I'm 75 years old, and I've been happily married and faithful for 50 years. I have two children in their thirties and I've never cheated on my wife. Until yesterday. I was driving down the street and saw these two hot 20-year old coeds hitchhiking. I picked them up and drove them to a hotel. They convinced me to join them in the hotel where I proceeded to have sex with both of them for the next two hours."

The priest is quiet for a moment and then says, "are you sorry for your sins?"

The man replies, "Sins? What do you mean?"

The priest sounds concerned. "What do I mean? What kind of Catholic are you?"

The man replies, "Catholic? Father, I'm Jewish!"

The priest is incredulous. "Well then why are you telling me this?

The man replies, "are you kidding? I'm telling everybody!"

TSA-approved locks

[swb]

They now have TSA-approved locks which have some kind of TSA symbol on them that identify them as "OK". There's a master key for the key locks and the combination locks.

Prior to this I used tie wraps (the good ones with the metal in the latching end) through the lock holes on the zippers. I stashed an ancient wire cutters in an outer pocket for opening at my destination.

I don't know 'secure' these really are, but I suppose it makes it just hard enough that the crackheads working in baggage will choose someone else's luggage to rifle. I'm sure the master key component of the TSA-approved locks is trivial as well.

But as someone said above, if someone wants it, they'll just rip the fscking thing open. But it should be good enough. People have long complained about pilfering from luggage, but the complaints REALLY went up when the TSA banned luggage locking. IMHO most of the luggage pilfered was unlocked to begin with, and once everyone's was, it was open season for luggage handlers to steal, so a trivial amount of locking ought to deny them the easy opportunities.