BARBELITH underground
 

Subcultural engagement for the 21st Century...
Barbelith is a new kind of community (find out more)...
You can login or register.


Underground > Conversation >

Hijacked Suits & Security Precautions

  
 
Regrettable Juvenilia
13:11 / 07.01.04
So as anyone who's read this will have seen that Barbelith's least favourite pest has hijacked someone else's log-in name (go here for background on said individual). I'm starting this thread as a heads-up for anyone who hasn't seen the thread in question yet - have been PMing Moderators all day to warn them about possibly dodgy mod requests coming from the old Our Lady of the Flowers suit, but what with Barbelith being quite slow today I may have missed a few.

I think we should also be on the alert in general in case this happens again. This might be a good place for people to discuss precautions that can be taken to prevent this happening. Off the top of my head I can only think of these fairly obvious ones:

- Change your Barbelith password regularly.
- Don't tell anyone your password.
- Don't use a password that you use elsewhere.
- If you use a public computer, make sure you log out of Barbelith when you finish using it.

Anyone else?
 
 
Bear
13:27 / 07.01.04
How does this happen though, Barbelith doesn't send out a mail informing you of your password and username when you register and there is no password reminder system is there - how did he find it out - And why didn't he go apeshit - was it caught in time?
 
 
Bed Head
13:29 / 07.01.04
Er, yeah. What Bear said. Short of being given the password, how else can this idiot manage to get hold of it?
 
 
Tryphena Absent
13:33 / 07.01.04
That's a question and a half and something that I'm sure quite a few of us would like to know. As for going apeshit, is that really a common trait in Knowledge? He likes to launch systematic campaigns when it's possible and spring surprises. His bullshit is strangely patient.
 
 
Tezcatlipoca
13:52 / 07.01.04
His bullshit is strangely patient.

And unsettlingly obsessive...
 
 
Bed Head
13:57 / 07.01.04
His bullshit is strangely patient.

For someone that nobody here likes, it seems as though he sure does a lot of patient lurking, the weirdo. As I saw it, last night: Flowers makes a post which mentions idiots from Swansea. Said troll hijacks his suit and makes nasty comments. Falconer calls him. Then troll changes the suit name to ‘sign’ his presence.

One possibility is that he’s had Flowers’ password for x amount of time but was waiting for this moment to use it. Again, the bloody weirdo.

Certainly don’t mean to detour this thread toward yet another general discussion of this child and his methods. Just saying that this password could have been cracked ages ago.

And, how can changing your password regularly help with this? ‘Cause I’ve already become rather attached to my password.
 
 
Spatula Clarke
22:09 / 07.01.04
And, how can changing your password regularly help with this?

Minimises the possibility of anyone being able to figure it out through trial and error. Basically, you might change it to something that they've already tried and aren't likely to try again. It's a small thing, but if you use passwords that are guessable, it's a good idea.

The other piece of advice I can think of is to use a password which is utterly meaningless to anyone else: not a real word, contains digits in the middle of letters, stuff like that.
 
 
The Falcon
00:26 / 08.01.04
This is really pathetic; but with a soupcon of creepy.

Oh, he's done Flowers again.

I didn't call him yesterday, though. I'm the board's shittest Knodge-spotter.

Andrew: Grow up.
 
 
Tryphena Absent
00:34 / 08.01.04
I don't think that asking him to grow up is going to do all that much seeing as how it hasn't worked before and yes it is a little creepy. Totally shit in fact, if you're going to troll can you not stick to your own suits? It's pure nasty to target one person in this way.
 
 
Rage
06:56 / 08.01.04
This STILL isn't over?

You guys are still obsessing over that damn fictionsuit I created back in the day? ::smirk::
 
 
Regrettable Juvenilia
07:34 / 08.01.04
Another reason to change your password regularly: if you've left yourself logged on on a computer and you do this, it will automatically log you off on that computer (as I understand it).
 
 
Rage
08:19 / 08.01.04
Orange alert! Orange alert!
 
 
STOATIE LIEKS CHOCOLATE MILK
08:31 / 08.01.04
God, I miss the board for a couple of days and return to this again. It is indeed creepy, and more than a little sad.

Rage, didn´t you have probs with him on 42012 a while back? How did that go?
 
 
Bear
08:44 / 08.01.04
I think I forgot to logout of a BT web phone at Kingscross last year, should I go check?

I really don't see the need of changing your password at all to be honest, people have as much chance of guessing your new password right? Unless of course they have been trying to guess your password for years, working their way through the dictionary but that would just be a little too crazy..

I'm still not sure how someone could work out your password, unless they're using a program of course... Has Flowers explained what actually happened?
 
 
Rage
08:48 / 08.01.04
I thought he could have done a lot better than posting the same thing a hundred times.

That's what you get for using a password like invisible23...
 
 
w1rebaby
13:19 / 08.01.04
Changing your password helps if there has been a complete security breach and the full password list has been gotten. But that's extremely unlikely.

There are a number of different ways of getting hold of passwords and almost none of them involve technical methods ("hacking"). There are password-guessing programs but they are easily protected against by creating a nonsense password like "reg876yonks!". I'm afraid that the two main methods of people getting passwords are (a) user has a stupid password involving their name, their dog's name, their date of birth etc (b) user tells someone else their password, writes it on a Post-It and leaves it on their monitor etc. If you have *ever*, for any reason, told *anyone* your password, no matter who they are, it is insecure and you should change it right now.

Do remember that if you have an email address that is used to register with, the person in question may have obtained your *email* password and be getting your board password through "remind password" functionality. So you should change the password for that, too, just in case.
 
 
Our Lady Has Left the Building
13:52 / 15.01.04
Brother Bear I'm still not sure how someone could work out your password, unless they're using a program of course... Has Flowers explained what actually happened?

The theory Tom subscribes to is that on the login page Andrew put in my hotmail account, it sent a mail out with my user name and password, he did this possibly middle of the night or just during the day and was lucky, deleted the email and then logged into Barbelith to proceed to fuck things around.

I've not got my hotmail account as my email address for this suit and I would also suggest people hide their email addresses in their profiles. I don't believe he lucked in guessing my log-in name or password because I've never used them publically anywhere. Perhaps the next time a Knodge-suit pops up we can ask him how he did it?
 
 
Bear
14:00 / 15.01.04
Was just worried there was a program being used or that he'd gotten into a user ID list, just paranoid full stop....

Glad everything is back to normal...
 
 
Jub
14:09 / 15.01.04
Perhaps the next time a Knodge-suit pops up we can ask him how he did it?

Or, just ignore the silly little troll.
 
  
Add Your Reply