Dead Men Tell No Passwords

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/technology/0,1282,52997,00.html

By Michelle Delio 
12:08 p.m. June 5, 2002 PDT 

The man in charge of archiving and maintaining electronic copies of
Norway's most important historical documents is dead and so is access
to those archives.

So the director of the Norwegian cultural center is pleading for
hackers to help him crack the center's password-protected database.

The problem started when the technician responsible for the archives
at Norway's National Center of Language and Culture never divulged the
password before he died a few years ago.

Since then, employees at the center have been unable to access some of
the password-protected archives that contain data on a collection of
thousands of documents and books. A national database that allowed
researchers access to those documents is also partly inaccessible.

So center director Ottar Grepstad sent out an appeal Tuesday on a
national radio broadcast, asking for hackers to help crack into the
system and discover the programmer's password.

A spokesman for the center said they have received many more replies
than they expected, and are now trying to select the code wizard who
can best help them solve the problem.

Helpful hackers are hoping that the technician wasn't heavily into
security and used an obvious password, instead of the random jumble of
letters and numbers that security experts advise.

"It would be great if the password is his dog's name," said Marco
Pasquale, a Toronto programmer who volunteered to hack the center's
database. "If it's a gibberish password it'll be a real challenge."

The center's dilemma has sparked discussion among some techies who
wondered if there were any way to ensure that their projects would not
suffer if they were to die unexpectedly.

Some have decided to use Aryeh Holzer's "Dead Man's Switch," a program
intended to avoid any postmortem problems or embarrassment.

The switch, if not regularly reset, automatically carries out a series
of pre-designated tasks. It can post pre-composed messages to a geek's
favorite discussion groups, send e-mails to pre-selected addresses,
and protect sensitive files by encrypting or destroying them.

But some who have used the program advise caution.

"I went on vacation, and forgot all about the switch," said Kenny
LaGuardia, a Web designer from Los Angeles. "When I returned home, the
program had posted, 'So I guess I'm dead' messages to all the
newslists I subscribe to, and destroyed all my adult entertainment
files."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.