The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Sunday, May 09, 2004

Word to the wise

Word to the wise: Requesting a password reminder is not hacking an account.

I normally try to avoid online drama, but events between two people whom I read got pretty much out of hand, and while I avoided leaving any comments in their respective websites, one point is still gnawing at me. So I'll comment here, in neutral ground (and I know both of them will read this) and (probably against my better judgement, but that's never stopped me before) give my two bits worth.

A bit of the backstory: Alice and Bob (obviously not their real names) were an item (albeit a long distance item) and during the time they were together, Alice helped Bob register a few domains, and setup one or two web-based communities. Life happened, and several moons ago Alice and Bob broke up. But contact and billing information for the domain hosting and community sites were not updated. Or updated correctly. Or something to that effect.

This brings us up to Friday.

Alice notices that she's still listed as a moderator on the community site run by Bob. Curiosity getting the better of her (and I suspect, a desire to fix the problem right then and there and remove her information), she requested a password reminder.

Which Bob was notified of:

Word to the wise: When you request a password reminder on XXXXXXXXXXX, it goes to the e-mail address on record for that account. So the person associated with that e-mail address now knows that you tried to hack [the] account.

Okay. Do you really think I'd be stupid enough to fail to change the e-mail address and password on a community I now moderate?

How stupid does that make you? *laugh*

It was that comment that struck me badly.

Yes, accessing a computer you are not allowed to access is a Federal offense (not that I totally agree with it, but that's the law as it is currently). But note that in order for it to be a Federal offense, one has to actually access the computer in question. Attempting to gain access? That's a different question. And attempting to gain access to a computer that at one point you had access to? That might not even be a Federal offense.

Case in point. My account at FAU lasted way past my last days there. For all I know, I may still have an account there. Let's see …

[spc]linus:~>ssh spconner@XXXXXXXXXXX.fau.edu
spconner@XXXXXXXXXXX.fau.edu's password: 
Permission denied, please try again.
spconner@XXXXXXXXXXX.fau.edu's password: 
Permission denied, please try again.
spconner@XXXXXXXXXXX.fau.edu's password: 
Permission denied (publickey,password,keyboard-interactive).
[spc]linus:~>

Hhmmm … guess I no longer have access there, but I know that this will show up in the logs; something like:

May  9 23:25:11 XXXXXXX sshd[22328]: Failed
password for spconner from 10.0.0.2 port 36180 ssh2

But will FAU (or the department this machine was in) do anything about it?

I doubt it. It's a one time thing. Now, had I tried multiple times, say, five, ten, a hundred times, then yes, that would definitely be a hacking attempt. Once? Just seeing if the access is still there.

Other examples of hacking?

May  9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=26379 F=0x4000 T=107
May  9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=26381 F=0x4000 T=107
May  9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=26383 F=0x4000 T=107
May  9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=26384 F=0x4000 T=107
May  9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=30400 F=0x4000 T=107
May  9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=30401 F=0x4000 T=107
May  9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=30403 F=0x4000 T=107
May  9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=30405 F=0x4000 T=107

Someone trying to get into my home network. Well, rather, mutiple someones. 51 different sources for 166 attempts (18 from one IP address alone).

And that's just today.

That's a hack attempt.

Requesting a password be emailed?

I'm sorry, that is not a hack attempt.

I suppose Bob's comment hit me rather hard since I've been on the receiving end of hacking attempts multiple times (and still am, as you can see above). After a while, it simply becomes noise and the only hack attempts that are worth consideration are those that actually break in and do damage.

I'm not trying to slight Bob here—after all, I doubt Bob has much experience with being hacked, but I do think that the schadenfreude is misplaced in this instance. Alice did not attempt a hack, nor is she stupid:

With regard to [the] allegation, I have this to say: Yes, I triggered the password retrieval function of the community. Here's why—

The userinfo page on … the community in question still list me as the community moderator. About two days ago, I sent … a politely worded e-mail asking [Bob] to take my name off the userinfo page for … the community in question. I did not think that this is an unreasonable request, particularly since we broke up over five months ago.

I noticed earlier today that the userinfo pages had not been changed, and I idly wondered if my e-mail address was still listed on the community. I was pretty sure that this was not the case, since I was pretty careful to remove myself when I handed it over to [Bob] back in November, but I was curious, so I hit the password retrieval tool.

Just curious. And had I been in a similar situation as Alice, I would have done the same.

Guess that would make me stupid then …

Obligatory Picture

Trying to get into the festive mood this year

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

Obligatory AI Disclaimer

No AI was used in the making of this site, unless otherwise noted.

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.