Account Hacked

To all you techno-geniuses, let me clarify so even you can understand.
The Wild Flowers ECCIE account was hacked, on the ECCIE site, NOT THE WF COMPUTER. It was hacked for about half an hour at most before me and the mods caught it and locked it. No posts were made by anyone but me, and the account is now secure.

NO PRIVATE CONTACT OR SCHEDULING INFO WAS EVER AT RISK. Our computers are encrypted with PGP, the best encryption software out there. The whole drive is encrypted, not just files. Our computers auto-encrypt on shut down, and I have a "hotkey" button to instantly encrypt if I need to while I'm using it.

I had a squabble with a hideously malignant creature about 8 months ago. At that time, she threatened me with her squad of computer gimps, I mean "geeks". They've probably been running password cracking software ever since. My previous pass word was not that strong. My new one is.
A strong passphrase contains at least 20 characters, with a mix of upper and lower case letters, numbers and symbols. Mine does.
Whispers's Avatar
I would imagine that the software employed to run the site would record attempts to log in to avoid just that from happening. Maybe a MOD can look into it... It seems rather common these days that after 3-5 invalid attempts to log in that you typically get locked out.....
Whoa! Thanks for an intelligent and non-vindictive comment Whispers! You KNOW I hate to say this, but... (gulp, cough, choke) YOU ARE RIGHT! I don't know how they got my PW for ECCIE, and I don't know if there is a limiter on how many PW attempts can be made when logging onto ECCIE, but if there's not, there damn well should be.
Take it from me!
Whispers's Avatar
Whoa! Thanks for an intelligent and non-vindictive comment Whispers! You KNOW I hate to say this, but... (gulp, cough, choke) YOU ARE RIGHT! Originally Posted by AustinWildFlowers
I try to make all my posts in an intelligent and non emotional manner.... I seldom post out of spite or in a vindictive manner.....

perhaps you should hire me as a PR consultant..... I know how to fry asses verbally and in writing without crossing those lines......

Thanks for taking ownership of the Posts...... Some tried to say that those were made by someone other than you while the account was hacked.....

You owe the Mods an apology..... You lambasted them quite a bit and they are still cleaning up the mess....
GneissGuy's Avatar
Whoa! Thanks for an intelligent and non-vindictive comment Whispers! Originally Posted by AustinWildFlowers
Maybe the mods should check to see if the Whispers account has been hacked.
I have hopefully made my peace with the mods, even the ones who don't "work for me".
(I actually have a great deal of respect for them and the job they do.)
Speaking of working for me, I'm afraid your PR fees might be a bit out of my league.
I'd have to rob a LOT more liquor stores to pay you what I'm sure you'd be worth.
But thanks for the free advice. If I'm smart, I'll take it.
78704's Avatar
  • 78704
  • 06-07-2010, 02:45 PM
Maybe the mods should check to see if the Whispers account has been hacked. Originally Posted by GneissGuy

OW! Fuck! Lemonade out the nose!


Damn it, Gneiss, that's twice in a week!
A hotkey to instantly encrypt? You mean instantly start the encryption process?

<--- Computer Geek
Maybe the mods should check to see if the Whispers account has been hacked. Originally Posted by GneissGuy
LMFAOOO, Sorry but that is pretty damn funny!
GneissGuy's Avatar
A hotkey to instantly encrypt? You mean instantly start the encryption process?

<--- Computer Geek Originally Posted by MisterSmith
I'm not familiar with the PGP products, but done right, the data stays encrypted on the hard drive all the time and is encrypted/decrypted on the fly. Hitting a hot key simply destroys the crypto keys in memory.

Getting it to really work right in practice may be a little more complicated and less certain than that.
Mr. Smith, you are exactly right. The hotkey begins the encryption process which is non-reversible or stoppable. The whole disk is auto-encrypted on shut down, so if I hit the hotkey, even if someone were to grab my computer and hit the power button, it would still continue to encrypt before shutdown.
Rand Al'Thor's Avatar
Either the hard drive is encrypted - meaning everything written to it is encrypted as it's written (cache not withstanding) and decrypted as it's read - or it runs through and encrypts the data on the hard drive on shutdown (and when this hotkey is pressed). If it encrypts the contents of the hard drive on shutdown, it would take over an hour if you have several gigs of data. As for not being able to hit the power button once the hotkey is pressed, pressing and holding down the power button causes the computer to shutdown at the hardware level, no software running will stop this. This will stop your 'encryption' process.

And stating PGP is the best encryption software is like saying Burger King is the best fast food burger.
PGP is pretty INSECURE. It has a known backdoor.
GneissGuy's Avatar
Either the hard drive is encrypted - meaning everything written to it is encrypted as it's written (cache not withstanding) and decrypted as it's read - or it runs through and encrypts the data on the hard drive on shutdown (and when this hotkey is pressed). If it encrypts the contents of the hard drive on shutdown, it would take over an hour if you have several gigs of data. As for not being able to hit the power button once the hotkey is pressed, pressing and holding down the power button causes the computer to shutdown at the hardware level, no software running will stop this. This will stop your 'encryption' process.

And stating PGP is the best encryption software is like saying Burger King is the best fast food burger. Originally Posted by Rand Al'Thor
Pulling the power cord (or the power cord and the battery) always shuts down right away, too.

Given your description of how it works, it's got to be encrypting/decrypting the data on the fly. What little info I could dig up on the web suggests its "on the fly" encryption as well. Your "hot key" is probably just destroying the stored copies of the keys and doing general cleanup. It COULD be trying to shutdown and save running programs, but that would seriously compromise your security.

How long does it take to shutdown when you decide to shutdown?

Unfortunately, PGP has sort of a used-car salesman attitude in their advertisements, so it's a little hard to wade through the puffery and find the details, but it's pretty clear that their full disk encryption stuff keeps ALL the data on the disk encrypted and decrypts and encrypts data on the fly as you use it.
PGP was at one time classified as a "munition" by the US State Dep't, and it's author Phil Zimmerman was prosecuted for illegal exportation. He beat the rap. It is also open source code, and there has never been any credible proof (and we all know I'm big on proof) that it was compromised. Do you use encryption, Winemaker? And, if so, what brand do you recommend, and why? Do you know anything about it, or is this just another case of "If Max does it, it must be bad"? Here's MY "proof"... Check this out:
http://en.wikipedia.org/wiki/Pretty_...curity_quality
It's from Wikipedia, and we all know if it's on the internet, it's GOTTA be true!