Flashing back to summer of 1998: Dave and I, and a few other undergrads, were working on a research project for one of the professors, who also happened to be the administrator for all of the workstations we were working at. Dave had just finished putting together his data-analysis program, and had just hit enter to start it on its first run. Meanwhile the professor had been watching from the other side of the room, and just as he hit enter, his computer played a sound clip: “I’m sorry, Dave, I can’t let you do that”.
Not quite as good, and not *nix-related, but more frequent, at least for me …
Back in about 1988 I ran a small business. We had a mix of a couple dozen Macs and PCs for different tasks. I think the Macs were IIc models on System 5 upgraded to System 6. Hard to recall now.
Anyhow, one of the built-in sound effect themes included an “Uh-oh” that played when an error occurred. Which sounded exactly like my own voice and intonation. It got real tiresome hearing my computer bitch at me in my own voice. The rest of the staff didn’t much care for my audible omnipresence either.
Worse than HAL telling me it wasn’t going to let me do that, I was telling me I wasn’t going to let me do that. Uggh!
This would probably have been done using the write
command. If a ptys were left world writable, then you certainly could do it with >
, but write
was the usual method, at least for chatting in computer labs in the early 90s.
It definitely was not write. Or rather, that’s not what I used. You could do echo, banner, cat and I assume other things (you probably could redirect anything with text output like ls, but I hadn’t tried). I’ve done all those, and I’ve never heard of the write command, so I’m sure of that syntax. (And I wish I could say I was clever enough to figure this out myself, but I had read about it in some book somewhere.)
By the way, the command I had copied had >! and not just a plain >. What does the exclamation mark do in that context?
If the shell variable noclobber
is set, which limits what files can be overwritten from shell redirects, then just >
can’t write to a terminal. Using >!
says not to do those checks this time—so write to the /dev/pty
(terminal) file with the output of your command. I think if noclobber
is not set, then >!
and >
are functionally the same. This is a tcsh
(csh
, too?) thing.
You should be able to pipe whatever you want into write
. Provided, however, that the recipient enabled write access, e.g., by running mesg y
.
Note that at least some versions of operating systems like ITS embraced the hacker philosophy that passwords were unnecessary, even explicitly logging on was optional; all files were editable by all users, and of course the equivalent of mesg
was y
.
Bump
Lastpass has been hacked; Lastpass Co. denies any harm and sorta says it’s the customers own fault.
No, Lastpass was not hacked. A Lastpass customer was hacked. Not the same thing.
I confess that I have not read every post above, but scanning through, I did not see any mention of the way all my financial sites protect me, which is to add some direct contact when they detect a change.
I use Ccleaner regularly, and each time my bank wants to send me a code on a pre-registered phone before they let me in. When I lost my phone a few years ago and bought a new one with a different number, they made me wait until they sent me a code in the mail. Even if someone cracks Amazon and finds my password, I assume that will be inconvenient for me but no financial loss.
I have three levels of secureness: Financial, Shopping and the rest (forums etc). I simply do not see the need for 300 secure passwords when the worst that could happen is that I get kicked off the SDMB because I use the same password as on trucknet.
I do have a password manager. It is an indexed notebook with all the codes and passwords needed to get into all my contacts. If someone steals my tablet and also the book, I will be in trouble. This possibility does not worry me unduly.
From the link:
LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. (emphasis added)
Aah, my bad, I misread who “the company” was in there, it’s Lastpass itself, not some client company, apologies @Northern_Piper
I remember with VAX (I think it was UNIX) at one time, you could pipe text to other terminals. In those days of budget constraints, the system would get overloaded - so when it was running 100%, you would get bumped off after 1 hour to allow others to logon. Except, the finest minds in the CompSci department came up with the simple technique for limiting load - a process every 5 minutes would pipe a “hang up” to the terminal that had been logged on more than an hour. A terminal printing that would disconnect… until everyone learned that by running a terminal process on your terminal, the result would simply terminate the top process and bump you back to the lower level process. At that point, most students would have a dozen or more nested terminal processes running, and get bumped out of each in turn - which did wonders for the system total load.
Scathing writeup of Lastpass’s ass-covering disclosure back in December:
I have an extremely strong master password but it’s not supercool that someone now has a complete list of all my secure websites. That LastPass failed to use encryption for data other than passwords, when they easily could have, is probably a dealbreaker. Time to jump ship.
I’m sort of surprised they had the passwords at all, even encrypted. One job I had, the company had clients with accounts protected by passwords. The actual password was not stored, but a hashcode of it. Thus it was slightly more insecure in that another password guess might render the same hashcode but it made the password database itself more secure because even if it was stolen, it would be worthless.
I couldn’t tell you the number of times I had a client begging me to tell him his password and I had to explain I literally couldn’t – all I could do would be to send a password reset link to the email on file for the account.
LastPass can’t store just the hashes. They could do that for the password to log into LastPass itself, but the whole point of LastPass is that it’s a way to store your passwords for all of your other sites.
The rest of the story is that LastPass stores none of the info that could be used to decrypt your passwords. That info is only in your head and on your devices while they’re actively using LastPass.
To be sure the attackers gained a LOT of useful info about their targets. And may be able to target at least some users with phishing attacks to get the decryption password from them.
We just had to reset our passwords to 16+ characters and yes the CAP, lowercase & $ymbol rules. My question is: aren’t most passwords compromised by phishing like emails saying “Hey I’m a guy from the IT department. There is some suspicious behavior on your account and I need to verify your password. Send that to me please.”
I don’t know whether it’s “most”, but yes, social engineering attacks like that are and always have been common.
I think GMail might now automatically attach warnings to emails asking for passwords, which hopefully helps some.
The other common email scam is the email claiming a problem with your bank account with a [click here to log in] link that goes to an attacker’s fake look-alike website. If you’re fooled you enter your real bank creds on their website and they say “thank you very much”.
To be sure the https protocol itself, and browsers that watch for DNS / certificate mismatches can protect against this kind of thievery. But none of that is foolproof and plenty of end-users are foolish.
To be fair, they would simply simulate a website failure and log you out, close the browser once they have your password details. So rather than getting alarmed and changing your password, you blame it on the vagarities of the Internet tubes, and are none the wiser while they drain your accounts.