[GTALUG] blackmail
Michael Galea
michael at galeahome.ca
Sun Aug 5 13:23:48 EDT 2018
On 08/04/18 00:47, D. Hugh Redelmeier via talk wrote:
> I received a blackmail message by email. It claimed that they hacked my
> system and had compromising videos from my computer's camera.
>
> As proof, they gave me what they claimed was my password. But I only used
> that password on two sites: canadacomputers.com and
> xpresscanada.com (a long-dead Canada Computers site).
>
> So I'm not worried.
>
> I informed CC about three weeks ago. They seemed to ignore the
> report. I phoned again two weeks ago, and they were interested. I
> told them if I didn't hear that they'd informed their customers that
> I'd publicize this security breach.
>
> I've heard nothing else. So I presume that they have not announced it
> to their customers.
>
> Today I got another blackmail message with the same password.
>
> What do you think that I should do?
>
> PS: my password is a random string generated by mkpasswd(1) so it would
> not have been discovered by an online exhaustive search. They most likely
> filched the password file from CC.
>
> PPS: I'm glad that I don't reuse passwords!
> ---
> Talk Mailing List
> talk at gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
I also received such an email, which was amusing because my desktop
doesn't have a camera.. so I ignored it.
I gpg encrypt my master password file. If any of the systems that have a
copy (and I do keep copies) were stolen, I can be assured that my
passwords are still private.
In addition to the passwords, I store a few dozen lines of random
characters, from which I draw new passwords from.
My default template for a passwords entry is:
<entry Name_Of_Entry>
user =
password =
url =
</entry>
which makes cut n paste of desktop convenient.
My workflow is to use a bash script to accept the master password and
use it to decrypt the gpg file to a random temp file, and then launch
vim on it. When vim terminates I check the temp file and re-gpg it if it
has changed.
I am aware that I am vulnerable for the time that I am reading a
password from the file.
I have my wife follow my the same procedure on win10 desktop with an
openoffice encrypted file (oo also uses strong encryption).
My wife was a big password re-user, but clicking on a desktop icon to
open a odt file to get her old/new password info is within her
capabilities.
--
Michael Galea
More information about the talk
mailing list