Re: [GTALUG] blackmail

Sun, 05 Aug 2018 10:24:02 -0700 

On 08/04/18 00:47, D. Hugh Redelmeier via talk wrote:

I received a blackmail message by email.  It claimed that they hacked my
system and had compromising videos from my computer's camera.

As proof, they gave me what they claimed was my password.  But I only used
that password on two sites: canadacomputers.com and
xpresscanada.com (a long-dead Canada Computers site).

So I'm not worried.

I informed CC about three weeks ago.  They seemed to ignore the
report.  I phoned again two weeks ago, and they were interested.  I
told them if I didn't hear that they'd informed their customers that
I'd publicize this security breach.

I've heard nothing else.  So I presume that they have not announced it
to their customers.

Today I got another blackmail message with the same password.

What do you think that I should do?

PS: my password is a random string generated by mkpasswd(1) so it would
not have been discovered by an online exhaustive search.  They most likely
filched the password file from CC.

PPS: I'm glad that I don't reuse passwords!
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk
I also received such an email, which was amusing because my desktop doesn't have a camera.. so I ignored it.
I gpg encrypt my master password file. If any of the systems that have a copy (and I do keep copies) were stolen, I can be assured that my passwords are still private.
In addition to the passwords, I store a few dozen lines of random characters, from which I draw new passwords from. 

My default template for a passwords entry is:
<entry Name_Of_Entry>
    user =
    password =
    url =
</entry>
which makes cut n paste of desktop convenient.
My workflow is to use a bash script to accept the master password and use it to decrypt the gpg file to a random temp file, and then launch vim on it. When vim terminates I check the temp file and re-gpg it if it has changed.
I am aware that I am vulnerable for the time that I am reading a password from the file.
I have my wife follow my the same procedure on win10 desktop with an openoffice encrypted file (oo also uses strong encryption). My wife was a big password re-user, but clicking on a desktop icon to open a odt file to get her old/new password info is within her capabilities. 


--
Michael Galea
---
Talk Mailing List
[email protected]
https://gtalug.org/mailman/listinfo/talk

Reply via email to