hijacker (PWM) - READ THIS

Discussions about the forum and contents
User avatar
norookie
Posts: 3016
Joined: Tue Jul 07, 2009 1:55 pm

Re: hijacker (PWM) - READ THIS

Post by norookie »

:annoyed Some just like being annoying. :moneybag I'm in too.
" Wealth usually leads to excess " Cicero 55 b.c
TA_Lurker
Posts: 202
Joined: Mon Nov 03, 2008 10:41 pm

Re: hijacker (PWM) - READ THIS

Post by TA_Lurker »

I just updated my easy password to something with 151 bits according to keepass. I encourage others to improve their password less your account be used against the forum. :beer
Bongleur
Posts: 2276
Joined: Fri Dec 03, 2010 10:36 am

Re: hijacker (PWM) - READ THIS

Post by Bongleur »

How about joint civil suits from all the people who's accounts he stole?
Seeking Iso-Elasticity. | Tax Loss Harvesting is an Asset Class. | A well-planned presentation creates a sense of urgency. If the prospect fails to act now, he will risk a loss of some sort.
Bradley
Posts: 486
Joined: Tue May 01, 2007 2:41 pm

Re: hijacker (PWM) - READ THIS

Post by Bradley »

"xenopus" (PWM) wrote:
Wow, Alex you sure do have an active imagination. Fortunately you will not find my name with any court subpoena.
Really? Did you forget about your posts using cellular service? :oops:

Say the word Alex and I will also contribute.
You can sum up any active fund manager’s presentation at an investor conference in one sentence: “We’re doing well, all things considered.”
albedo
Posts: 23
Joined: Fri Aug 21, 2009 9:57 pm

Re: hijacker (PWM) - READ THIS

Post by albedo »

Alex Frakt wrote:
xenopus wrote:Wow, Alex you sure do have an active imagination. Fortunately you will not find my name with any court subpoena.
Really? Did you forget about your posts using cellular service?
I, however, suggest that for once you do what will actually works, which is to unlock the thread and sticky it so there is at least one oasis of honesty on this site. When you left the thread alone I left you alone...so why are you making this so difficult?
There is no point negotiating with someone with no honor. I did leave the thread alone. You are the one who broke your word and hijacked a new account to bump it. On a holiday weekend of all times. Did you think you would catch the moderators unawares? Or is that what bitter, lonely losers do in a pathetic attempt to get some attention when they see normal people out with their friends and family?

This is an advice forum, so I'm going to give you some. I also had a rough childhood which left me with some real issues forming positive relationships with other people. But time, help from some patient people, and a real effort on my part allowed me to work through it. You clearly have the intelligence and the perseverance to do it too. So instead of devoting thousands of hours to anonymously harassing people, get some counseling from a qualified mental health professional and then work on what they tell you. Believe me, relationships built on mutual affection are infinitely more satisfying than those based on mutual antagonism.
I don't own cellular service, Alex. Did you ever think that you have many enemies and that you can't blame all the bad karma you've accumulated on a single boogeyman?

But of course I knew it was you that suffers from mental illness and emotional problems because, aside from your untoward behavior, why else would you accuse me of being mentally ill? In fact, I'm looking at the paperwork certifying my clean mental health in preparation for some other litigation I'm involved with (in which I am the plaintiff, of course) right now...and it's because of my clean state of mental health that I am not afraid of threats from bullies like you nor am I intimidated by the impressive herd of loyal supporters you've culled by censoring/banning your more honest detractors.

And I was not trying to catch you off guard, but I was indeed quite surprised by the fact that you were standing guard on a holiday weekend ready to censor as small a "threat" to your little scam as the 4 letters: "bump". I was on my way to spending time with friends and family, but you apparently were slaving over the computer...and I hope you realize how much of an open book you are: always accusing others of whatever you happen to be feeling insecure of yourself.

It is now Tuesday. So please keep me posted on that suit you claim to be filing because I look forward to following it on the docket. You can muster the entire US army if you'd like because it won't be bothering me in the slightest, though I pity the poor sap that has to defend himself from your unmerciful attack.
User avatar
JMacDonald
Posts: 2337
Joined: Mon Feb 19, 2007 5:53 pm

Re: hijacker (PWM) - READ THIS

Post by JMacDonald »

albedo wrote:
Alex Frakt wrote:
xenopus wrote:Wow, Alex you sure do have an active imagination. Fortunately you will not find my name with any court subpoena.
Really? Did you forget about your posts using cellular service?
I, however, suggest that for once you do what will actually works, which is to unlock the thread and sticky it so there is at least one oasis of honesty on this site. When you left the thread alone I left you alone...so why are you making this so difficult?
There is no point negotiating with someone with no honor. I did leave the thread alone. You are the one who broke your word and hijacked a new account to bump it. On a holiday weekend of all times. Did you think you would catch the moderators unawares? Or is that what bitter, lonely losers do in a pathetic attempt to get some attention when they see normal people out with their friends and family?

This is an advice forum, so I'm going to give you some. I also had a rough childhood which left me with some real issues forming positive relationships with other people. But time, help from some patient people, and a real effort on my part allowed me to work through it. You clearly have the intelligence and the perseverance to do it too. So instead of devoting thousands of hours to anonymously harassing people, get some counseling from a qualified mental health professional and then work on what they tell you. Believe me, relationships built on mutual affection are infinitely more satisfying than those based on mutual antagonism.
I don't own cellular service, Alex. Did you ever think that you have many enemies and that you can't blame all the bad karma you've accumulated on a single boogeyman?

But of course I knew it was you that suffers from mental illness and emotional problems because, aside from your untoward behavior, why else would you accuse me of being mentally ill? In fact, I'm looking at the paperwork certifying my clean mental health in preparation for some other litigation I'm involved with (in which I am the plaintiff, of course) right now...and it's because of my clean state of mental health that I am not afraid of threats from bullies like you nor am I intimidated by the impressive herd of loyal supporters you've culled by censoring/banning your more honest detractors.

And I was not trying to catch you off guard, but I was indeed quite surprised by the fact that you were standing guard on a holiday weekend ready to censor as small a "threat" to your little scam as the 4 letters: "bump". I was on my way to spending time with friends and family, but you apparently were slaving over the computer...and I hope you realize how much of an open book you are: always accusing others of whatever you happen to be feeling insecure of yourself.

It is now Tuesday. So please keep me posted on that suit you claim to be filing because I look forward to following it on the docket. You can muster the entire US army if you'd like because it won't be bothering me in the slightest, though I pity the poor sap that has to defend himself from your unmerciful attack.
What a sick puppy you are to have to highjack accounts to troll on this forum with nothing to offer besides rants.
Best Wishes, | Joe
Khanmots
Posts: 1236
Joined: Sat Jun 11, 2011 2:27 pm

Re: hijacker (PWM) - READ THIS

Post by Khanmots »

What I find most interesting is that he's convinced that engaging in illegal behavior is the way to convince us that his stance is the correct one.

Seems horribly counter productive to me.
madbrain
Posts: 5576
Joined: Thu Jun 09, 2011 5:06 pm
Location: San Jose, California

Re: hijacker (PWM) - READ THIS

Post by madbrain »

SteveB3005 wrote:They run password buster programs and if you have some stupid simple password like password, qwerty, boglehead, they gain entry and post under that name. Short version.
Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
madbrain
Posts: 5576
Joined: Thu Jun 09, 2011 5:06 pm
Location: San Jose, California

Re: hijacker (PWM) - READ THIS

Post by madbrain »

The Wizard wrote:
Alex Frakt wrote:
SteveB3005 wrote:They run password buster programs and if you have some stupid simple password like password, qwerty, boglehead, they gain entry and post under that name. Short version.
That's exactly right. Unfortunately it looks like the only long term solution is going to be to force people to change to long or complex passwords.
It's fairly simple to do this.
Just require 12+ char passwords with at least one each of:
1) lower case letter
2) upper case letter
3) numeral
4) special character

Lady Geek can probably help implement this.
PWB will be crying in his beer after we do this...

One can use passphrases also instead of just passwords.
xerty24
Posts: 4827
Joined: Tue May 15, 2007 3:43 pm

Re: hijacker (PWM) - READ THIS

Post by xerty24 »

madbrain wrote:Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
And it would lock out every legitimate user for every pass since the member list is public. You would basically be allowing anyone to shut down all your users by imposing a hassle on them every time they wanted to post.
No excuses, no regrets.
madbrain
Posts: 5576
Joined: Thu Jun 09, 2011 5:06 pm
Location: San Jose, California

Re: hijacker (PWM) - READ THIS

Post by madbrain »

xerty24 wrote:
madbrain wrote:Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
And it would lock out every legitimate user for every pass since the member list is public. You would basically be allowing anyone to shut down all your users by imposing a hassle on them every time they wanted to post.
You can do more clever things like prevent another login attempt a certain period of time, ever increasing. Or unlock it automatically at a certain time based on the user's successful login statistics (average time between logins).
madbrain
Posts: 5576
Joined: Thu Jun 09, 2011 5:06 pm
Location: San Jose, California

Re: hijacker (PWM) - READ THIS

Post by madbrain »

xerty24 wrote:
madbrain wrote:Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
And it would lock out every legitimate user for every pass since the member list is public. You would basically be allowing anyone to shut down all your users by imposing a hassle on them every time they wanted to post.
Another thing to avoid inconveniencing legitimate users - continue to honor existing login cookies unless the user explicitly logged out.
The "account lockout" inconvenience would only affect those that don't use the cookie feature to remain logged in, and are required to login again.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: hijacker (PWM) - READ THIS

Post by The Wizard »

madbrain wrote:
SteveB3005 wrote:They run password buster programs and if you have some stupid simple password like password, qwerty, boglehead, they gain entry and post under that name. Short version.
Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
No it won't.
There are 23,000+ "members" here at bogleheads, so he just tries the same simple password on all accounts until one cracks.
It bothers me sometimes that, of those 23,000 "members", approximately 4000 have ZERO posts and another 4000 have just ONE post.
Something tells me those accounts might be less secure?
Attempted new signature...
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: hijacker (PWM) - READ THIS

Post by The Wizard »

madbrain wrote: Another thing to avoid inconveniencing legitimate users - continue to honor existing login cookies unless the user explicitly logged out.
The "account lockout" inconvenience would only affect those that don't use the cookie feature to remain logged in, and are required to login again.
That's what I tend to do on my two PCs and two Android devices. But they've changed it lately so I get logged off after X minutes, but my cookie remembers my credentials, so I just click the button to log back on...
Attempted new signature...
dickenjb
Posts: 2941
Joined: Tue Jan 05, 2010 1:11 pm
Location: Philadelphia PA

Re: hijacker (PWM) - READ THIS

Post by dickenjb »

Khanmots wrote:What I find most interesting is that he's convinced that engaging in illegal behavior is the way to convince us that his stance is the correct one.

Seems horribly counter productive to me.
Reminds me of the Unabomber. Maybe this perp's brother will recognize the tone of his rants and turn him in.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: hijacker (PWM) - READ THIS

Post by The Wizard »

It's also possible to track/monitor the IP address of users connecting to the forum. So in theory, you could put a time-out block on an IP address after X unsuccessful login attempts with any combo of username/password.
But they have these ANONYMISER websites that make tracing difficult; I suspect they could refresh one's fake IP address on demand.
http://en.wikipedia.org/wiki/Anonymizer
Attempted new signature...
JW-Retired
Posts: 7188
Joined: Sun Dec 16, 2007 12:25 pm

Re: hijacker (PWM) - READ THIS

Post by JW-Retired »

I'm in. Also just greatly increased the length of my password.
JW
Retired at Last
User avatar
House Blend
Posts: 4792
Joined: Fri May 04, 2007 1:02 pm

Re: hijacker (PWM) - READ THIS

Post by House Blend »

The Wizard wrote:
madbrain wrote:
SteveB3005 wrote:They run password buster programs and if you have some stupid simple password like password, qwerty, boglehead, they gain entry and post under that name. Short version.
Many financial sites will automatically lock your account after a certain number of login attempt failures. The legitimate owner could then unlock the account by having an email sent to their e-mail account. It would seem this would stop the password buster programs dead in their tracks.
No it won't.
There are 23,000+ "members" here at bogleheads, so he just tries the same simple password on all accounts until one cracks.
Don't know whether this is easily implemented in phpBB, but one standard tactic that may work well here is to force all passwords to be *different*. (Or rather, the stored hashes must be different.)

That way only one lazy person can use "boglehead" as their password, and dictionary attacks against the member list will yield fewer successes.

I'm also in favor of a one-time global reset of all BH passwords combined with basic at-least-one-of-these-and-one-of-those requirements on new ones.
User avatar
NAVigator
Posts: 2460
Joined: Tue Feb 27, 2007 7:24 am
Location: Iowa

Re: hijacker (PWM) - READ THIS

Post by NAVigator »

Maybe we can put the secret decoder cards from Treasury Direct to some good use... Oh, never mind.... :wink:

When I click on most of the names used by the troll, I find they are not a valid member. So, is he using defunct logins? Should the user database be cleaned up?

Since the methods used by the troll are likely automated, should the forum start using capcha? It is a pain, but so is this sleazeball.

Should we start adding to the coffers for the legal action? It seems the troll is determined to continue.

Jerry
"I was born with nothing and I have most of it left."
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: hijacker (PWM) - READ THIS

Post by Epsilon Delta »

House Blend wrote:Don't know whether this is easily implemented in phpBB, but one standard tactic that may work well here is to force all passwords to be *different*. (Or rather, the stored hashes must be different.)

That way only one lazy person can use "boglehead" as their password, and dictionary attacks against the member list will yield fewer successes.
This won't work. A reasonable password checking system cannot check for duplicates. Adding the ability to check for duplicates would introduce a weakness into the password system.

A password system will use a "salt" which is a long random number which is different for each password. For each password the system concatenates the salt with the password and stores the hash of that together with the salt. This means that even if two people have the same passwords the hashes will be different.
House Blend wrote:I'm also in favor of a one-time global reset of all BH passwords combined with basic at-least-one-of-these-and-one-of-those requirements on new ones.
You need to read up on entropy, "one-of-these-and-one-of-those" is a canard. "Password1!" is not much more secure than "password".
eucalyptus
Posts: 718
Joined: Tue Apr 24, 2007 1:24 pm

Re: hijacker (PWM) - READ THIS

Post by eucalyptus »

The internet allows people to say "I exist" and "I matter," regardless of the truth of the latter.

Maintaining anonymity requires technical knowledge and discipline. It's unwise to challenge a large group to discover your identity, there are people who do that for sport.
hillman
Posts: 189
Joined: Thu Jun 07, 2012 2:08 pm

Re: hijacker (PWM) - READ THIS

Post by hillman »

Alex Frakt wrote:
SteveB3005 wrote:They run password buster programs and if you have some stupid simple password like password, qwerty, boglehead, they gain entry and post under that name. Short version.
That's exactly right. Unfortunately it looks like the only long term solution is going to be to force people to change to long or complex passwords.
Another option would be 2-step verification for logon. I know Google offers this and Dropbox has recently added the feature.

Keep up the good fight!
exigent
Posts: 1093
Joined: Fri May 07, 2010 8:49 am

Re: hijacker (PWM) - READ THIS

Post by exigent »

Epsilon Delta wrote:
House Blend wrote:I'm also in favor of a one-time global reset of all BH passwords combined with basic at-least-one-of-these-and-one-of-those requirements on new ones.
You need to read up on entropy, "one-of-these-and-one-of-those" is a canard. "Password1!" is not much more secure than "password".
But when combined with restrictions on the number of failed login attempts before locking account (only to be unlocked via e-mail), etc. this would significantly improve security around here. My understanding (perhaps mistaken) is that the accounts were compromised at some point in the past when it was possible to do a brute force attack without getting locked out. Assuming that's no longer a possibility, a site-wide password reset combined with somewhat stricter password guidelines would likely solve the problem.
The Wizard
Posts: 13356
Joined: Tue Mar 23, 2010 1:45 pm
Location: Reading, MA

Re: hijacker (PWM) - READ THIS

Post by The Wizard »

eucalyptus wrote:The internet allows people to say "I exist" and "I matter," regardless of the truth of the latter.

Maintaining anonymity requires technical knowledge and discipline. It's unwise to challenge a large group to discover your identity, there are people who do that for sport.
Well get a couple of them over here and turn them lose.
I'll donate $100 to the reward pool...
Attempted new signature...
User avatar
VictoriaF
Posts: 19544
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: hijacker (PWM) - READ THIS

Post by VictoriaF »

dickenjb wrote:Reminds me of the Unabomber. Maybe this perp's brother will recognize the tone of his rants and turn him in.
To me, the hijacker reminded Fantômas in the 1964 French film of the same name with Jean Marais and Louis de Funès.
[url=http://en.wikipedia.org/wiki/Fant%C3%B4mas_%28film%29]Wikipedia[/url] about Fantômas wrote:Fantômas is a man of many disguises. He uses maquillage as a weapon. He can impersonate anyone using an array of masks and can create endless confusion by constantly changing his appearance.
Using the Fantômas analogy, rather than waiting for a conscientious brother, we should use the strongest weapons.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
DRiP Guy
Posts: 2241
Joined: Tue Feb 20, 2007 4:54 pm

Re: hijacker (PWM) - READ THIS

Post by DRiP Guy »

Count on me!

This guy's methods are exactly what drove the founders to create this forum to begin with. Absolutely unacceptable behavior, and you CANNOT give in to a blackmailer.

If you can provide a paypal account to give us towards building a legal fund, then I'm in for $100 to start!

As has been previously alluded to, I guess the tormenter has never heard of 'white hats'.
Topic Author
Alex Frakt
Founder
Posts: 11098
Joined: Fri Feb 23, 2007 1:06 pm
Location: Chicago
Contact:

Re: hijacker (PWM) - READ THIS

Post by Alex Frakt »

I've started to look for the right lawyer.
User avatar
Taylor Larimore
Advisory Board
Posts: 30178
Joined: Tue Feb 27, 2007 8:09 pm
Location: Miami FL

$100 more in reward money to prosecute

Post by Taylor Larimore »

The Wizard wrote:
eucalyptus wrote:The internet allows people to say "I exist" and "I matter," regardless of the truth of the latter.

Maintaining anonymity requires technical knowledge and discipline. It's unwise to challenge a large group to discover your identity, there are people who do that for sport.
Well get a couple of them over here and turn them lose.
I'll donate $100 to the reward pool...
If PMW continues trying to disrupt this forum, I will donate another $100 to whomever identifies PWM so that we can prosecute for illegal activities and personal slander.

Best wishes.
Taylor
"Simplicity is the master key to financial success." -- Jack Bogle
wellmoneyed
Posts: 267
Joined: Sun May 03, 2009 10:08 am

Re: hijacker (PWM) - READ THIS

Post by wellmoneyed »

I haven't looked at a typical response to this type of behavior on forums, but I suspect filing a lawsuit is not likely the best way to handle this unless you "know" who it is before you start. What if they are not in the US? You will spend all the legal and investigative money for nothing.

An alternative idea might be to enlist a security volunteer that will help make the site secure. Maybe start a thread how to stop account hacking and let people put all their ideas down.

If you go the lawsuit route you may be successful, but the next day you could have a new disgruntled hacker exploiting the same vulnerabilities from a non-us location.

Just my $0.02.
User avatar
Petrocelli
Posts: 2866
Joined: Mon Feb 19, 2007 6:29 pm
Location: Fenway Park, between 2nd and 3rd base

Re: hijacker (PWM) - READ THIS

Post by Petrocelli »

If you all are really thinking about prosecuting a case of this type, and assuming it makes it to trial, you will easily be looking at tens of thousands of dollars in legal fees. Therefore, those of you making donations to the cause may want to up the proverbial ante.
Petrocelli (not the real Rico, but just a fan)
User avatar
fishnskiguy
Posts: 2610
Joined: Tue Feb 27, 2007 1:27 pm
Location: Sedona, AZ

Re: hijacker (PWM) - READ THIS

Post by fishnskiguy »

Petrocelli wrote:If you all are really thinking about prosecuting a case of this type, and assuming it makes it to trial, you will easily be looking at tens of thousands of dollars in legal fees. Therefore, those of you making donations to the cause may want to up the proverbial ante.
You mean you won't do it pro bono?

Shucks.

Chris
Trident D-5 SLBM- "When you care enough to send the very best."
User avatar
DRiP Guy
Posts: 2241
Joined: Tue Feb 20, 2007 4:54 pm

Re: hijacker (PWM) - READ THIS

Post by DRiP Guy »

Petrocelli wrote:If you all are really thinking about prosecuting a case of this type, and assuming it makes it to trial, you will easily be looking at tens of thousands of dollars in legal fees. Therefore, those of you making donations to the cause may want to up the proverbial ante.
I appreciate the splash of cold water, but IMHO, as long as it looks like there is the evidence to both proceed and prevail, I am indeed ready to up my personal ante.

I hate to make suggestions, but I wonder if it would be useful to start one of those 'donation barometer' graphics, titled "Bogleheads Legal Fund."

At some point, the mere fact we have a war chest of thousands and the understanding, judgment and willingness to judiciously expend it as might be required to defend and ensure the running of the board to the satisfaction of the site owners might have some deterrent factor to future miscreants.

Not sure though.

I hope there are background discussions with real experts to think out the most effective strategy.
User avatar
iceport
Posts: 4662
Joined: Sat Apr 07, 2007 4:29 pm

Re: hijacker (PWM) - READ THIS

Post by iceport »

fishnskiguy wrote:
Petrocelli wrote:If you all are really thinking about prosecuting a case of this type, and assuming it makes it to trial, you will easily be looking at tens of thousands of dollars in legal fees. Therefore, those of you making donations to the cause may want to up the proverbial ante.
You mean you won't do it pro bono?

Shucks.

Chris
I was thinking exactly the same thing.

This hacker really does seem like a sick puppy. I just wrote out a small ($50) check to the cause. (With tens of thousands of members, a little from everybody would add up quickly.)

--Pete
"Discipline matters more than allocation.” ─William Bernstein
User avatar
JMacDonald
Posts: 2337
Joined: Mon Feb 19, 2007 5:53 pm

Re: hijacker (PWM) - READ THIS

Post by JMacDonald »

wellmoneyed wrote:I haven't looked at a typical response to this type of behavior on forums, but I suspect filing a lawsuit is not likely the best way to handle this unless you "know" who it is before you start. What if they are not in the US? You will spend all the legal and investigative money for nothing.

An alternative idea might be to enlist a security volunteer that will help make the site secure. Maybe start a thread how to stop account hacking and let people put all their ideas down.

If you go the lawsuit route you may be successful, but the next day you could have a new disgruntled hacker exploiting the same vulnerabilities from a non-us location.

Just my $0.02.
Pursuing this matter either criminally or as a lawsuit may not be practical, but certainly we need to tighten the security of the site to prevent other trolls.
Best Wishes, | Joe
SteveB3005
Posts: 1425
Joined: Mon Feb 19, 2007 9:29 pm

Re: hijacker (PWM) - READ THIS

Post by SteveB3005 »

Yeah, well say it's 30k, that's $15 spread over 2000 members. To defend against it will cost hijackerman thousands also, who is he going to spread the costs to? It's not too late for him to just back off. Please listen to reason, you have made your point, lets just part ways here.
User avatar
BigFoot48
Posts: 2854
Joined: Tue Feb 20, 2007 10:47 am
Location: Arizona

Re: hijacker (PWM) - READ THIS

Post by BigFoot48 »

I would recommend that before the nuclear lawsuit option is pursued, that 1) a strengthen password system be implemented requiring all users to enter a new complex password defeating the system the troll is using, 2) further posts by this individual, identified by his promotion of his website etc., just be deleted without comment, and 3) a Report This Post feature be added to aid in doing #2.
Retired | Two-time in top-10 in Bogleheads S&P500 contest; 15-time loser
User avatar
Petrocelli
Posts: 2866
Joined: Mon Feb 19, 2007 6:29 pm
Location: Fenway Park, between 2nd and 3rd base

Re: hijacker (PWM) - READ THIS

Post by Petrocelli »

fishnskiguy wrote:
Petrocelli wrote:If you all are really thinking about prosecuting a case of this type, and assuming it makes it to trial, you will easily be looking at tens of thousands of dollars in legal fees. Therefore, those of you making donations to the cause may want to up the proverbial ante.
You mean you won't do it pro bono?
No. A for profit website would not qualify for pro bono work under my firm's rules.

My post echoes advice I give all my clients, which is: Think seriously about cost before pursuing litigation.
Last edited by Petrocelli on Tue Sep 04, 2012 4:33 pm, edited 1 time in total.
Petrocelli (not the real Rico, but just a fan)
User avatar
damjam
Posts: 950
Joined: Thu Mar 25, 2010 7:46 am
Location: Brooklyn, NY

Re: hijacker (PWM) - READ THIS

Post by damjam »

Petrocelli wrote:No. A for profit website would not qualify for pro bono work under my firm's rules.
Since when is this a for profit website?
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: hijacker (PWM) - READ THIS

Post by Epsilon Delta »

exigent wrote:
Epsilon Delta wrote:
House Blend wrote:I'm also in favor of a one-time global reset of all BH passwords combined with basic at-least-one-of-these-and-one-of-those requirements on new ones.
You need to read up on entropy, "one-of-these-and-one-of-those" is a canard. "Password1!" is not much more secure than "password".
But when combined with restrictions on the number of failed login attempts before locking account (only to be unlocked via e-mail), etc. this would significantly improve security around here. My understanding (perhaps mistaken) is that the accounts were compromised at some point in the past when it was possible to do a brute force attack without getting locked out. Assuming that's no longer a possibility, a site-wide password reset combined with somewhat stricter password guidelines would likely solve the problem.
The problem is that many users pick the simplest password that a site will allow. The attacker knows this and tries those simple passwords. When you add rules like at least one number the simplest allowed password is no longer "password" it's "password1". It's true that a few people will use "password0" so the hacker gets into fewer accounts, but its not that much harder for the hacker, certainly not 10 times harder. The bad guys have tables of what people choose as passwords when the password must conform to these rules and people are not very random.

So requiring a number makes it a little harder while annoying those who can type. The problem with making the bad guys task a little harder is that it just trains the bad guys, they can make incremental improvements to keep up. You really want to make the bad guys task much harder, so that they beat their heads against the wall until they give up and go away.
User avatar
Petrocelli
Posts: 2866
Joined: Mon Feb 19, 2007 6:29 pm
Location: Fenway Park, between 2nd and 3rd base

Re: hijacker (PWM) - READ THIS

Post by Petrocelli »

damjam wrote:
Petrocelli wrote:No. A for profit website would not qualify for pro bono work under my firm's rules.
Since when is this a for profit website?
I could be wrong. Is it a charitable organization?
Petrocelli (not the real Rico, but just a fan)
Khanmots
Posts: 1236
Joined: Sat Jun 11, 2011 2:27 pm

Re: hijacker (PWM) - READ THIS

Post by Khanmots »

Petrocelli wrote:No. A for profit website would not qualify for pro bono work under my firm's rules.
I was under the impression that the forums were now a part of The John C. Bogle Center for Financial Literacy a 501(c)(3) non-profit public charity? Or is there some strange legal-organization thing I'm unaware of?
User avatar
Taylor Larimore
Advisory Board
Posts: 30178
Joined: Tue Feb 27, 2007 8:09 pm
Location: Miami FL

Bogleheads Forum is a commercial free website

Post by Taylor Larimore »

A for profit website would not qualify for pro bono work under my firm's rules.
The Bogleheads Forum is not a "for profit website." It is commercial free and may be eligible for tax-deductible donations. This link explains:

http://www.bogleheads.org/forum/viewtop ... =3&t=94337

Best wishes.
Taylor

[Correction by admin LadyGeek - donations directly to the forum are not tax-deductible. See Eric's post in that thread: Re: Tax-Deductible Donations to the Forum?. Alex is the site owner.]
"Simplicity is the master key to financial success." -- Jack Bogle
User avatar
greenspam
Posts: 591
Joined: Mon Feb 26, 2007 12:36 pm
Location: east coast

Re: hijacker (PWM) - READ THIS

Post by greenspam »

lawsuit = ridiculous waste of money and time.

just what this world needs, another frivolous lawsuit.

who here has been 'harmed' ???

much ado about next to nothing.

tighten security.
as always, | peace, | greenie.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: hijacker (PWM) - READ THIS

Post by sscritic »

The Center and the Forum are separate entities. The Center is a 501(c)(3); the Forum is not. You can be non-profit and not be a 501(c)(3). I thought the Forum belonged to Alex; I have seen references to him as the owner. Whether he makes a profit is completely separate from the issue of whether it is organized as a non-profit and so recognized by the state.
KyleAAA
Posts: 8699
Joined: Wed Jul 01, 2009 5:35 pm
Contact:

Re: hijacker (PWM) - READ THIS

Post by KyleAAA »

xenopus wrote:Wow, Alex you sure do have an active imagination. Fortunately you will not find my name with any court subpoena. So if you and the others want to waste your money punishing innocent people with costly litigation then be my guest.

I, however, suggest that for once you do what will actually works, which is to unlock the thread and sticky it so there is at least one oasis of honesty on this site. When you left the thread alone I left you alone...so why are you making this so difficult?
You apparently don't know how the internet works. I assure you, a court subpoena will do the trick in short order. You don't even need a connection with cellular data to track these things. Those proxy services? They won't protect you, either. There are plenty of people out there for hire who are very good at doing that sort of thing.
Muchtolearn
Posts: 1563
Joined: Sun Dec 25, 2011 10:41 am

Re: hijacker (PWM) - READ THIS

Post by Muchtolearn »

I am amazed that there are groups of hackers who proudly claim to be doing it. Rarely is anything done unless there is financial damages. Right?
madbrain
Posts: 5576
Joined: Thu Jun 09, 2011 5:06 pm
Location: San Jose, California

Re: hijacker (PWM) - READ THIS

Post by madbrain »

Muchtolearn wrote:I am amazed that there are groups of hackers who proudly claim to be doing it. Rarely is anything done unless there is financial damages. Right?
Wrong, I think you are confusing it with crackers.
http://en.wikipedia.org/wiki/Hacker_%28 ... culture%29
Allan
Posts: 876
Joined: Wed Feb 21, 2007 9:15 pm
Location: Houston

Re: hijacker (PWM) - READ THIS

Post by Allan »

Perhaps bringing this out into a public forum actually stroke's this guys twisted ego and causes more harm than good? What real purpose, other than just venting, is served by public threats and bluster from other members, does this really accomplish anything. Just wondering........

Allan
User avatar
VictoriaF
Posts: 19544
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: hijacker (PWM) - READ THIS

Post by VictoriaF »

Muchtolearn wrote:I am amazed that there are groups of hackers who proudly claim to be doing it. Rarely is anything done unless there is financial damages. Right?
Check out this Wikipedia article about the Anonymous.
We [Anonymous] just happen to be a group of people on the internet who need—just kind of an outlet to do as we wish, that we wouldn't be able to do in regular society. ...That's more or less the point of it. Do as you wish. ... There's a common phrase: 'we are doing it for the lulz.'
Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
roymeo
Posts: 1275
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: hijacker (PWM) - READ THIS

Post by roymeo »

My response in one of the 10's of posts our little stinker posted got lost:

'A wise woman once said "Even if you are right, you're still being --profanity deleted--."'
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo
Locked