GenBigdick69(.Y.)

Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

Well, this kind of thing is why I take password security seriously. If someone were to hack my Gmail password, they'll have the combination to my luggage as well.

PaSsWoRd

xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

12345

That's the kind of thing an idiot would have on his luggage!

4StarStud

Sgt Otter: xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

Yeah, this is probably the simplest and best explanation.

PasswordisTaco

From what I've been hearing, there's been a string of bad decisions on Petraeus's part... :/

Sgt Otter: xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

TFA says that General Dumbass GAVE the password to her.

 

/popcorn

xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

Or, and this is just a thought, maybe just maybe no one cares what you do?

I think you're over-inferring on this one, subby.
TFA: During the course of the investigation, federal agents monitoring Broadwell's emails found messages coming from Petraeus' personal Gmail account, and were concerned that his account had been hacked

Sounds to me like they thought, "surely this isn't the actual CIA director flirting with this hot reporter chick?! He knows better than that"

TFO also has this to say: Apparently Broadwell got the names and email addresses of people she was sending these emails to from Petraeus' personal Gmail account., which is pure speculation as is the source article for that statement.

So, we don't know Patraeus had a weak password. Evidently his mistress did, or it's possible the FBI went through whatever legal hoops would allow them to wiretap her account.
We're back to "don't stick your dick in crazy" being the only rule we know Patraeus broke.

Why the frak are y'all showing pics of Palin!?

Sgt Otter: I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

That does sound feasible, and certainly would be something we could blame Patraeus for. If you're in that kind of position, learn to use the logout button.

Kittypie070: Why the frak are y'all showing pics of Palin!?

her yahoo mail account was compromised back in 2008 by a "hacker" armed with her wikipedia page and her answers to the "password recovery" questions, which she evidently filled out with real information instead of just random characters that she couldn't possibly hope to remember, like most people do.

The woman next to Petraeus' wife is Jill Kelley (2nd from right). She's the one that Broadwell sent threatening e-mails to. Apparently both parties are saying there was absolutely nothing going on between both Jill and David.

So it looks like Petraeus' biggest mistake was sticking his dick in crazy

Oh.

Because it's what I think of when I see his name...



General Petraeus! Genreal Petreaus!

that the CIA director would even HAVE a Gmail or hotmail or yahoo email account should be grounds for dismissal.

Seriously? seriously??!

This article is almost entirely wrong on the facts.

Her password / Their password wasn't all that shiatty, but it was too short: "vsKLVg8L" Link Link

Well too short is shiatty, even when you use a legitimately difficult password.

But the real problem was over at Stratfor which let their password database get hacked and which didn't salt their password database.

Sgt Otter: xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

She was military intelligence. That is how they work.

Kittypie070: Why the frak are y'all showing pics of Palin!?

Because you clearly haven't paid attention
sigh....


popcorn

Yes, This does put him in the same league as her.

But the real problem was over at Stratfor which let their password database get hacked and which didn't salt their password database.

Traditional Unix-style salting doesn't help against a targeted attack because the salt is stored with the password. It is intended to prevent bulk or precomputed attacks. Is there some other method that is considered a best practice in the web services world?

ZAZ: But the real problem was over at Stratfor which let their password database get hacked and which didn't salt their password database.

Traditional Unix-style salting doesn't help against a targeted attack because the salt is stored with the password. It is intended to prevent bulk or precomputed attacks. Is there some other method that is considered a best practice in the web services world?

I believe the Stratfor hack was basically a bulk attack. The database was released along with all sorts of clear text credit card numbers and email addresses along with the MD5 password hashes.

Is there some other method that is considered a best practice in the web services world?

I think salting the db still helps as I mentioned above, but I've been wondering about this myself.

Basically, I think it means you can't use basic or digest HTTP authentication but have to build your own login forms that use SSL encryption, and you rate limit password attempts.

I think.

Disapproves

More like General Betray Us!

RoyBatty: ZAZ: But the real problem was over at Stratfor which let their password database get hacked and which didn't salt their password database.

Traditional Unix-style salting doesn't help against a targeted attack because the salt is stored with the password. It is intended to prevent bulk or precomputed attacks. Is there some other method that is considered a best practice in the web services world?

I believe the Stratfor hack was basically a bulk attack. The database was released along with all sorts of clear text credit card numbers and email addresses along with the MD5 password hashes.

Is there some other method that is considered a best practice in the web services world?

I think salting the db still helps as I mentioned above, but I've been wondering about this myself.

Basically, I think it means you can't use basic or digest HTTP authentication but have to build your own login forms that use SSL encryption, and you rate limit password attempts.

I think.

I thought part of the Stratfor compromise was the morons that signed up for compromised (i.e. porn) sites with their stratfor email address and used their same freaking password!

scottydoesntknow: [l3.yimg.com image 850x566]

The woman next to Petraeus' wife is Jill Kelley (2nd from right). She's the one that Broadwell sent threatening e-mails to. Apparently both parties are saying there was absolutely nothing going on between both Jill and David.

So it looks like Petraeus' biggest mistake was sticking his dick in crazy

That photoshop is way below my standards, look at those sharp edges, I would not bang a photoshop that looked like that.

Brontes: Sgt Otter: xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

I doubt she even "hacked" into it. She probably used his laptop while he was in the shower, found out that he was still logged into Gmail, and started snooping.

Yeah, this is probably the simplest and best explanation.

I hope that's how it happened. It'd be pretty sad if a guy in that position didn't use a good password (or better yet the 2-step verification).

Surg3!

'twas his own vanity that bested him... or something.

It was f--king around on his wife that took him down.

CIA director, fails to secure his own email account. seriously embarrassing.
The affair is not the problem here.

toraque: Well, this kind of thing is why I take password security seriously. If someone were to hack my Gmail password, they'll have the combination to my luggage as well.

Is your password 1-2-3-4-5?

/ oblig

The article never mentions if the password is sh*tty or not. The problem was telling it to a jealous biatch. The password could have been "173467321476Charlie32789777643Tango73 2Victor7311788873247678976437" but as soon as you tell it to someone else or post it to Youtube it's no longer secure.

Ambivalence: that the CIA director would even HAVE a Gmail or hotmail or yahoo email account should be grounds for dismissal.

Seriously? seriously??!

This one Canadian reporter, Rosie Dimanno, thinks the President is being a prude about it. Never mind that people working in the CIA would lose their security clearance and hence their jobs for doing the same.

Obama is being a prude

Wow.

Cause on Fark, everyone is a leet haxxor.

The flag traits in the fifth stack prevent salting neutralization, so Petraeus wasn't to blame, people.

/Never stick your dick in crazy.

toraque: Well, this kind of thing is why I take password security seriously. If someone were to hack my Gmail password, they'll have the combination to my luggage as well.


Glenford: That's the kind of thing an idiot would have on his luggage!

Well...

xynix: Hmm. My Gmail password hasn't changed since I signed up for it when it was beta.. It's pretty easy too. I guess the difference is I'm not having an affair, have never done anything illegal, have never emailed bad pics.. Etc. Pretty much just spam and electric bills.

Ask my how I know you are lying.

/is an archaic form of security

BOSCO

cloud_van_dame: CIA director, fails to secure his own email account. seriously embarrassing.
The affair is not the problem here.

The part I have the hardest understanding is not everyone not securing their email, but the part where Paula Broadwell, married, with successful husband, children, highly successful career, plus secret affair with head of CIA, puts all that at risk by sending out taunts and threats to someone perceived as a rival and threats apparently realistic enough that the target goes to the FBI.

That's the part where I can only rationalize it by realizing how much of "success" is pure luck.

AiryAnne: It was f--king around on his wife that took him down.

This. If this were Reddit, you'd get an up-vote, sir.

If his wife can't trust him, then why should his country?