Author: Albert Silver
Date: 10:41:33 04/26/01
Go up one level in this thread
On April 26, 2001 at 04:05:19, joe dean wrote:
>On April 26, 2001 at 03:38:59, Uri Blass wrote:
>
>>On April 26, 2001 at 03:00:50, joe dean wrote:
>>
>>>On April 25, 2001 at 02:37:28, Ed Schröder wrote:
>>>
>>>>On April 24, 2001 at 22:43:37, Bruce Moreland wrote:
>>>>
>>>>>On April 24, 2001 at 19:08:44, Ed Schröder wrote:
>>>>>
>>>>>>On April 24, 2001 at 13:31:15, Bruce Moreland wrote:
>>>>>
>>>>>>>Chris was allowed to post under his own name during the time of Tom. He was
>>>>>>>here for a bit, but it wasn't any fun for him, so he made some derisive comment
>>>>>>>about the quality of the posts here, and posted his name and password, which
>>>>>>>presumably caused the moderators to have to shut the account down before someone
>>>>>>>else got into it.
>>>>>>
>>>>>>That is something that is still unclear to me. I remember Chris posted his
>>>>>>username and password when he in 1996/1997 left CCC in anger. My question is
>>>>>>or this happened a second time or not.
>>>>>
>>>>>This happened a second time, approximately one year ago. You missed him,
>>>>>because he didn't post much. Eventually he wrote a post complaining about the
>>>>>quality of the membership of CCC and included his password.
>>>>
>>>>I did not know that Bruce, that makes it indeed more complicated.
>>>>
>>>>Thanks for informing me.
>>>>
>>>>Ed
>>>
>>>Factual Error Correction
>>>========================
>>>
>>>When Chris left the CCC in 1996 he did not post any password or username,
>>>although, given later events he should have done.
>>>
>>>Chris left in 1996 and did not post again. As a high-profile poster he asked,
>>>politely by email, to the Founder's Group, with copies to ICD, that his username
>>>and password be destroyed for security reasons.
>>
>>
>>I disagree.
>>Asking to destroy your passward does not give security.
>>
>>The opposite.
>>
>>If the passward is not destroyed people need to guess the right passward in
>>order to post under Chris's name and probably nobody is going to try.
>>
>>If the passward is destroyed a new guy that is not chris can post under Chris's
>>name.
>>
>>Uri
>
>No, Moreland explained how it worked in a detailed posting. He made a thorough
>research at ICD as to what exactly happened in the Chris case.
>
>The technique is to random change the password. The name, email, ISP details or
>whatever remain.
>
>There are two ways to attack the password security. Firstly, if the server is
>insecure. Secondly if the user's computer is insecure.
>
>The random password change will protect you in the second case, which is a
>probably the more likely, especially if your computer is in an office or on a
>network or not defended by a firewall.
>
>You are right that there is no defence if the ICD server has been compromised -
>in that case you would expect to see fake id's posting with apparently valid
>email addresses. Since that is obviously out of the question you can assume the
>ICD server is safe. Or maybe not.
>
>Either way, it is not unreasonable for a high profile poster to be able to
>request that their details are removed from the server. This seems no more than
>a common courtesy. I for one, would be unhappy for password/user details to
>remain on Internet servers for what, one, two, three, twenty, fifty years, after
>I had requested their removal. It has to be a right greanted to users that their
>freely given details can also be removed at their request.
>
>Chris's complaint is that his were not, that his email requests did not even
>receive the courtesy of a reply, and that his password-user combo was used five
>months later to ban him, even though he had posted precisely no material at all
>during that period.
>
>Chris discovered that if a high profile user reject the CCC, the high profile
>user can expect a heavy reaction in retaliation.
>
>Chris also resents that Ed Schroder and Bruce Moreland should be jointly
>'agreeing' with each other an entirely erroneous version of events, in direct
>contradiction to Moreland's previous public posting on the matter, now, more
>than four years later.
>
>Chris wonders why they find it necessary to bolster their very weak case in this
>way.
I find your arguments somewhat strange. I see two:
1) You wanted your password removed for security reasons because you are a high
profile member (a trifle elitist, no?)
2) You wanted your name disassociated with CCC.
For 1), Tim's (or whomever's) idea to randomize the password was best. Not
because the security of the server has been compromised, but because if all
trace of your name is removed, then I can go up and start a CW profile in a snap
because the name doesn't previously exist anymore (nor simliar ones).
If it's 2) then you have to forget about 1).
Albert
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.