A California man on Thursday admitted breaking into the Facebook and email accounts of hundreds of women and stealing nude and semi-nude pictures of them. George Samuel Bronk, 23, of Citrus Heights, pleaded guilty to seven felony charges, including computer intrusion, false impersonation and possession of child pornography. He …
California Highway Patrol?
What, was the guy doing all this whilst driving or something?
CHP - state police
The California Highway Patrol < http://www.chp.ca.gov/html/mission.html > are the state police. They were merged in 1995 < http://www.chp.ca.gov/html/merger.html >.
Guess you're not a CHiPs TV fan.
The 98 Crown Victoria also had a CHIP socket that provided special features for the police 'Interceptor' version of this automobile!
Look stuff up before making fun of it.
"The California Highway Patrol (CHP) is a law enforcement agency of the U.S. State of California. The CHP has patrol jurisdiction over all California highways and also acts as the state police."
California Highway Patrol?
The CHP is more or less the equivalent of the state police in many other states. They have jurisdiction anywhere in the state, although their primary assignment is traffic control on state highways. There is also a law enforcement organization known informally as the state police in California, but their primary job is protecting state buildings and public officials.
Helicopter, because either agency can bust perps.
Even I knew the status of the CHP, and I'm from the UK
They should be issuing arrest warrants for the photographers any minute now.
You know there are free pictures of naked ladies on the internet, right?!
No hacking required - just Google and a filthy mind.
Why does enjoyment of the naked female form require a 'filthy mind'
Little wonder you posted as a Coward as I think your comment says more about you than anything else.
This implies that Rembrandt, Jules Pascin, Zhang Ping, et al had 'filthy minds', some they most likely wouldn't agree with.
Re: Why does enjoyment of the naked female form require a 'filthy mind'
I think your willingness to take that comment so seriously, and to compose the most pretentious list imaginable in support of that seriousness, says more about you than anything else.
But then I have been here too long.
So, so jaded.
"I have been here too long"
I fear so.
Re: So, so jaded.
Hey, I'm only jaded when you're looking.
Re: Re: So, so jaded.
Am I the only one getting slightly turned on by that comment?
In retrospect I should have probably posted anon :)
You think that ticking an anonymous box would stop the moderatrix from knowing who you are?
Re: posting anon!!!
Don't remind everyone that I can see who they are, they'll only get even more overexcited.
re; pretentious list
I find it pretty awesome he can pull a list of dirty nude painters off the top of his head like that.
someone is protesting too much "they're art! not porn! thats why I have them all over my home! tasteful prints and etchings!"
yadda yadda ita a bad thing, but
at the same time I find it highly amusing that there are still people out there learning lessons about password security and "dont put naked pictures of yourself on the fucking internet". I mean, really? its 2011 for fucks sake.
Paris, for obvious reasons
This title no verb
"Dont put naked pictures of yourself on the fucking internet" is one lesson that could be learned, I suppose. I think a better lesson is "don't surround nudity with such walls of shame that having them be on the Internet would cause you distress." *shrug* If someone tried to blackmail me with the threat of naked pictures being spread all over the Internet, I'd just yawn. Who cares? In this day and age, being ashamed over something like that just seems silly to me.
Enlightened yes, but not common
I can imagine many women, men too but particularly women, finding it hard to adopt such an attitude. Imagine if the women's email contact lists included work colleagues.
The issue is not shame of the body, but violation of expected privacy. A woman might happily send her boyfriend intimate pictures. She is not ashamed of her nudity. Obviously she is quite proud of it. That doesn't mean she would be happy for the pictures to become public property.
On the other hand, shame might result from the activity depicted. If the woman is shown performing a sex act or just posing naked in front of a mirror, does she really want her nephews to see that ? No. Is she ashamed of her body ? No.
Yeah - that's all true but....
"That doesn't mean she would be happy for the pictures to become public property."
So don't put those pictures on the Internet at all if you hope to keep them private. There's a difference between how the world should be and how it is in reality.
there's a difference
between shame, and... I dont know what the word Im looking for is.
there's some pretty deranged shit of me online, but you have to search hard for it; my usual handle is this one and its so ridiculously common I'm practically the John Smith of the inter-webs, and my real name is apparently under much wider use by some successful travel book dude or something, so I'm kinda covered there, too. the fact that its out there doesn't bother me. if someone tried to blackmail me personally, I wouldn't care. being labelled 'the dirty old man' at work, however, or having my wife caused embarrassment over what I might have thought was funny one a drunken evening 7 years before I met her is a different thing.
I personally wish there was more of a blanket attitude of "as long as your kids dont see it, what the fuck should I care" but you never know when you're going to run into some prudish and judgemental asshole who decides to bear a grudge because you bared your arse.
It would be nice to live in such a world, but the comments of people with both hands on their keyboard when faced with a woman with her tits out, duck-face at the camera on FB isnt "well, she looks like a nice person having some fun" its usually "vapid attention whore" and the same for a dude is somewhere between "unnnecessary, man, internet cliche" and "what the fuck is wrong with you, you degenerate pervert"
If the woman had "put those pictures on the internet", there would be no story. Instead she emailed the pictures. I agree she acted naively, but emails are not public domain, at least in the view of CHiPs.
Investigators are having a hard time identifying the majority of the victims...
..they can start by looking at their faces instead.
... And this is the Canonical example of why you don't post pictures of yourself naked on the internet, unless you want world + dog to see them.
Not just "the Internet"
But the part of it best known for both poor security and attracting a lot of phishers!
Not sure why ANYONE would even think of putting private things of any kind in such a place, as opposed to, say, a USB stick that lives at the back of the undies drawer when not in use.
For many posting stuff on the internet, means uploading stuff to chatrooms, forums, and blogs. A google, or yahoo email account, is not considered the same thing.
I prefer polaroids.
(It has to be Paris).
They Didn't Post
I'll point out that these people didn't POST the pictures. They SENT them via email. They also made the mistake of publicly posting the same info used to reset their passwords.
Most people have no clue of Internet security. And they also feel that email is a lot more private than it really is.
It's still robbery to steal a car thats left running
They were stupid so I took advantage of them isn't a good legal defence
It's not robbery, it's theft, unless of course, the owner of the car was in it at the time and was forcibly removed from the vehicle.
This is more akin to leaving a car running with £1,000,000 on the back seat.
This is a spectacular example of fail.
This is why I absolutely /loathe/ web designers who are too lazy to build in the ability to write your own challenge/response questions. When all you have is a pick list of common questions, then the chances increase exponentially that this information will be findable somewhere if only an individual chooses to look hard enough.
Dear web devs everywhere: when creating the password reset features for your websites please allow us to actually create three of our own challenges and enter the proper responses.
Here are some great examples off the top of my head:
Challenge: Can kill you with her delete key
Response: Sarah Bee
Challenge: Lewis Page requires
Response: Nuclear aircraft carrier
Much fun to be had!
The question should not contain any clue to the answer, so by all means choose the 'Mother's Maiden Name' option, but whatever you use, it shouldn't relate in any way to you or her.
Today, my mother's maiden name is ljrh39fnmioj48h45mfolm3j98u9034jSFNEICNwjf90
The problem with giving users configurable challenge/response questions is that too many people would set it up as:
Challenge: What is my password.
Too lazy or incapable? Whatever happened to own responsibility and common sense?
IMO its a dual fail here. I personally sort of ridicule (not really, exaggerated a bit) people who still believe that social networks are their for them and to protect their privacy. Their not!
"If you put it on $social_network be ready to share it with the world". How hard can it be ?
But they are challenge responses
Mothers maiden name: zoot alores
First school: hard knocks
Pet name: Boris Johnson
Lewis Page requires...
I'm not so sure we sould allow personal toys like that... whatever you do make sure that you don't accidentally buy him one if you see it on his xmas/birthday wishlist.
Wouldn't work ...
... because a good proportion of people would probably do something like this:
Challenge: What's 1 + 2?
Create your own question
I tend to agree that only picking from a list of questions is likely to lead to answers that are findable.
Knowing this myself I am more likely to give an answer that is deliberately wrong, knowing that it as long as I give the same wrong response if asked the question by this site later I get in.
I can try and give that same advice to others but am aware that as the question is usually to reset a forgotten password, then if you have forgotten that then chances are you have forgotten the wrong answer you set up for that site, which defeats the purpose.
Anyone who knows you're an El Reg commentard can work out the first two.
There's nothing wrong with the standard questions as long as you supply an incorrect answer.
Yeah my bank had that idea....
And now i have 10 standard and non-standard challenge response "scenarios" incluing dates, times, names, questions, codes and passwords.
When i phone i need to give a different one to the web and when i am on the web i need to use certain responses and then a card reader.
Secure, yes i think so, convenient, not really... so they are all written down on a page headed "My bank security questions", computers are far less fallible than me!
Anon, obviously... i have some sense of security.
More than one way to skin a password
One method I've seen suggested is to have a set of memorised 'incorrect' answers to the standard challenge questions.
e.g. Mother's maiden name: Supernova
Another way is to modify your 'correct' answers by preceding them with a keyword that is unique to the site you're using.
e.g. Mother's maiden name: FaceSmith (or YahooSmith, HotSmith, etc.)
If you want to get more sneaky, choose a keyword that is not easily guessable. You can figure something out.
Presumably you've not fielded twenty support calls from people who can't think up their own challenge/response questions, thirty from people who put in any old crap and have no idea what the answer was anyway as it was just random letters, and observed that most of the rest have just typed in mothers maiden name or first pet anyway...
"Challenge: What's 1+2?"
The beauty of that system though, is the good proportion of people who would set that challenge would probably have "5" as the response.
password has 8 letters...
(and so does overcoat)
back in the day people generally referred to her as "Miss ljrh39fnm"
@ Create your own question
Comedienne Lucy Porter said she got her bank to amend her question...
Security Question: You're not going out dressed like that are you ?
Required response : You can't tell me what to do ! YOU'RE NOT MY REAL DAD !!!!
who am I today
Trouble is I forget which 'mother's maiden name' I used when I set up the account.
@ShelLuser: One out of three ain't bad
I know it's not considered acceptable to correct grammar or spelling these days, but I couldn't help but admire this fragment:
"...people who still believe that social networks are their for them and to protect their privacy. Their not!"
To be fair...
...I'd not actually use those particular ones. Or more accurately, I wouldn't use three challenge/response questions from the same place. I would use one from an obscure TV show I liked. Another from a fantasy novel. Another from a bit of El Reg trivia. So on, and so forth.
If you needed to (as my bank does) respond to /all three properly/ in order to reset the password, then they are exceptionally secure. You would have to get my three best friends and my fiancée in a room together to crack my challenge/response questions for the five top sites I use. The chances of someone random person who has collected a little bit of information about me from my comments on El Reg (or anywhere else) deciphering them is fairly small.
Not impossible...but then again no security is perfect. If I used the suggestion of memorizing something like "Mother's maiden name: Supernova" then i am opening up another can of worms. Either I am having to keep that relatively consistent - and thus a data leak on one site means all sites are compromised - or I run the very real risk of not being able to keep track of which challenge response questions are for which sites. even using Facebook.comSupernova and Twitter.comSupernova etc. would be guessable after a single leak.
No, I prefer using challenge response questions that have meaning to me - something that so long as I am not suffering from dementia or brain damage I will always know the answer to - but which are so utterly random in origin that your average net user is highly unlikely to discover. For example, I am a trekkie. The obvious answer to the challenge “pattern” is “buffer.” It is the first thing that pops into my mind and has been since I was about 8.
I understand this doesn’t work for all people. That’s why I see a lot of sites giving the option of “pick from a list or write your own.” The point is that for those who /are/ capable of remembering their own challenge/response pairs, the ability to do so is significantly more secure than having to use the standard questions. not offering that option is nothing more than laziness on behalf of careless developers.