Sometimes you are just chatting on IRC and hear that some people still use passwords that appear in quotes on IRC and are mentioned in various IRC channels. If you are fully aware of that, you should of course not use that password for anything. Especially not for anything that can be considered confidential.

The above points seem obvious, but to illustrate the effect this can have I will give an example: Imagine you are the chairman of a well known hosting community providing virtual private servers. Lets call this community 'zoloos'. Further more, imagine that you use a password that has been mentioned in: #linux.nl, #alcohol, #cafe and many other IRC channels as your password. And to make things worse, even imagine that the password is mentioned in quotes.

What will happen then? Well the following information may get publicly known:

1. The personal information of all zoloos members.
2. The confidential minutes of zoloos meetings.
3. Passwords of various zoloos services. I.e. the zoloos cacti and zoloos zabbix.
4. The configuration of the zoloos switch.

So please choose good passwords and change them regularly.

Thanks to Hepp, BugBlue and of course Cinder, who quickly locked the account.

7 comments

Too bad reality is sometimes different. Sad that this entire article is COMPLETELY not how it went in reality, and that people are stupid enough to believe whats written on this blog...

Just for the sake of argument, lets assume you are right. How can you be certain that you are right? Well then you must have access to all my irclogs, call logging of all my phone data etc. My irclogs are stored on different servers, I have 3 phones with 3 different providers. Why if you have access to all this data did you not take action and inform all these parties of this incident, before going public, like I did? I guess this makes you a worse person than I am.

There is 1 crucial error in this entire blog:Further more, imagine that you use a password that has been mentioned in: linux.nl, alcohol, cafe and many other IRC channels as your password. The last 3 words, are simply untrue, which makes this entire blog one big bit of nonsense.

@Murf The fact that random people at the liberationfestival in wageningen this year know it by heart seems prove enough to me that something was terribly wrong. I.e. 11:35:02 @BugBlue: dat kan ik bestrijden, want door dit verhaal hoorde ik het van 2 mensen ergens op een plein in wageningen. But you also claim the article is completely wrong and in your next comment you claim there is only 1 crucial error, that seems at least a little erratic.

Bit sad dont you think? Editting comments... Ah well, you know, have fun with you life...

Personally I think you should not try to post anonymous and you should stop shooting the messenger. Also have the conviction that the fact that i.e. your twitter account was misused is not my fault. It is your own. I did not mention your name or password when publishing this article.

Just for the record. Some comments where editted on special request by proxy by Murf