I've had friends tell me (after the fact) about machines they sold with weakly-protected bank statements, images, videos, passwords, etc., that they say either:

a) "I deleted that stuff."

or

b) "Nobody can get to that without my password."

A) is useless for anyone with an undelete tool and a few hours and B) usually just isn't true. All it takes to get around B) is ntpasswd or (in this case) a Mac equivalent, like booting into single-user mode and changing the admin password.

I would think that, were the "friend" in this Grenneman story being malicious, stealing for data, etc., he would've known to use one of these tools rather than asking the lady for her password.

I also love how you can accuse Scott of making things up based solely on a lack of evidence when you're an anonymous coward with equally lacking evidence and won't even use your real name.

As the expression goes...

"Never attribute to malice what can easily be attributed to stupidity."

Maybe you have a problem believing that there really are people that STUPID out there, which I can appreciate. Problem is, they ARE out there. Some of them even work for government offices charged with handling your personal information, I'm betting. The state of affairs being what it is, we're lucky it was some hapless television host and not an intelligence/defense contractor's business laptop.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/424/34167#34167