Threats from a troll

Pages: 12
Did anyone else get a PM from our resident troll?

=====
From: cblack618
So I hope that you know you have been reported to the police for constantly harassing me and stalking me on multiple fourms. you harass me on here as well as Dream In Code.

So congrats cause the police now have your IP address.
=====

The police have your IP address now. You better watch out! *spooky music*

The name looks vaguely familiar *shrug*.
Obviously I would've received one too, but I have PM's turned off.

I was going to leave "the entity" alone.
Not anymore.
There are many disturbed people on this planet.
Damn, this troll is showing off its true trollish nature. As if that weren't evident in the open fora.

Oooh, "...been reported to the police...." You've been told off with that empty threat.

I have not yet received any such missives, and if I did I'd really unload with a lot of "bad words."

I am fluent in over 6 million forms of cursing. ;)
The police have your IP address now.

My ISP would rat me out in a heart-beat if the police came knocking with a warrant.

Not that the police would really bother with "he's a big meanie to me on the internet" whinging. I don't reside in the UK where that is taken seriously instead of real crimes of violence.
How would "the police" (whatever that means) have gotten his IP?
Given the lack of knowledge so far demonstrated by this clodepate the ability to get an IP of another user is just a fart in a wind storm.
Last edited on
"clodepate" (also spelled "clodpate"): a blockhead; a dolt or fool.

That's a new one to me.
"clod": lump of dirt or stupid person.
"pate": head (as in addlepated, also highly applicable).
Last edited on
I like muttonhead! I'm going to use that one all week.

Nincompoop is, of course, a classic.
Possible etymology:
late 17th century: perhaps from the given name Nicholas or from Nicodemus (by association with the Pharisee of this name, and his naive questioning of Christ; compare with French nicodème ‘simpleton’).
Last edited on
If the police have a warrant, getting an IP address is as simple as asking site owners for the logs of a particular user. With that, they then go to ISPs and ask who's provided that particular IP address, then they have your address. If there's 10 people in that house, then you all point at each other and the police sigh.

However, it barely matters depending on where you're from. In the U.S., a court declared an IP address "isn't a person". It's also difficult to legally show that a person did something just because you got a hold of their IP address. And a "cyber bullying" claim would barely be worth the time to investigate, especially if all they have are screenshots of them being stupid.

And finally, always use a VPN so you don't end up like this kid:

https://www.youtube.com/watch?v=iFMSoAV6AkM
For actual legal matters, VPNs just shift the onus from the service provider to the owner of the VPN. If we actually play along and pretend that the threat in this thread was real, and more importantly that there is actually some law being broken, then the VPN could still be contacted just the same as an ISP.
But for non-government-actor stuff, I agree a VPN would help in situations like that, since the VPN probably wouldn't comply.
Last edited on
then the VPN could still be contacted just the same as an ISP.
But for non-government-actor stuff, I agree a VPN would help in situations like that.

This is not fully correct. An ISP logs everything, so they have information to give should police or government get involved. Theoretically, a good VPN service will log nothing, such as the IP address of one who connects to it - so they'd have nothing to give to the government or police should they come knocking.
True, it's not fully correct. Some VPNs are definitely better than others at logging. Some VPNs will claim "no logging" but actually do still log identifiable things. And some governments mandate that certain things (like IP addresses) be logged.
And some governments mandate that certain things (like IP addresses) be logged

Yep, can't trust them all. You have to do some research and see which country they're based off of.

NordVPN seemed reliable until they had a hacker steal accounts and didn't tell theirs customers. In fact, I downloaded a torrent with a list of the stolen accounts and was able to login to the VPN service using most of the accounts I tried -- meaning these paying customers didn't even realize their accounts had been compromised. Their emails and passwords were on display.

Speaking of which, I had my professor make use create a hashing program, where we took in passwords but only stored their hashes to make it more "secure". And then he even put it as a test question! "How do you make a program more secure using a hash table?" Or something like that. As if storing the hashes for a password instead of passwords would somehow make your program more secure.

Like just off the top of my head one easy way to break this "security" would be if you made an account and then stole the information which contained the hashes, you'd then be able to see what hash your password generated and easily figure out what the original hash function(s) were. The three star programmer strikes again.
Like just off the top of my head one easy way to break this "security" would be if you made an account and then stole the information which contained the hashes, you'd then be able to see what hash your password generated and easily figure out what the original hash function(s) were.
And then? The point of hash functions as used in security is that they're (ideally) one-way. Just because you know f and f(x) doesn't mean you can figure out y such that f(y) = f(x).
Ah, true. I didn't take the time to think about that. Our particular hash functions were very weak and limited to 10 spaces - not something impossible to find all possible combinations for and find the most likely password.

A better thought would be to use a common password when signing up for the database. Then you steal the data and compare the hash for your passwords with other hashes. Hashes that are the same are likely to have used the same password. It simply doesn't seems as secure as it should be. Though my initial thoughts at how bad was wrong.
Typically cryptographic hashes are computationally expensive to compute - hopefully too slow to brute-force on the fly. However, with enough time, it's possible to compute a mapping of common passwords to hash codes ahead of time. Such a dataset is called a rainbow table.
https://en.wikipedia.org/wiki/Rainbow_table

In order to protect a system against attacks using rainbow tables, unique random data called a cryptographic salt is stored in the clear with the database of hashes.

The salt is appended to the user's password before the hash is computed. This forces an attacker to compute a rainbow table for each salt.
Last edited on
Yea, I haven't thought too much about this, but that's a horrible issue. The password you choose isn't the only password capable of logging you in.
Pages: 12