I heard a an interesting mistake occur on the Penn Jillette radio show for the past couple of days. In last Penn’s Tuesday episode he is talking to a substitute co-host trying to get into his regular co-host’s computer. The co-host can’t log in and Penn says live on the air “the password is Dawkins, that’s his password for everything.”
One Wednesday’s episode, he describes the repercussions of that mistake. As he and his wife were sitting in the living room that evening, he gets an email at his private email address saying “You gave out Goudeau‘s password in the air today. Maybe you should change it.” After realizing his mistake and explaining it to his wife, she then suggests that maybe the should check that out. They try to log in, and the old password doesn’t work. Then she gets an IM from Goudeau
- “Hi Emily”.
- “Oh, thank goodness, Goudeau.
There’s been a problem and”
- “I’m not Goudeau”.
They then realized that they didn’t quite know what this guy was up to, but he was in a position of considerable power.
- “Hi, our new friend”
- “I don’t mean to scare you, but I took over all Goudeau’s accounts.”
He then goes on to explain that he saw other people accessing the account, and figured he had to do something to prevent any further damage. Then he went through the address book to try to figure out who the people were and who he would be trusted to straighten this all out. He tells them the temporary password, and Emily and Penn go about getting control of the accounts again. As they are going that, the stranger has one final piece of advice.”
- “Don’t go and change all of the passwords to Borlaug… Sadly, I’m serious. I don’t know what you guys might do.”
There are a variety of errors that caused this problem. (Goudeau being careless, Jillette being too impulsive to think of what he was saying and where.) They were really lucky a relatively honest person looked into it to help them out. (I’m a little conflicted about that guy. I’m don’t think he was in the right to check if it worked and look around, but what he did afterwards was more noble than the other people he saw breaking into the accounts. Lots of states have very similar computer crime laws (the telecom companies gave all the states the same template) and there are cases where well meaning access to other people’s accounts has caused lots of legal trouble. Saying “he shouldn’t of done what he did but I’m glad he did it.” feels odd.)