Password harvesting

1. 2018-10-10 at 11:22 PM UTC

   #1
   

   Soyboy 2.0 - The GMO Reckoning African Astronaut
   Does anyone else use the same few passwords on all websites?
   
   Wouldn't it be trivial for a site to suddenly claim "password not recognised" due to (technical issues), causing most users to try all their normal passwords with that site?
   
   It seems like passwords must be more exploited than ever.
   
   BTW password reuse is a bad idea, you should use a different password for every site (even though none of us do). For instance I had my vk.com account compromised a few months ago due to this, causing people to unfriend me. I know my old username/password combo is out there somewhere.
2. 2018-10-10 at 11:35 PM UTC

   #2
   

   infinityshock Black Hole

   Originally posted by MORALLY SUPERIOR BEING 2.0 - The GMO Reckoning Does anyone else use the same few passwords on all websites?
   
   Wouldn't it be trivial for a site to suddenly claim "password not recognised" due to (technical issues), causing most users to try all their normal passwords with that site?
   
   It seems like passwords must be more exploited than ever.
   
   BTW password reuse is a bad idea, you should use a different password for every site (even though none of us do). For instance I had my vk.com account compromised a few months ago due to this, causing people to unfriend me. I know my old username/password combo is out there somewhere.

   
   i have a mental disorder where i memorize the stupidest shit and dont forget it. (for some ungodly reason i have my first credit card number memorized.) that being the case...i have all my differing passwords for my computer, assorted programs, various websites, etc, memorized...and the less significant the purpose, the simpler the password. my facebook pages have the shittiest PWs because i couldnt care less if they get swiped. for my 'sophisticated' sites...like my work stuff...i have characters and numbers...for example 'i pounded your mom till my balls hurt' is 1#UR303^!11 (thats eleven) ...etc'
   
   my first computer password was '07734' and '7734 2 09'
3. 2018-10-10 at 11:40 PM UTC

   #3
   

   aldra JIDF Controlled Opposition

   Originally posted by infinityshock my first computer password was '07734' and '7734 2 09'

   
   were you 12
4. 2018-10-10 at 11:41 PM UTC

   #4
   Ajax African Astronaut [rumor the placative aphakia]
   Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!
   The following users say it would be alright if the author of this post didn't die in a fire!

   • SBTlauien, 
   • trippymindfuk
5. 2018-10-10 at 11:46 PM UTC

   #5
   

   infinityshock Black Hole

   Originally posted by aldra were you 12

   
   no
6. 2018-10-10 at 11:46 PM UTC

   #6
   

   infinityshock Black Hole

   Originally posted by Ajax Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!

   
   ifuckedyourmomsohardshegaveyouasibling
   The following users say it would be alright if the author of this post didn't die in a fire!

   • Soyboy 2.0 - The GMO Reckoning, 
   • SBTlauien, 
   • trippymindfuk
7. 2018-10-10 at 11:46 PM UTC

   #7
   

   infinityshock Black Hole

   Originally posted by Ajax Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!

   
   no, i tried it. it doesnt work
   The following users say it would be alright if the author of this post didn't die in a fire!

   • Soyboy 2.0 - The GMO Reckoning
8. 2018-10-10 at 11:48 PM UTC

   #8
   

   Soyboy 2.0 - The GMO Reckoning African Astronaut

   Originally posted by Ajax Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!

   
   In theory Lanny shouldn't have access to any of our passwords, since they are all fairly well salted.
   
   Of course my Python is as bad as my French, and even if he is honest all passwords are decodable due to GPUs.
9. 2018-10-11 at 12:09 AM UTC

   #9
   

   SBTlauien African Astronaut

   Originally posted by Ajax Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!

   
   My account is set up so that there is no password on it.
10. 2018-10-15 at 6:32 AM UTC

    #10
    

    Sophie Pedophile Tech Support
    If you want to harvest passwords make one of those "Is my password secure" sites. Just save the passwords and randomly generate a "Safe" or "Not Safe" result page or some shit.
    
    
    Also, IDK if there's even any need for this. Last i heard, there's a database with 1.2 billion unique passwords in it for your cracking pleasure. In any case you should check out SecLists on Guthub.
11. 2018-10-15 at 6:36 AM UTC

    #11
    

    vindicktive vinny Black Hole

    Originally posted by infinityshock my first computer password was '07734' and '7734 2 09'

    
    so thats yiur birth date ?
12. 2018-10-15 at 6:37 AM UTC

    #12
    

    vindicktive vinny Black Hole

    Originally posted by Ajax Lanny installed a nifty feature here so you don’t accidentally post your password. If you type your password and hit submit without realizing you’re in a reply box, it will display as asterisks instead of the true characters. See, here’s mine - **************. Try it out!

    
    nice try.
    
    thats what preview function is for.
13. 2018-10-15 at 6:38 AM UTC

    #13
    

    vindicktive vinny Black Hole

    Originally posted by infinityshock no, i tried it. it doesnt work

    
    its a tard bait.
14. 2018-10-15 at 12:34 PM UTC

    #14
    

    Lanny Bird of Courage
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 [quote pk=560108 author="MORALLY SUPERIOR BEING 2.0 - The GMO Reckoning"] Does anyone else use the same few passwords on all websites? Wouldn't it be trivial for a site to suddenly claim "password not recognised" due to (technical issues), causing most users to try all their normal passwords with that site? It seems like passwords must be more exploited than ever. BTW password reuse is a bad idea, you should use a different password for every site (even though none of us do). For instance I had my vk.com account compromised a few months ago due to this, causing people to unfriend me. I know my old username/password combo is out there somewhere. [/quote] For better or worse the standard thread model is that service providers don't do malicious things and that compromises are relatively infrequent and don't last long. Under that assumption it's reasonable to say that it's not such a terrible thing that a service provider might be able to elicit a list of widely reused passwords from you, since by our assumptions, they simply won't ever do that. It's not really as stupid as it sounds. Most providers have more of an interest in pinning you to a stable, advertiseable, secure identity than they do to getting into your email inbox. From their perspective they simply don't plan to do that, so it's a non-issue. Now you should probably be a little more skeptical than that as a consumer, but trying to assume that every service provider you try to interact with has malicious intent and that you need to restrict the level of information about you to what you're comfortable being in the hands of a malicious party then the amount of the internet you get to use gets pretty small and pretty unfun to use. I'm not saying that isn't the attitude you should have, honestly zero trust is probably the only defensible-from-first-principles way of doing things. I'm just saying there are practical reasons we might prefer a model where participation in a service grants limited trust to the service provider as opposed to try to zero-trust everything, and if we accept that tradeoff then your service provider trying to trawl for your reused passwords isn't really your biggest concern. -----BEGIN PGP SIGNATURE----- iQJOBAEBCAA4FiEEaplk9V8kovCcp8BrznljHEc+lFoFAlvEiTQaHGxhbi5yb2dl cnMuYm9va0BnbWFpbC5jb20ACgkQznljHEc+lFrGVw/9FOeW1OwIxwKe5QZXNkt7 GuU4NYP9e2MRCya1bWJLkKWzILw5/pfVzPt75mbLK8NSBENetyyekc2BVe94Jkcu 1WcfXwnq0rCvTUu5YQ7DpS5BnzKBPnzv5GPVfgXgeAMdfuossX+zALY9JGW+H/1Y KwLzVBoOQewN7Df/4Zzj9qf37rD2IkEbOzf06dEPvSFaJpGPg44INzi8LsePESJw b+qunLVhp0fP0p/0wRPrnVSIIA/7AZDt50m5zZDAsyU1RYFr2rWpt/j6FPEwvc59 sD7eU6UEj2vByO826IDSqQj0jm1UT0pzcWYZbjQpeVLiADoD27WhKYiELwE0dw8a g4gTiWxMcAsprpoSOaZ6NvgBg2NeFhSahCpSWmRsJymT0P7ugSvxsWjZN/eyyCxf rz7ZfReWU3AmtPSXMg5vKRxKXPPsm5Z1OggT2nTDRFRY5BLNDJt3tsZjPiEg1bZw RLq7hBtTz2b6WiMswXzt5L+jbTvaLg3PUSfwrKeeQ27dZZCL0OV63/8H3+jiVdI9 aesi3+UUoKQTuEtKj0T8NJZrWWGyJ3knFav3f2aByvCAH+xSR9FOnEauFKPtIa15 2TwZC4/SNNFBXzvVW9RMjnrwgS/SRTgcfF4tSgFl+o5Cr144u0tVVz+8N98uK2Jm QGuhJnUkr72X0vcWANGn+gA= =hVBD -----END PGP SIGNATURE-----

    Originally posted by MORALLY SUPERIOR BEING 2.0 - The GMO Reckoning Does anyone else use the same few passwords on all websites?
    
    Wouldn't it be trivial for a site to suddenly claim "password not recognised" due to (technical issues), causing most users to try all their normal passwords with that site?
    
    It seems like passwords must be more exploited than ever.
    
    BTW password reuse is a bad idea, you should use a different password for every site (even though none of us do). For instance I had my vk.com account compromised a few months ago due to this, causing people to unfriend me. I know my old username/password combo is out there somewhere.

    
    For better or worse the standard thread model is that service providers don't do malicious things and that compromises are relatively infrequent and don't last long. Under that assumption it's reasonable to say that it's not such a terrible thing that a service provider might be able to elicit a list of widely reused passwords from you, since by our assumptions, they simply won't ever do that.
    
    It's not really as stupid as it sounds. Most providers have more of an interest in pinning you to a stable, advertiseable, secure identity than they do to getting into your email inbox. From their perspective they simply don't plan to do that, so it's a non-issue. Now you should probably be a little more skeptical than that as a consumer, but trying to assume that every service provider you try to interact with has malicious intent and that you need to restrict the level of information about you to what you're comfortable being in the hands of a malicious party then the amount of the internet you get to use gets pretty small and pretty unfun to use.
    
    I'm not saying that isn't the attitude you should have, honestly zero trust is probably the only defensible-from-first-principles way of doing things. I'm just saying there are practical reasons we might prefer a model where participation in a service grants limited trust to the service provider as opposed to try to zero-trust everything, and if we accept that tradeoff then your service provider trying to trawl for your reused passwords isn't really your biggest concern.
    
15. 2018-10-15 at 12:36 PM UTC

    #15
    

    Ghost Black Hole
    I've been using the same password since I was 12 years old.
    
    It uses every letter of the betabet at least once and is so good I can write down the password and people still dont input it right because it's so long if you make one mistake it's over
16. 2018-10-15 at 5:06 PM UTC

    #16
    

    vindicktive vinny Black Hole

    Originally posted by Lanny

    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 For better or worse the standard thread model is that service providers don't do malicious things and that compromises are relatively infrequent and don't last long. Under that assumption it's reasonable to say that it's not such a terrible thing that a service provider might be able to elicit a list of widely reused passwords from you, since by our assumptions, they simply won't ever do that. It's not really as stupid as it sounds. Most providers have more of an interest in pinning you to a stable, advertiseable, secure identity than they do to getting into your email inbox. From their perspective they simply don't plan to do that, so it's a non-issue. Now you should probably be a little more skeptical than that as a consumer, but trying to assume that every service provider you try to interact with has malicious intent and that you need to restrict the level of information about you to what you're comfortable being in the hands of a malicious party then the amount of the internet you get to use gets pretty small and pretty unfun to use. I'm not saying that isn't the attitude you should have, honestly zero trust is probably the only defensible-from-first-principles way of doing things. I'm just saying there are practical reasons we might prefer a model where participation in a service grants limited trust to the service provider as opposed to try to zero-trust everything, and if we accept that tradeoff then your service provider trying to trawl for your reused passwords isn't really your biggest concern. -----BEGIN PGP SIGNATURE----- iQJOBAEBCAA4FiEEaplk9V8kovCcp8BrznljHEc+lFoFAlvEiTQaHGxhbi5yb2dl cnMuYm9va0BnbWFpbC5jb20ACgkQznljHEc+lFrGVw/9FOeW1OwIxwKe5QZXNkt7 GuU4NYP9e2MRCya1bWJLkKWzILw5/pfVzPt75mbLK8NSBENetyyekc2BVe94Jkcu 1WcfXwnq0rCvTUu5YQ7DpS5BnzKBPnzv5GPVfgXgeAMdfuossX+zALY9JGW+H/1Y KwLzVBoOQewN7Df/4Zzj9qf37rD2IkEbOzf06dEPvSFaJpGPg44INzi8LsePESJw b+qunLVhp0fP0p/0wRPrnVSIIA/7AZDt50m5zZDAsyU1RYFr2rWpt/j6FPEwvc59 sD7eU6UEj2vByO826IDSqQj0jm1UT0pzcWYZbjQpeVLiADoD27WhKYiELwE0dw8a g4gTiWxMcAsprpoSOaZ6NvgBg2NeFhSahCpSWmRsJymT0P7ugSvxsWjZN/eyyCxf rz7ZfReWU3AmtPSXMg5vKRxKXPPsm5Z1OggT2nTDRFRY5BLNDJt3tsZjPiEg1bZw RLq7hBtTz2b6WiMswXzt5L+jbTvaLg3PUSfwrKeeQ27dZZCL0OV63/8H3+jiVdI9 aesi3+UUoKQTuEtKj0T8NJZrWWGyJ3knFav3f2aByvCAH+xSR9FOnEauFKPtIa15 2TwZC4/SNNFBXzvVW9RMjnrwgS/SRTgcfF4tSgFl+o5Cr144u0tVVz+8N98uK2Jm QGuhJnUkr72X0vcWANGn+gA= =hVBD -----END PGP SIGNATURE-----

    For better or worse the standard thread model is that service providers don't do malicious things and that compromises are relatively infrequent and don't last long. Under that assumption it's reasonable to say that it's not such a terrible thing that a service provider might be able to elicit a list of widely reused passwords from you, since by our assumptions, they simply won't ever do that.
    
    It's not really as stupid as it sounds. Most providers have more of an interest in pinning you to a stable, advertiseable, secure identity than they do to getting into your email inbox. From their perspective they simply don't plan to do that, so it's a non-issue. Now you should probably be a little more skeptical than that as a consumer, but trying to assume that every service provider you try to interact with has malicious intent and that you need to restrict the level of information about you to what you're comfortable being in the hands of a malicious party then the amount of the internet you get to use gets pretty small and pretty unfun to use.
    
    I'm not saying that isn't the attitude you should have, honestly zero trust is probably the only defensible-from-first-principles way of doing things. I'm just saying there are practical reasons we might prefer a model where participation in a service grants limited trust to the service provider as opposed to try to zero-trust everything, and if we accept that tradeoff then your service provider trying to trawl for your reused passwords isn't really your biggest concern.

    
    2 things about service providers :
    
    1 - they're sometimes incompetent.
    
    2 - they hire people who are/could be malicious.
17. 2018-10-15 at 5:45 PM UTC

    #17
    filtration African Astronaut
    This post has been edited by a bot I made to preserve my privacy.
18. 2018-10-15 at 6:27 PM UTC

    #18
    

    Lanny Bird of Courage
    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 [quote pk=563529 author="vindicktive vinny"] 2 things about service providers : 1 - they're sometimes incompetent. 2 - they hire people who are/could be malicious. [/quote] These are true, but it doesn't seem to change much. Incompetence is fairly unlikely to lead to a third party creating a situation like the once described in OP. Most security compromises involve exfiltration but not ongoing alteration to running software. Not to say that doesn't happen, but usually the assumption is that it doesn't. To the second point, sure, they could hire some guy or contract out to some company that goes rogue and tries an attack like that but again this is usually a scenario that's excluded from the (service provider's) security model, mostly because there's not really anything you can do about it once it happens. Like the way to treat malicious employees or contracting agencies is to avoid them. Sure you'll want to keep people watching each other through code review and security audits (although I'm kinda skeptical of the latter practice as it ended up working in the real world) but if you're operating on the assumption that you can't trust your own software not to be malicious then there is no technical solution, you're just fucked. It's like hey, Intel is probably doing some shady stuff with their ME bullshit but if you're running on an intel processor there's nothing you can do, you can't write software that's secure in the face of arbitrary runtime changes to it, even things like cryptographic signing don't really work under this assumption because the verification logic can be compromised. Threat models [i]must[/i] assume some level of trust to operate, less is better of course, but there are classes of attack that it just doesn't make sense to try to address at the application level. -----BEGIN PGP SIGNATURE----- iQJOBAEBCAA4FiEEaplk9V8kovCcp8BrznljHEc+lFoFAlvE3CkaHGxhbi5yb2dl cnMuYm9va0BnbWFpbC5jb20ACgkQznljHEc+lFpRJw//dt8c2HyW5k2CBGpOdDbR 97tjiYW58Ofg1PUVGI5M19o41Cb7OJ+WNDsAHMxly4W821zEEyPLT9U+IOOsSma8 7B2+crOfpb8ALEvm8pO2zye/EnQGVOQFJ+21oDB0gfoqnBTSrGlE7spkwH48tOsM JtRdh3XNjJbiW/Jy8QinTm4awbuwkS2SShOCM9QnxNYHDFgVwQ0aMp0nueYl16MI 9VUJaqa1ug6l9LFCOrtjeDGDCzQdknKvd3BdXVFyri8DnJqlcZK9mKP9P2Qogmcz /41HfxjnXPN2uEyEvID4SGkIFrsHoY9Q8Ihy3lEKH7g7hEBkhwKdvvR7I1LJFwqm N/PVRrI8AztLRDTybj3YijexFYTmxJI0ptRtLyf0OVKh952rVOiBDk1DSEjrPmmJ 9NV+jtFgPWag+BZ/OmRqBqoy6BiaFt26BVboqT588TTKITra8P21hG4t/xsqv7mw rGPfUSMgFQ7Qp/kMttfugciHkBAzqnKv0QMjSi4jxdoGz2aL7YQQsX/xHQyrEiat VqgunbT7iXiAbrrDf6bW4AjpNPLWt+NohZ0GScGUHs5HMPcO1wKck01jxifz/wJb 4YXB+/iIfVO0uURRKqnOLOi1UpvDuZUrftQbci08w3sqU7+yDHXlpEqKZyA670zO HnAhiyI/Idq3bj8eruPFXhc= =FL00 -----END PGP SIGNATURE-----

    Originally posted by vindicktive vinny 2 things about service providers :
    
    1 - they're sometimes incompetent.
    
    2 - they hire people who are/could be malicious.

    
    These are true, but it doesn't seem to change much. Incompetence is fairly unlikely to lead to a third party creating a situation like the once described in OP. Most security compromises involve exfiltration but not ongoing alteration to running software. Not to say that doesn't happen, but usually the assumption is that it doesn't.
    
    To the second point, sure, they could hire some guy or contract out to some company that goes rogue and tries an attack like that but again this is usually a scenario that's excluded from the (service provider's) security model, mostly because there's not really anything you can do about it once it happens. Like the way to treat malicious employees or contracting agencies is to avoid them. Sure you'll want to keep people watching each other through code review and security audits (although I'm kinda skeptical of the latter practice as it ended up working in the real world) but if you're operating on the assumption that you can't trust your own software not to be malicious then there is no technical solution, you're just fucked.
    
    It's like hey, Intel is probably doing some shady stuff with their ME bullshit but if you're running on an intel processor there's nothing you can do, you can't write software that's secure in the face of arbitrary runtime changes to it, even things like cryptographic signing don't really work under this assumption because the verification logic can be compromised. Threat models must assume some level of trust to operate, less is better of course, but there are classes of attack that it just doesn't make sense to try to address at the application level.
    
19. 2018-10-15 at 6:43 PM UTC

    #19
    

    vindicktive vinny Black Hole

    Originally posted by Lanny

    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 These are true, but it doesn't seem to change much. Incompetence is fairly unlikely to lead to a third party creating a situation like the once described in OP. Most security compromises involve exfiltration but not ongoing alteration to running software. Not to say that doesn't happen, but usually the assumption is that it doesn't. To the second point, sure, they could hire some guy or contract out to some company that goes rogue and tries an attack like that but again this is usually a scenario that's excluded from the (service provider's) security model, mostly because there's not really anything you can do about it once it happens. Like the way to treat malicious employees or contracting agencies is to avoid them. Sure you'll want to keep people watching each other through code review and security audits (although I'm kinda skeptical of the latter practice as it ended up working in the real world) but if you're operating on the assumption that you can't trust your own software not to be malicious then there is no technical solution, you're just fucked. It's like hey, Intel is probably doing some shady stuff with their ME bullshit but if you're running on an intel processor there's nothing you can do, you can't write software that's secure in the face of arbitrary runtime changes to it, even things like cryptographic signing don't really work under this assumption because the verification logic can be compromised. Threat models [i]must[/i] assume some level of trust to operate, less is better of course, but there are classes of attack that it just doesn't make sense to try to address at the application level. -----BEGIN PGP SIGNATURE----- iQJOBAEBCAA4FiEEaplk9V8kovCcp8BrznljHEc+lFoFAlvE3CkaHGxhbi5yb2dl cnMuYm9va0BnbWFpbC5jb20ACgkQznljHEc+lFpRJw//dt8c2HyW5k2CBGpOdDbR 97tjiYW58Ofg1PUVGI5M19o41Cb7OJ+WNDsAHMxly4W821zEEyPLT9U+IOOsSma8 7B2+crOfpb8ALEvm8pO2zye/EnQGVOQFJ+21oDB0gfoqnBTSrGlE7spkwH48tOsM JtRdh3XNjJbiW/Jy8QinTm4awbuwkS2SShOCM9QnxNYHDFgVwQ0aMp0nueYl16MI 9VUJaqa1ug6l9LFCOrtjeDGDCzQdknKvd3BdXVFyri8DnJqlcZK9mKP9P2Qogmcz /41HfxjnXPN2uEyEvID4SGkIFrsHoY9Q8Ihy3lEKH7g7hEBkhwKdvvR7I1LJFwqm N/PVRrI8AztLRDTybj3YijexFYTmxJI0ptRtLyf0OVKh952rVOiBDk1DSEjrPmmJ 9NV+jtFgPWag+BZ/OmRqBqoy6BiaFt26BVboqT588TTKITra8P21hG4t/xsqv7mw rGPfUSMgFQ7Qp/kMttfugciHkBAzqnKv0QMjSi4jxdoGz2aL7YQQsX/xHQyrEiat VqgunbT7iXiAbrrDf6bW4AjpNPLWt+NohZ0GScGUHs5HMPcO1wKck01jxifz/wJb 4YXB+/iIfVO0uURRKqnOLOi1UpvDuZUrftQbci08w3sqU7+yDHXlpEqKZyA670zO HnAhiyI/Idq3bj8eruPFXhc= =FL00 -----END PGP SIGNATURE-----

    These are true, but it doesn't seem to change much. Incompetence is fairly unlikely to lead to a third party creating a situation like the once described in OP. Most security compromises involve exfiltration but not ongoing alteration to running software. Not to say that doesn't happen, but usually the assumption is that it doesn't.
    
    To the second point, sure, they could hire some guy or contract out to some company that goes rogue and tries an attack like that but again this is usually a scenario that's excluded from the (service provider's) security model, mostly because there's not really anything you can do about it once it happens. Like the way to treat malicious employees or contracting agencies is to avoid them. Sure you'll want to keep people watching each other through code review and security audits (although I'm kinda skeptical of the latter practice as it ended up working in the real world) but if you're operating on the assumption that you can't trust your own software not to be malicious then there is no technical solution, you're just fucked.
    
    It's like hey, Intel is probably doing some shady stuff with their ME bullshit but if you're running on an intel processor there's nothing you can do, you can't write software that's secure in the face of arbitrary runtime changes to it, even things like cryptographic signing don't really work under this assumption because the verification logic can be compromised. Threat models must assume some level of trust to operate, less is better of course, but there are classes of attack that it just doesn't make sense to try to address at the application level.

    
    your right.
    
    i was thinking more of a targeted attack at specific individual scenario, like a high ranking goverment employee.