792: Password Reuse

Explain xkcd: It's 'cause you're dumb.
(Redirected from 792)
Jump to: navigation, search
Password Reuse
It'll be hilarious the first few times this happens.
Title text: It'll be hilarious the first few times this happens.

[edit] Explanation

This comic has three layers: hacking, philosophy, and Google-satire.

It starts off on a practical level, with Black Hat describing a devious social engineering scheme. It relies on the fact that people commonly reuse the same password on multiple websites, and tend to create accounts on new websites somewhat indiscriminately. Thus, one could create a simple Web service to collect users' usernames, email addresses, and passwords. Since many users will reuse this combination on other websites as well, the website owner can try to hack their accounts on other common sites, such as Amazon or PayPal, using the same login info.

In panel 6, the comic suddenly develops a philosophical and ethical bent. Black Hat reveals that he has already carried out step 1, through his numerous unprofitable Web services which he had been running for this very purpose. However, after successfully executing the hack, he realizes that he does not know what to do with all this power. He reveals that he is already financially self-sufficient, and makes a point that money can't buy happiness. He could use his power to realize his sadistic pleasures of messing with people, but he's already a serial classhole. If he had any beliefs or ideology, he could use this power to try to spread them. However, he reveals that "since March of 1997" he doesn't really believe in anything - On March 26 1997 In San Diego, California, 39 Heaven's Gate cultists committed mass suicide at their compound. The dilemma: Black Hat has cleverly executed a hack that has given him a lot of power, but he doesn't know what to do with it.

The last part of the comic now transitions to a satire on how Google has already gone through both the stages described above. It describes how all of Google's free services are simply a ploy to collect and control all the world's information, similar in concept but grander than the hack described in part 1. It satirizes the notion that behind Google's "Don't be evil" motto is actually an end-goal of using their powers eventually for evil. However, just like Black Hat, once Google reaches the stage where they are able to capitalize on their powers, they find that there is nothing evil left for them to desire. They already make a lot of money, and anything remaining that they wish to do, such as throwing CoD tournaments, isn't evil at all.

This comic was directly referenced in 1286: Encryptic.

[edit] Transcript

[Cueball at a computer with Black Hat behind him.]
Black Hat: Password entropy is rarely relevant. The real modern danger is password reuse.
Cueball: How so?
Computer: Password too weak.
Black Hat: Set up a Web service to do something simple, like image hosting or tweet syndication, so a few million people set up free accounts.
Black Hat: Bam, you've got a few million emails, default usernames, and passwords.
Black Hat: Tons of people use one password, strong or not, for most accounts.
[Diagram showing a table of emails, usernames, and passwords.]
Black Hat: Use the list and some proxies to try automated logins to the 20 or 30 most popular sites, plus banks and PayPal and such.
Black Hat: You've now got a few hundred thousand real identities on a few dozen services, and nobody suspects a thing.
Cueball: And then what?
Black Hat: Well, that's where I got stuck.
Cueball: You did this?
Black Hat: Why do you think I hosted so many unprofitable web services?
Black Hat: I could probably net in a lot of money, one way or another, if I did things carefully. But research shows more money doesn't make people happier, once they make enough to avoid day-to-day financial stress.
Black Hat: I could mess with people endlessly, but I do that already. I could get a political or religious idea out to most of the world, but since March of 1997 I don't really believe in anything.
Black Hat: So, here I sit, a puppetmaster who wants nothing from his puppets.
Black Hat: It's the same problem Google has.
Cueball: Oh?
[A meeting at Google headquarters. An executive is talking to some others.]
Google...
Executive 1: Okay, everyone, we control the world's information. Now it's time to turn evil. What's the plan?
Executive 2: Make boatloads of money?
Executive 1: We already do!
Executive 2 (off-panel): Set up a companywide CoD4: Modern Warfare tournament each week?
Executive 1: That's not evil!
Executive 2: Ooh, dibs on the lobby TV!
Executive 1: Okay, we suck at this.
Comment.png add a comment!

Discussion

And now it turns out that Google gives our data to NSA....sigh. 24.7.241.154 07:58, 11 June 2013 (UTC)Monica

What happened in March of 1997? MR (talk) 18:23, 4 April 2013 (UTC)MR

Hi! After consulting Wikipedia's article about March 1997 (http://en.wikipedia.org/wiki/1997), I think there are two main incidents Black Hat could refer to:

  • The Phoenix Lights, a group of supposed UFOs, turned out to be probably military aircrafts.
  • The mass suicide committed by 39 Heaven's Gate cultists.

Since we know little about Black Hat's life in 1997, we could argue that he was expecting an extra-terrestrial contact or that he was attracted by the ideas of that creed - and that the disillusion brought him his present disbelief in things. Of course those are just hypotheses, and don't seem to fit the character as we know him...Inverno1407 (talk) 11:30, 15 April 2013 (UTC)



"In the conclusion, Black Hat reveals that the only thing he's doing with all his hacked user accounts is to post slightly inaccurate content on Wiki sites."

This paragraph has been present since this explanation was added. I can't see how it is arrived at from the comic. (So I wonder who User:148.87.67.212 might have been...) Mark Hurd (talk) 14:10, 15 April 2013 (UTC)

I removed some slightly inaccurate content from this wiki. It was the bit about Black Hat posting slightly inaccurate content on wiki sites.86.40.93.217 00:33, 15 May 2013 (UTC)


How does this compare in light of 792:Password Reuse? Saibot84 (talk) 05:06, 6 June 2013 (UTC)

The "March 1997" issue is still a mystery to me. May be a global computer virus attack? I will go through all days on wikipedia. The month summery presents not the solution.--Dgbrt (talk) 17:27, 6 June 2013 (UTC)

Conisdering how blackhat loves messing with people, I seriously doubt anything at all hapened in March 1997. He's just messing with us! 189.5.106.228 02:43, 7 July 2013 (UTC)

Oooo, I dunno. Given Black Hat's odd tastes, *anything* from March 1997 could have caused him to lose his faith: Paul McCartney being knighted, Tom Cruise winning an Oscar, the U.S. Supreme Court hearing arguments on Internet Indecency, India's Ministry of Charity choosing a successor to Mother Theresa, Gene Roddenberry's ashes going into orbit, the Brazil Senate finally allowing women members to wear slacks... Anything!! [[1]]

Wow, look at this historical CNN page: http://edition.cnn.com/ALLPOLITICS/1997/03/19/scotus.cda/. The Communications Decency Act is the most likely item from your list.--Dgbrt (talk) 08:21, 2 August 2013 (UTC)

My opinion is that Black Hat referred to Bill Clinton banning federal funding for research on human cloning in March 1997. 108.162.242.5 (talk) (please sign your comments with ~~~~)
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox

It seems you are using noscript, which is stopping our project wonderful ads from working. Explain xkcd uses ads to pay for bandwidth, and we manually approve all our advertisers, and our ads are restricted to unobtrusive images and slow animated GIFs. If you found this site helpful, please consider whitelisting us.

Want to advertise with us, or donate to us with Paypal or Bitcoin?