his holidays, Bob would come back to college and play AberMUD on my
system... One day, on a whim, I fed the MUD persona file passwords
into Crack as a dictionary... Being the lazy guy I am, I forgot to
remove the passwords from the Crack dictionary, and when I posted the
next version to USENET, the words went too. It went to the comp.sources.misc
moderator, came back over USENET, and eventually wound up at Bob's
company. Round trip: ~10,000 miles.
Being a cool kinda student sysadmin dude, Bob ran the new version of Crack when it arrived. When it immediately churned out the root password on his machine, he damn near fainted...
The moral of this story is: never use the same password in two different places, and especially on untrusted systems (like MUDs).
Frequently Asked Questions.