Wednesday, April 13, 2011

WordPress.com hacked- CHANGE PASSWORDS

For those of you using WordPress, this announcement today from WordPress:

"Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited."


CHANGE YOUR PASSWORDS.


  • Use a strong password, meaning something random with numbers and punctuation.
  • Use different passwords for different sites.
  • If you have used the same password on different sites, switch it to something more secure.

(Tools like 1Password, LastPass, and KeePass make it easy to keep track of different unique logins.)


Here is a tip I have given to many, many people who think such passwords are hard to remember or type:


Make one text file. Call it something innocuous or stupid like "MomsCherryPieRecipie". DO NOT CALL IT PASSWORDS.TXT.


Use this text file to store long, strong and untypeable passwords. Keep this file on your drive somewhere and also on a/several USB keys. Make a shortcut to a folder somewhere with, again, an innocuous name like CLASS-SCHEDULE. Password-protect THIS FILE with a password you can remember. Do not use any of the passwords contained in the file for this text file.


Use cut and paste to log in to sites.

The Steve Gibson password generator is a good one which allows several methods; some for extended characters, some for plain alpha-numeric and others.



... and a little more on this "transparency" thing...


Having been gently strongarmed into getting a FeceBook and Tweety, here's a little article from the Wall Street Journal on data scrapers and aggregators. You should read it, particularly if you're one of the people pushing for "transparency everywhere" and the like.


Somehow, the people pushing this don't seem to consider the realities. Of course, perhaps they haven't had their email broken into and friendships destroyed by that, as I have. Perhaps they haven't made the connection between thinking or trusting some entity out there to "respect their privacy" in the same way they'd think phone taps would "respect their privacy if they aren't doing anything wrong."


From the article: "many firms offer to collect personal, and potentially incriminating, data about users from their social networking profiles and discussions. Many companies even collect online conversations and personal details from social networks, job sites and forums where people might discuss their lives and even potentially sensitive data, such as health issues."


See that?

Still think you have "nothing to hide"? How about the fact that you have high blood pressure, which you mentioned to someone once in SL or on Tweetbook, which your insurance company paid to have scraped, which resulted in triple rates for you, or being dropped from your policy? How about cancer, thyroid problems, depression, some strange fungus on your foot... or that you once made a joke in a forum/chat session like this when you were 15:


"What's white, then black, then white, then black, then white, then red?"

"A nun rolling downhill into a wood chipper."

A joke almost any Catholic school inmate might find hilarious? Or potential terrorism???


Really, if you don't think of these consequences you don't really understand the technology you are using and nothing you have to say to me will be of value. If you want to lecture me on why I should allow every piece of conversation or talk or aside or remark or whatever I chose to make to be connected to my physical being in perpetuity, you are entirely ignorant of the tools and environment you are using. It only shows me your profound ignorance and willful denial of the reality of online data.


And lest you start with the tin-foil hat and paranoia stuff, do some reading. I'd rather be classified as 'boring' or 'not with it' than have stuff out there that might come back to bite me in 10 or 20 years time.


I still believe in free speech and the right to anonymity.


ps - I posted this in Comments but it deserves to be in the main article:

Here's a little reading for people:


Wikipedia - Text Mining


Take a look at the "Commercial software and applications" section - these are just the open and admitted apps. Follow the companies - IBM, Microsoft, Lockheed-Martin...


6 comments:

Brinda said...

Absolute 100% agreement!
Todays innocuous remark can be tomorrows nightmare.
To all of that I would add this.
Never, ever, ever, dare anyone to hack your information.
Curious as to what could happen?
Ever hear of HBGary?
HBGary is a technology security company.
One of the head guys decided he would go on-line and "tweak the nose" of some dangerous people.
Results here:
http://en.wikipedia.org/wiki/HBGary

Thirza Ember said...

great post, Miso

Miso Susanowa said...
This comment has been removed by the author.
sororNishi said...

Miso = Tech Sage.

Mera Kranfel said...

Thanks Miso *saving this* <3

Dividni Shostakovich said...

For what it's worth, Password Safe is another great (and free) open source program that I've used for years just for this reason. It can generate random-character passwords of whatever length, type them in for you (cute!), and it's all under its own password (make it a good one!) http://passwordsafe.sourceforge.net/