adventures in quitting smoking
Jun. 13th, 2009 05:04 pm
Tags:
Online Security and You
May. 25th, 2009 07:39 pmIf you're infosec-savvy, this post will make you curse and mutter under your breath, because it is filled with oversimplifications. These are deliberate, because this post is not for you; you don't need it. :P This post is intended for people who have a vague, passing, or very casual acquaintance with keeping your digital shit secure.
As many of you are probably aware,![[livejournal.com profile]](http://s.dreamwidth.org/img/external/lj-userinfo.gif)
sarahtales's LiveJournal was broken into early this morning. Whether it was someone with a grudge or one of the Russian poetry crackers who also got ![[livejournal.com profile]](http://s.dreamwidth.org/img/external/lj-community.gif)
shoebox_project is *generally* irrelevant. The SBP crack exploited a hole in LJ's security -- if there had ever been a Hotmail account associated with your LJ, it was once possible to get the journal password sent to that account (or any other previous e-mail account) and reassign ownership of the journal to it. LJ now allows users to remove any and all e-mail addresses used in the past, including the one used to create the journal (this wasn't possible before the attacks, of which SBP was but one victim).
The security hole was actually caused by Hotmail's ridiculous practice of allowing "dead" usernames to be recycled. So if you let your harrypotter@hotmail.com account lapse at any point, someone could later come along and claim the same account for themselves. So if you used harrypotter@hotmail.com to register for any sites, they would be able to retrieve your login information from those sites using your old hotmail address. Whoever hijackedsarahtales's journal did this differently; they first broke into her gmail account and then simply had LJ reset her password. As all the password-reset communication goes to the currently active e-mail account, anyone monitoring the account will have access.
So here are some (okay, many >.>) words about protecting yourself from such attacks and similar ones. The first thing you need to understand is that no one is ever 100% safe. The only way you can be sure that your computer is safe from attack is not to own a computer. But there are ways you can significantly reduce the chances of someone gaining unauthorised access to your data. This is far from an exhaustive treatise on those ways; the field of computer security is too sprawling and my knowledge is too limited, so I've tried to focus on the lowest common denominators.
( continue reading for a lot of (hopefully at least somewhat accessible) mumbo-jumbo )
As many of you are probably aware,
sarahtales's LiveJournal was broken into early this morning. Whether it was someone with a grudge or one of the Russian poetry crackers who also got shoebox_project is *generally* irrelevant. The SBP crack exploited a hole in LJ's security -- if there had ever been a Hotmail account associated with your LJ, it was once possible to get the journal password sent to that account (or any other previous e-mail account) and reassign ownership of the journal to it. LJ now allows users to remove any and all e-mail addresses used in the past, including the one used to create the journal (this wasn't possible before the attacks, of which SBP was but one victim). The security hole was actually caused by Hotmail's ridiculous practice of allowing "dead" usernames to be recycled. So if you let your harrypotter@hotmail.com account lapse at any point, someone could later come along and claim the same account for themselves. So if you used harrypotter@hotmail.com to register for any sites, they would be able to retrieve your login information from those sites using your old hotmail address. Whoever hijacked
sarahtales's journal did this differently; they first broke into her gmail account and then simply had LJ reset her password. As all the password-reset communication goes to the currently active e-mail account, anyone monitoring the account will have access.So here are some (okay, many >.>) words about protecting yourself from such attacks and similar ones. The first thing you need to understand is that no one is ever 100% safe. The only way you can be sure that your computer is safe from attack is not to own a computer. But there are ways you can significantly reduce the chances of someone gaining unauthorised access to your data. This is far from an exhaustive treatise on those ways; the field of computer security is too sprawling and my knowledge is too limited, so I've tried to focus on the lowest common denominators.
( continue reading for a lot of (hopefully at least somewhat accessible) mumbo-jumbo )
( tourists in large cities during rush hour )
TV, for![[personal profile]](http://s.dreamwidth.org/img/silk/identity/user.png)
jetamors: ( video killed the mumblemumble star )
Young People Today, forblamebrampton. I was very delighted to receive this as a rant topic.
( for size )
TV, for
jetamors: ( video killed the mumblemumble star )Young People Today, for
blamebrampton. I was very delighted to receive this as a rant topic.( for size )
a sok kudarcból tanulság
Apr. 19th, 2009 11:50 amThe heavily armed monkeys guarding the servers currently report no site-wide problems.
4:54 am GMT (Thursday, April 9)
Nice to see you're keeping the light on, LJ. :|
(no subject)
Apr. 14th, 2009 09:40 am``We have no future because our present is too volatile. We have only risk management. The spinning of the given moment's scenarios. Pattern recognition...''
[William Gibson]
[William Gibson]
