| [ | Tags | | | firefox, freecell solver, freshmeat, gringotts, have nothing to hide, nothing to hide, openid, password, password manager, privacy, security | ] |
| [ | Current Location |
| | Home | ] |
| [ | Current Mood |
| | geeky | ] |
| [ | Current Music |
| | Yehuda Poliker - Ani Rotze Gam | ] |
A common pattern we hear on the Internet in regard to privacy or
security is "I
have nothing to hide" - no one will want to target me because they'll
gain nothing from doing so. Today let me tell you a story that shows why
this is not true.
A few years ago, I was using the same easy-to-remember password (which
was only 6-letters long) on most of the sites I had accounts on. One day,
I received an email from
Freshmeat.net asking me if the
fact that I had changed the description in the record of
Freecell Solver there to "Freecell Solver is a useless
100% ANSI program that automatically solves games of Freecell", indicated
that it was not worthy of inclusion there. This surprised me because I
naturally didn't modify it like that nor intended to.
After talking with the admins of Freshmeat, I realised that someone logged
in to my account, and submitted the malicious update for inclusion. They ended
up giving me his IP, which was in Israel's Netvision ISP (while I'm subscribed
to a different ISP). Now, this change
was pretty innocent, but naturally, now that he knew my shared password,
the possibilities for him were endless. As a result, I went on a concentrated
spree of changing that password to new, different ones in all the accounts
I created on the Net with it. I made a smarter use of
my password manager and eventually
discovered the auto-remember-passwords feature of browsers such as
Firefox and Konqueror, and solutions such as
OpenID.
There's no good excuse to compromise on security. Do you have a bank
account and access it online? If you're not careful enough, a malicious
attacker installing spyware on your PC might empty it. So you say to yourself:
"What does he have to gain from me? I only have $10,000 there.". Maybe you do,
but if he empties hundred or thousands of accounts like that by writing
a robot, he'll become rich, so he isn't likely to not to target you.
And some people are keen on doing random vandalism with your online presence,
like the one I mentioned, who may have also been
trolling
my blogs. Therefore, make sure you're as safe as possible. This
incident was all I needed to become more careful, and I hope you now realise
that, as well.
|
