http://www.theregister.co.uk/2010/12/23/wikileaks_and_data_theft/
I read somewhere that it was likely the communication channels opened after 9/11 that enabled this security atrocity. Kudos to "the media" though for overlooking this blatantly obvious and genuinely interesting story of security officers unconcerned with the well-being of either their own soldiers or Iraqi civilians (see this chat transcript for more).
The amazing thing is this lasted for months! Wired published that article on June 10, 2010 and El Reg (I hope they don't mind me calling them that) has only JUST reported on it. I don't know that I would call this a conspiracy but I have a hard time believing that this was just conveniently "missed."
Although perhaps I give them too much credit. After all, this wasn't even reported on in such a security conscious manner until 6+ months later when someone gave a report sounding the China/cyberwarfare alarm.
Thursday, December 23, 2010
Wednesday, December 22, 2010
Tuesday, December 21, 2010
This is why
This is why I hate Microsoft's updating system.
http://msmvps.com/blogs/bradley/archive/2010/12/20/if-at-first-you-don-t-succeed-with-a-net-update.aspx
http://msmvps.com/blogs/bradley/archive/2010/12/20/if-at-first-you-don-t-succeed-with-a-net-update.aspx
Tuesday, December 14, 2010
Security, security, SECURITY!!!!!
The past couple of days I have received three very important emails.
The first email was a message from Gawker Media stating that my account may have been compromised and somewhat downplayed the risk. Ironically, the risk it downplayed was the use of the same password across many/all sites (a very common practice) which was exactly the practice that led to penetration of the Gawker site and ultimately the release of all 1.3 million account details (including mine! :( ) including passwords.
The second was an email from LinkedIn stating that my account may have been compromised. Sound familiar? Well, I figured that someone had decrypted my password and was attempting to use it at another site (it must have failed I figured because I sometimes used slight variations). So I began my trek to change my password on every site. It's now a 15 character GRC-generated password consisting of ASCII characters (so '!@#$%^&*(), etc. are all possible values).
The third email was also from LinkedIn clarifying the first LinkedIn email. It seems they downloaded and scanned the database of Gawker accounts and checked the email against their own user database. When they found a match, they sent out an email to every email account listed as associated with that user.
As much faith in my fellow programmers the Gawker hack destroyed, LinkedIn has singlehandedly restored it.
Simply amazing.
The first email was a message from Gawker Media stating that my account may have been compromised and somewhat downplayed the risk. Ironically, the risk it downplayed was the use of the same password across many/all sites (a very common practice) which was exactly the practice that led to penetration of the Gawker site and ultimately the release of all 1.3 million account details (including mine! :( ) including passwords.
The second was an email from LinkedIn stating that my account may have been compromised. Sound familiar? Well, I figured that someone had decrypted my password and was attempting to use it at another site (it must have failed I figured because I sometimes used slight variations). So I began my trek to change my password on every site. It's now a 15 character GRC-generated password consisting of ASCII characters (so '!@#$%^&*(), etc. are all possible values).
The third email was also from LinkedIn clarifying the first LinkedIn email. It seems they downloaded and scanned the database of Gawker accounts and checked the email against their own user database. When they found a match, they sent out an email to every email account listed as associated with that user.
As much faith in my fellow programmers the Gawker hack destroyed, LinkedIn has singlehandedly restored it.
Simply amazing.
Saturday, December 4, 2010
Que funny!
Subscribe to:
Posts (Atom)