Smarterware

The Night Everyone Changed Their Passwords
December 13th, 2010, 12 comments

Lifehacker's publisher, Gawker Media, suffered a severe network breach and the responsible party published the usernames and hashed passwords of 1.24 million readers at Lifehacker and beyond this weekend. 200,000 of those readers' passwords were decrypted. It's late on a Sunday night, and already spammers are using the login details to tweet links from Twitter accounts which use the same username and password as the Gawker accounts. Likely this is just the beginning. If you've ever had an account on Lifehacker, change your password. If you use the same username and password on other sites like Twitter or Facebook, change it there, too. Here's Lifehacker's full FAQ on the situation.

Update Your Google Account Password Recovery Options
December 19th, 2009, 3 comments

Now that you're auditing your online account security, log into your Google account(s) and visit the Account Recovery Options page. Here you can update your secret question and answer, your secondary email address, and even associate your mobile phone number with your account so you can get a password recovery code via text message. (Just a tip: don't set your Google Voice number as the phone number or automatically forward mail from your secondary email accounts to your Gmail account--if you do, in the event that you lose your password, the recovery process won't work.)

Year-End To-do: Audit Your Email Account Security
December 19th, 2009

Two stories of online account break-ins this week: First, Twitter.com got redirected to an Iranian hacker page because attackers were able to get into the email account registered with their site DNS service. Second, savvy blogger Amit Agarwal's Gmail and Google Apps accounts were taken over because the attacker got access to Amit's secondary email address and sent a password change request there to get into the accounts. Do yourself a favor: Before 2010 is upon us, do a quick audit of all your most important accounts. Make sure your passwords are strong and remember: Never use inactive webmail as your secondary email account.

Bruce Schneier’s Answer to Google CEO Eric Schmidt on Privacy
December 9th, 2009, 6 comments

"...if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that -- either now or in the uncertain future -- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable." This is what you say in response to "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." (via)

Secure Your Laptop in Public Places
October 6th, 2009, 1 comment

Over at Harvard Business Online this week, I ran down a few best practices for keeping your notebook computer--and its contents--safe when you're out and about. Here's how to secure your laptop in public places. What did I miss?

What do you do to protect your laptop’s data on open networks and in case of theft? · 77 replies · 4 comments

How Twitter Got Hacked
July 20th, 2009, 7 comments

TechCrunch runs down step-by-step exactly how a hacker broke into Twitter employees' accounts and gained access to over 310 confidential company documents (and generally caused them hell). Lesson to be learned: Use strong passwords (and DIFFERENT passwords for every service you use), change them often, and use impossible-to-guess secret questions and answers. I recommend (and use) KeePass for helping you do just this.