Categories
Computing Security

Changing my passwords and the danger of old websites

I received a notification yesterday that a forum I frequented many years ago had been hacked and the user database with plain text passwords had been downloaded. Not a great start to my day, but fortunately it didn’t have as major an impact on my security as it might have done before I started using LastPass.

The username and password combination was one that I kept in rotation for various websites back in the day (there’s probably a few other forums that I no longer visit with the same login details) and in fact I still use the username frequently, it is the domain name of this website. The associated email address is one I still operate but is not my primary address and is not the one associated with any of my important online accounts.

However as a result of the breach I have undertaken the task of clearing out LastPass of any redundant entries, also in a bout of paranoia I later changed the password associated with my online banking as it has never been changed since I first set up the account. I don’t believe there was any risk at all regarding my bank account, but you can never be too careful and I was imagining a cascade of minor identity thefts which escalated to the point of being able to access my bank account. Fortunately my bank has two-factor authentication set up on any transfers out of the account so even then it would be extremely difficult to actually make off with any money.

lloydsbank_password_policy

Unfortunately they do not allow spaces, hyphens or special characters in the password and it is restricted to a maximum of 15 characters so the password I chose was not as secure as I’d have liked it to be.

There’s a few lessons to be learned from this going forward.

  1. The most important of which is as with other breaches of this kind this highlights the danger represented by reusing passwords (and also usernames possibly) across different sites.
  2. Websites will quite often become neglected and unused, but if left up on the internet will become more and more vulnerable, and breaches of security and leaks of important data can occur.
Categories
Reviews Surveillance TV

Person of Interest: Deus Ex Machina

Fantastic finale to what has proved to be a truly excellent season of Person of Interest. We have seen quite a transformation of the show throughout this season and we are now in the brave new world of Samaritan.

Great choice of music to close out the show too.

Exit Music (For a Film) by Radiohead.

Categories
Computing Surveillance

NSA: We lack the capability to search our own email

ProPublica reports that the NSA Says It Can’t Search Its Own Emails

“There’s no central method to search an email at this time with the way our records are set up, unfortunately,” NSA Freedom of Information Act officer Cindy Blacker told me last week.

The system is “a little antiquated and archaic,” she added.

This is either beautifully ironic or utter mendacity.
Via BoingBoing

Categories
Books Security Uncategorized

Bruce Schneier discusses Liars and Outliers

Bruce Schneier is discussing his latest book Liars and Outliers on The WELL.

The discussion is still open for the next couple of days but has been very enlightening so far. I particularly like the notion of cooperators and defectors to describe individuals in relation to systems.

Also — and this is the final kicker — not all defectors are bad. If
you think about the notions of cooperating and defecting, they’re
defined in terms of the societal norm. Cooperators are people who
follow the formal or informal rules of society. Defectors are people
who, for whatever reason, break the rules. That definition says nothing
about the absolute morality of the society or its rules. When society
is in the wrong, it’s defectors who are in the vanguard for change. So
it was defectors who helped escaped slaves in the antebellum American
South. It’s defectors who are agitating to overthrow repressive regimes
in the Middle East. And it’s defectors who are fueling the Occupy Wall
Street movement. Without defectors, society stagnates.

I’m a great fan of Schneier’s writing and how his analyses has grown beyond that of computer security to the fundamental notion of what security is and how group within societies embrace or reject aspects of it.

Categories
Security

London cyber-security conference

London has begun a two-day international conference focused on the threat from cyber-security attacks.

Representatives of 60 nations gathered to discuss how to tackle the rising levels of cyber-crime.

I hope when they discuss cyber-crime that they aren’t focusing on intellectual property because the actual financial cost of copyright infringement as opposed to the trumped up figures given by the media pales in comparison with the real costs of cyber-crime such as fraud and identity theft.

Categories
Terrorism

President Obama on Death of Osama bin Laden

On the 8th anniversary of George W. Bush’s infamous Mission Accomplished speech and also the anniversary of the announcement of Hitler’s death comes the news that US forces have killed Osama Bin Laden during a firefight in Abbottabad, Pakistan.

This should be a cathartic moment for many Americans but I don’t think that it will fundamentally change things in the world. This does not mean that our forces can withdraw from Afghanistan as the mission there has moved on significantly and Bin Laden has for a long time been an irrelevance in that arena.

Categories
Security

How to Ditch Big Brother and Disappear Forever

Lifehacker’s Jason Fitzpatrick writes

So you’ve decided you want to drop off the map and leave Big Brother behind. It’s harder than ever in our always-connected world, but if you’re ready to plan your big vanishing act, here are a few tips to get you started.

How to Disappear: Erase Your Digital Footprint, Leave False Trails, and Vanish without a Trace by Frank M. Ahearn and Eileen C. Horan gives the low down on disappearing and starting your life over.

Categories
Security

Bruce Schneier – Reconceptualizing Security

[via]

Categories
Security

Outsourcing to an Indian Jail

Bruce Schneier thinks that Outsourcing data processing to an Indian Jail is a security risk.

I’m very much inclined to agree, especially given this.

The unit, which is expected to undertake back-office work for banks, will work round the clock with three shifts of 70 staff each.

Categories
Computing Security

Stuck in London. Need money quick. Facebook hacked.

Help! My Gmail and Facebook accounts have been stolen and the passwords changed. Someone I know just called to tell me that he got an email saying that I’m in London in a hospital and need money immediately. What do I do?

Firstly report the fact that your account has been hacked to Facebook and Google using the following links.

Facebook
Gmail

Next notify any close friends or family that your accounts have been hacked and to ignore any pleas to send money.

If you get your accounts returned I recommend using http://strongpasswordgenerator.com to create a new password.