Tuesday, October 6, 2009

Phishing, Common Sense, and 'The Public's Right to Know'

"Password Scam Widens To Google, Yahoo"
SkyNews, via FOXNews (October 6, 2009)

"The scale of the phishing attack on Hotmail could stretch further than first thought, with accounts on Google and Yahoo now threatened.

"Microsoft confirmed on Monday that the popular email site had been the target of a scam which tricked users into revealing their passwords. This led to around 10,000 passwords being posted online.

"The computer company said their servers were not responsible for the security breach and that individuals had been conned into handing over their details. But it has been reported that more lists have also been circulated with genuine account information relating to email on Google, Yahoo, Comcast and Earthlink, as well as other third-party web mail services.

"Neil O'Neil, an ethical hacker and digital forensics investigator at secure payments specialist The Logic Group, said up to a million passwords could have been accessed.

" 'Making the breach public so soon after the attack occurred has allowed unethical hackers to access the passwords very easily, even though they were deleted a couple of days ago at the request of Microsoft,' he explained...."

As a rule, I approve of prompt publication of pertinent information about a scam.

In this case, I can see how it might not have been the best idea.

I can afford, personally, to be a bit flippant about this particular scam.

[Neil O'Neil said] "...'People tend to have the same password across many accounts - so there is a good chance that individuals have also compromised the integrity of their ebay or paypal accounts too....'..."

I've got the same kind of password across many accounts: it's a word that you won't find in a dictionary, but that I can remember fairly easily, a number sequence that's also easy for me to remember, and another word that's different for each account - but follows a mnemonic pattern that involves whatever website, service, or company I'm dealing with.

Vague? You bet! I am not going to describe in detail what my security arrangements are, in an open post like this. I also don't send my credit card information in emails, give my passwords to people who ask for them, or leave the keys to my house on a nail in the siding by the front door.

I've been called 'paranoid' - but that I can live with. I think of it as more a matter of informed caution.

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory