Security

A weird thing happened to me today. A rogue group invite was sent from my Facebook account. While I would normally admit I could have mis-clicked something, it included a message that I would never have typed. This could have been a bug with Facebook, or it could have been someone accessing my account. I used a pretty insecure password there, and this got me thinking.

How secure are your passwords?

Though I use secure passwords on “important stuff” like my server, it got me thinking and frankly a little paranoid.

Courtesy of TrueCrypt and a secure volume protected by a key file on a flash drive (which I’ve printed and kept very safe – you never know when those pesky flash drives will decide to stop working), I now have 20+ letter, number and symbol combination passwords on all my accounts.

This does have me thinking though. No one is going to break the passwords without my flash drive or piece of paper, but there’s always an avenue of attack. Key loggers for one, are a very dangerous thing. Insecure scripts can allow restricted access to some places you may not wish them to.

I’ve seen too many websites get hacked in my time, and too many key loggers installed on other’s PCs. People in general don’t take security seriously enough and don’t really anticipate the consequences of their actions on their PC. Looking at some of the posts on codingforums.com gives me nightmares. Basic security measures aren’t being met by our newest influx of developers, and it scares me.

For all my TrueCrypt volumes, sanitized and snapshotted virtual machines and overly zealous security precautions in my code, I wonder: Am I going too far? Am I too paranoid? Should I relax a little?

Without a moment’s hesitation:

NO. I am not.

This is my data, and the data of my clients. Paranoia is good.

This entry was posted on Friday, February 12th, 2010 at 01:16 and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “Security”

  1. Marc Says:
    February 13th, 2010 at 00:37

    I’ve contacted Facebook about this apparent security breach, lets see what they have to say about it:

    My friends list received emails requesting they join the “movies” group.

    I did not send this.

    I believe the group to be suspicious.

    I do not have malware of any kind on my PC.

    Inspection of the email headers shows it originates from your servers and has not been tampered.

    If there has been an access to my account from any IP other than 82.46.31.19, I would like to know about it.

    I would like the “movies” group investigated.

  2. Marc Says:
    February 15th, 2010 at 11:31

    I got a template response, which included a new password, in plain text.

    99% of organisations on the internet have worked out that sending plain text passwords via email isn’t clever…

    Well thanks Facebook. I guess I’ll continue to mostly ignore you.