Tuesday, September 18, 2007

Media Defender

Well, this is certainly a funny and heartwarming story. At least for me it is...a company that makes money by trying to keep stuff off of p2p networks, and has even gone so far as to set up decoy sites, has all of their internal emails available via bittorrent. What's revealed? Well, check out the story if you want to know.

But the moral of the story: don't re-use exact passwords! See, hacking is about 10 percent tech skill, and 90 percent social. The guy who accidentally leaked this stuff signed up for an account at a popular bittorrent distributor, probably for his evil work. He uses a gmail account for this, but unfortunately, when he creates the password, he uses the same password as his gmail account! So now these "shady" pirates have his gmail password, and they can see what IP he's logging on from - if that domain is something like mediadefender.com, they're going to look into it.

Anyway, here's my rule of thumb: each email account you have gets a completely unique password. Each service you sign up for gets a different password, but perhaps is really just a variation of a password from a different email account. Does this make sense?

So, my yahoo email account is awesomedude@yahoo.com (I wish). The password is 123ABC. Do not sign up for a myspace account with the exact same userID and password combo. Obviously a new, completely unique password is best, but you can't be bothered to remember 20 passwords, right?

Then just pick ONE, and a set variation on the pattern. Sure, it's not a perfect scheme, but it's better than having one password exposed and ALL your accounts are exposed. So if I'm going to sign up for a youtube account, my password is going to be 987XYZ. Also signing up for a different service? Use 98887XYZ - everything is in the same order, you've just made a short variation that you can easily remember. Or you could flip the letters and numbers, or put the numbers between the letters. Just make sure each password is a little different, and you won't have to worry about security breaches like this one.

No comments: