security: personal identity & passwords

HEY YOU! CHANGE YOUR TWITTER PASSWORD!

You wouldn’t hand your ATM card and pin number to a thief (I hope). Don’t let them control your online identity.

The first Twitter phishing attack has occurred. If you have a Twitter account, there’s a chance someone you don’t like, now has your password, and is sending direct messages to your followers in your name.

HERE ARE FIVE SIMPLE STEPS TO PROTECTING YOUR DIGITAL BUTT!

It’s not hard to do!

1. Use a different password at every site. Yeah, it’s easier for you to use the same password everywhere. And much easier for the thieves who want your money and your identity. Can you spell giveaway?

2. Use CAPS, lower case, and numbers. Want to test if you’re one of the… “stoopid” ones? Read John Pozadzides’ post, How I’d Hack Your Weak Passwords.

3. Change your passwords regularly. “OMG, is he nuts?”, you exclaimed? “I don’t even have enough time to back up my hard drive. ” (Ha ha! Sure, you’ll laugh later for that little error – in between curse words). Yep, change your passwords.

4. Don’t keep your list of passwords where everyone can find them - either on paper at your desk, or in your browser where anyone can access them once they steal your computer. You do use Firefox, not Internet Explorer by now, don’t you? Good. Use a master password. Typing one very long master password when you open your browser lets you keep all your other login info on your browser in encrypted form.

Want to keep all your passwords in a spreadsheet? Okay, but keep the spreadsheet in an encrypted area. TrueCrypt is still free, and oh so simple, to use.

5. Remember, the thieves are not dumb. They will attack you at the weakest spot, which is usually a social engineering trick. Is the service tech who calls you really the service tech?

TWITTER ATTACK

Lots of folks have described the Twitter attack. Read Chris Pirillo’s account. It started Saturday, and we’re still receiving the fake direct messages. And the sad thing, is none of the folks whose account was compromised know it, unless someone tells them.

The first direct message came from someone you are following, inviting you to go to a site: “twitter . access-logins . com”. Originally, the landing page looked like Twitter.com but really was access-logins.com. At least now, visitor access is blocked. Now they’re doing different attacks.

By choice, I’m not a Secret Service agent or security professional whose job is to expect the worst.

I’m a global social entrepreneur who expects people to rise to their responsibility as humans and act with integrity. But I’m also not a Pollyanna. I’m a practical idealist with a vision and understanding of where life is quickly headed.

So what can we do with the dishonest people?

• It’s time for ICAAN, registrars and others entrusted with the Internet to more actively eliminate the organizations that support the cancer of theft. We used to manage 10 million emails a week for clients. We moved on because it was so difficult keeping our servers from being wrongly blacklisted. 90% of all the world’s email traffic is now spam. That matches our numbers. Our servers remove 85% to 93% of incoming email for all of our clients before it hits their users’ inboxes. Then, the users spam filters delete another high percentage.

• It’s time for the thieves to grow up and realize they can make more money creating ethical products and services as they can stealing and destroying others’ lives. If their mother’s didn’t teach them honesty, and they don’t learn it this year, they will be off our planet very soon. (really!)

• It’s time for YOU to take responsibility for your financial and digital assets, identity and reputation.

REMEMBER THE FIVE SIMPLE STEPS TO PROTECTING YOUR DIGITAL BUTT!

It’s not hard to do!

FREE PASSWORDS

Don’t want to tax your brain? Go to Steve Gibson’s free Perfect Passwords, or Perfect Paper Passwords.

SECURITY AWARENESS

Want to learn what’s really happening in security? Read Bruce Schneier’s blog.

Not enough time in your day? Simply subscribe to Bruce’s monthly CryptoGram eLetter.

Don’t think anyone wants to control your identity? Read this Bruce Schneier post.

So, have you changed your Twitter password yet?

The story of the photo above

Years ago, photographer Art Becker had an assignment from a large insurance company for a photo to accompany a story on home security. He hired my son, David to act as the model and was using the home of artist Tom Tucker. They notified the police in advance to avoid what actually happened. Despite all the people and camera equipment, a neighbor decided they must be robbing Tom’s since Dave was climbing up a stepladder to enter through the window. The neighbor called the police who forgot they had been notified. They arrived with sirens blaring, and shut down the photo shoot until the insurance firm’s representative arrived to assure the gendarmes that everyone was legitimate. Then, they finally got to take this photo.