A cautionary post for those interested.
A few days ago I was in receipt of an Email demanding a thousand Bucks in Bitcoin. For wot you may ask. The sender of the mail claimed to have hacked my ‘puter, ripped all my contacts and taken control of my webcam and had video of me visiting naughty web sights and this would be sent to all my contacts unless I poppied-up.
Not nice to wake up to but no big deal as I don’t visit naughty sites – have I ever when younger? Do Ursidae defecate in woodlands? - and the desktop machine has no webcam or microphone; and the laptop camera and microphone are switched off but knowing how desperate Bill is to maintain contact from the mothership, and thus occasionally switches everything back on via Windows updates{?}, I also have a bit of paranoia card taped over the camera.
So far so cool. However, wot caused me pause for thought was the fact the Email had in its subject line one of my passwords. Whoa!! Okay, cool down, I haven’t used that password for a very long time but the fact it was obviously out there in the wild gave me pause for thought and was the required kick in the ass I needed to change all my user passwords – a task I used to do pretty regularly but have neglected since the attack on my heart back in March.
Well, so, it’s only a password, right? and there may be nothing hiding behind it other than access to a site but wot’s the first thing you see when you log in anywhere? Yup, Profile, and to truly bad fellows that could be a step towards identity theft and all the misery that could cause.
The changing of passwords is no real biggy. It’s also pretty straight forward with the use of one of they password manager thingies with a password generator. I use RoboForm and have done for, like, ever. It changed recently to free or subscription. Free suites me as there’s no way I’m going to pay to have all my passwords in a cloud as for sure, one day, that cloud is going to burst and it’ll absolutely pour down.
The only bummer is those sights that make changing passwords as complex as possible and hide the ability way over there twenty seemingly random clicks away from the front page.
Anyhoo, I got ‘em all changed and deleted accounts on some sights I rarely or never visit now. Some of those proved tricky as they just don’t believe you want to go.
I’m sure you folk do change passwords periodically but may I humbly suggest you try something along these lines which may well avoid a panic attack some time down the line? I made a simple spread sheet of all protected sights with the date of update and will now work down the list changing a couple every two weeks – insert your own time period dependant on your level of paranoia. Say wot now? No. No passwords – just site name and date modified, okay?
To see something similar to the mail I received, pop along here. Therein is a link to this site and if you gird your loins really well up, bob your Email address in and see if it’s run away from home. Along the top of that site you’ll see ‘Password’. Click on that, enter your most used password to see if that has escaped into the wild blue yonder. However, remember that typing it into that site, as tempting as that may be, may well result in releasing it yourself as I’m guessing the bad boys are well aware of that site.
Let’s end back in simpler, happier times. "Schmyders zappy."
Quote; James Scott.
“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication”
Dan Farmer.
“If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders”
No comments:
Post a Comment