This is all very, very, very sane advice. One funny observation though is:
Try to change your passwords regularly, every 90 days for instance
I would change 2.5 passwords a day
I also engage is slightly risky activity–settle down, its boring risky activity–people know my first name and could get my last easily. I’ve also made it easy, especially here, to figure out where I live. It makes me fuckin’ nervous, but then I just have to shrug it off. Anita et. al have it… What… About a billion times worse than I do?
It is a good guide, I am sad it has to exist, but given this world I’m glad it does.
I think I’ve been more careful with my name than you have, but yeah, I’ve said stuff here that I’m relatively uncomfortable with.
I’ve tried a couple of times to just download the giant CSV of what I’ve posted here, search for a few things, I kinda wish I didn’t leave up, but I can’t find them. Oh well.
dark humor: sure is nice to be a huge, decently in shape white dude who can dox an attacker back, and has friends in LEO.
It just isn’t fair. I should really contribute to a complimentary document. (Chaff, misdirection, better alerts… Other things…)
Yes, Stay safe Cowboys and Cowgirls!
I dunno about the one about passwords. I can’t have dozens of crazy passwords full of underscores and change them regularly and remember them all and never write them down. I know almost all computer users follow this regime; I suppose I am mentally disabled or just old.
Most sites force me to add a number and a special character, and after years of being crafty I realized that I was the only one. Everybody’s password everywhere ends in “1!” Also, nobody was ever going to brute-force my computer; the prize is just way too small. So I joined the ranks of one-exclams. Hey, at least it’s not an English word, most of them, I think.
Ugh. A lot of mine are math spelled out. Like a solved quadratic equation with memorable parameters and stuff like “to the second power”.
Could be worse. I used to use the natual log of my date of birth.
Recently, a survey of regular folks’ vs. security experts’ recommendations was linked-to here. In short:
I’d say it’s worthwhile to follow both lists.
It seems to me that the layperson list is more resistant to social engineering, while the researcher list is more resistant to software exploits. Both are important factors in information hygiene.
Software updates are great and all,but they typically aren’t feasible for enterprise environments. For instance, at my own company, we have to use an ancient version of Java, because our timekeeping SaaS doesn’t have proper certs and such and using an up to date version of Java will never be able to run their shitty webapp. But the HR department pretty much runs the company and is completely unwilling to consider an upgrade for that software and would sooner fire the whole IT department than deal with the growing pains.
I’ve struggled with this whole issue of online anonymity vs. public information. I have a business that relies on promoting myself. It is easy to find my real name and lots of personal information about me in certain very particular forums. And even here, someone could probably piece a lot of my comments together or hunt down my forum identity versus comments I’ve made on other sites and figure out my true identity. I assume most people are just too lazy to try it, or that I’m just not that interesting. Here are my choices: either I just put myself out there and pray that since I’m not doing something really inflammatory like insisting that women be treated as equals in gaming (sarcasm, in case you didn’t get it), the good of being known through my online presence outweighs the risk of someone taking the 411 I’m putting out and doing something nasty with it.
Yeah it isn’t like I have been all that s3kr3t about my life at least here either. But then I have been pretty open about it going back to pre web days (yes I am old) at least when the uni gives you a user name of YOURNAME it can be a bit obvious who you are. Plus since I used to play tournament scrabble A LOT my name and picture is on the web for anyone who cares to find it.
I also do my best to go by the rule of “don’t be a dick” so as not to invite the crazies and sadly being white and male works a lot to my advantage as well.
Oh thats pretty normal for corporate everywhere. As much as I grumble about the UI on a lot of the new stuff work is implementing at least they are getting off IE required even if it isn’t as keyboard navigation friendly.
This topic was automatically closed after 5 days. New replies are no longer allowed.