Friday, April 11, 2014

Security!

Nearly everyone I know who uses Yahoo! for an email provider has had the Yahoo! mail account hacked sometime in the last couple of years, strangers sending out messages over the rightful owner's signature. Russians (okay, Russians and others, let's not be bigots) get hold of the password and use the email account to distribute spam and malware. But you don't have to be on Yahoo!. It can happen to anybody. It happened to me, just last week, on my Host and Store account.

How I knew that this was going on was by the messages that bounced back from the "postmaster" of email, undeliverable, sent from my address. All in Cyrillic. The Russians, those clever devils, are at it again. Actually one of the messages was in Italian, but it was addressed to Yuri somebody-or-other. The message was clearly spam, couched in the form of a job offer: click here to get a good job and turn your life around. Right. I'll be sure to do that, right after I send the Nigerians my bank account number.

Anyway, as a result of having my email account hacked last week I changed my email password. It's a good idea to do that at regular intervals anyway, for all your passwords.

Then the news broke about Heartbleed, which isn't even a hack, or a virus, but a back door that somebody left open when they put the open-source security code together that's supposed to keep the hackers out of many sites. What it does is enable knowledgeable hackers to steal your passwords, maybe your Social Security number, maybe your bank account number, maybe your phone number. Does Host and Store use this open-source code for security? I don't even know. They were too small to be interviewed. I do know that they haven't re-upped the security certificate for my website, not since they've been handling it, so that I get a warning message every time I go to open my mail. But I digress.

Heartbleed. It's everywhere, almost. If you want to know about a particular site, here's a link you can use to inquire: https://lastpass.com/heartbleed/. Although it might not be entirely effective, given that it says that Host and Store's web site doesn't even exist. Bottom line, you might want to stay off the internet for another few days, and then change your passwords. If you change a password before a patch is in place, the hackers can get it right away anyhow, if they want to, or so say the knowing ones.

As for me, I recommend putting nothing out on the internet that you wouldn't want to see on a billboard in Times Square. That includes birthdays. You won't find my birthday on Facebook. I assume you wish me a happy birthday, whenever it is. I wish you one too. It'll be happier if criminals aren't stealing your identity.

Yours in paranoia,

Kate Gallison

2 comments:

  1. Kate, this is verrrrry helpful. I have notes all over the place telling me to CHANGE the DAMN P word.... and this enforces it!!!! tjs

    ReplyDelete
  2. I could write volumes about how much a hate Yahoo and several blogs about how much I hate passwords. My only hope is that there is safety in numbers, and they if they get information for everyone in my zip code, they will choose to go after the many newly minted billionaires in my environs, and not bother grandmothered-in little me and my Social Security deposit.

    ReplyDelete