The Washington Post has a great story: The Anatomy Of The Twitter Attack. Reading how this guy compromised the Twitter staff, their email accounts (and many other accounts, including PayPal, iTunes store, and Amazon), office documents, communications, etc. has made me rethink how I do my passwords and related stuff.

__________________
Steve Rafalsky
Elder, International Evangelical Church (Reformed)
Limassol, Cyprus

"I am set for the defense of the gospel" (Philippians 1:17)

"Strengthened with all might, according to His glorious
power, unto all patience and longsuffering with joyfulness..." (Colossians 1:11)

Blog: A Great and Terrible Love

That was eye-opening. Everyone should read this to keep your info safe on the web. We put so much of our personal info out there now with FB etc that someone can know the answer to your "secret question" just by hanging out on your FB for a while.

__________________
Traci
Lynnwood OPC
"I have taken all my good deeds, and all my bad deeds, and cast them through each other in a heap before the Lord, and fled from both, and betaken myself to the Lord Jesus Christ, and in him I have sweet peace."--David Dickson

Somebody already hacked my credit card. I'm waiting on the picture from the MAC machine.

__________________
Rich Koster
1689'er
Browns Mills NJ USA
Often Goofy Reformed Eccentric
Romans 7:14-25

This is useful information. WHile not foolproof (a long way from it) there are two very simple methods that go a long way toward avoiding this kind of attack:

1. Never, never, never use the typical "remember my password" question. That was how Sarah Palin's Yahoo account was compromised. You don't want your password security hinging on your mother's maiden name, or your dog's name, etc. Instead, come up with a completely random nonsense answer to that question. For example, the answer to every question could be "going6734house98dogBabylon."

2. Never use the same passwords for sites. If you can't afford a password keeper like Roboform to randomize your passwords, then at least do not use the same passwords for different types of sites (i.e. Gmail and banks)

__________________
Fred Greco
Senior Pastor, Christ Church PCA (Katy, TX)
Christ Church Blog

"The heart is the main thing in true religion...It is the hinge and turning-point in the condition of man's soul. If the heart is alive to God and quickened by the Spirit, the man is a living Christian. If the heart is dead and has not the Spirit, the man is dead before God." (J.C. Ryle)

...and having a Mac isn't going to protect you.

I can't agree Fred enough on using Roboform (they're developing a Mac Version BTW and have an online version now). Don't re-use passwords.

__________________
Rich
PCA, Northern VA
Student, New Geneva Theological Seminary

WebsiteMaven - Web Hosting Reviews, Guides, and Advice to build and promote your web site.
SoliDeoGloria.com - A Community for Reformed Thought and Discussion

Click to get: Board Rules -- Signature Requirements -- Suggestions?

There really is no reason not to use Roboform. It's pretty cheap now, and with the online backup, you can get to all your passwords easily. $30 is nothing to pay for your safety.

This is very true. 1Password for Mac will generate random passwords for your Mac and store them. Many Mac IT folks recommend it. It also enables you to only have to remember one password to access the other passwords and will automatically log into sites for you.

__________________
Chris
Teaching Elder (PCUSA)
West Virginia
"Although the fig tree shall not blossom, neither shall fruit be in the vines; the labour of the olive shall fail, and the fields shall yield no meat; the flock shall be cut off from the fold, and there shall be no herd in the stalls: Yet I will rejoice in the LORD, I will joy in the God of my salvation." (Habakkuk 3:17-18)

and it goes without saying that the one password you should remember for these types of programs should be something random, like f4tY@qP*

Once you use almost anything enough, you can remember it. And you can always write it down and put it in a safe.

Twitter is so unspeakably fortunate that the hacker was not in it to tear them apart. Yeesh!

__________________
Andrew Thornquist My Photo Album
Calvinistic Baptist
Ukiah, California
To follow Christ was the best decision God made for me!

Now I know Fred's password to hack Roboform!!!!

BUWAHAHAHAHA!

[QUOTE=fredtgreco;658759]and it goes without saying that the one password you should remember for these types of programs should be something random, like f4tY@qP*

Once you use almost anything enough, you can remember it. And you can always write it down and put it in a safe.[/QUOTE]


Pardon me, but isn't this a bit much? If you have to put something like a password in a safe, I mean, it's almost conspiracy theorist type stuff.

Are people really going to break in and look for our on-line passwords that we might have on a sticky note on our desk?

__________________
"Be killing sin or it will be killing you."--John Owen

Tim Goerz
Weatherford Presbyterian(PCA)
Alvord, Texas

No. It is as much about being misplaced as being stolen. How many post-it notes have you lost in your life? Leave it in your wallet instead? That actually could get stolen.

But if I put that paper in my small safe, I always know where it is, no kid will move it or lose it, I won't accidentally throw it away, and anyone who steals it already likely has access to much more than it. And to secure it, I don't need to go to herculean heights. It basically takes me about 5 minutes to solve the password dilemma. That sounds good to me.

Not to mention, now we are seeing the death of SSL.

The ‘SSL strip’ exploit

It is much more refined than ettercap or dsniff/monkey in the middle.

__________________
Josh Taylor
Verde Valley Reformed Chapel, OPC
Cottonwood, AZ