Omar Shahine is a program manager on hotmail, and a pretty clued up person. Which is why his latest blog post scares me silly.
Alarmed by this - I had a quick check of my own situation - my stuff is pretty well backed up - to a NAS point for local backup, and then to Amazon's S3 via JungleDisk. My GMail is regularly downloaded to Thunderbird via IMAP. But the thought of someone getting access to my Google account makes me break out in a cold sweat.
So - what do I do to make sure I'm as secure as I can be ?
That is what I found this evening. I believe that some one managed to issue a password reset command to my account and then somehow logged in and reset my password essentially owning my data.and this
Seriously scary stuff, and this for a guy who is pretty technical and also highly connected with people who can help.update: my account just got hijacked again, minutes ago. Also so did my GMail account.
I have no idea WTF is going on here. I have only used one computer this entire time.
Alarmed by this - I had a quick check of my own situation - my stuff is pretty well backed up - to a NAS point for local backup, and then to Amazon's S3 via JungleDisk. My GMail is regularly downloaded to Thunderbird via IMAP. But the thought of someone getting access to my Google account makes me break out in a cold sweat.
So - what do I do to make sure I'm as secure as I can be ?
- Check my Google password is long and strong. (Yes - 20 chars, mix of letters, digits and symbols)
- Vow never to connect to anything sensitive 'in the clear', especially over public WiFi.
- When sensitive information (especiallly login details) is to be exchanged always connect via https (https:/mail.google.com/mail).Check your desktop and especially your laptop that this is the case. Check your bookmarks.
- Set up an account with a VPN provider to use to connect through (and make sure you use it)
- Use something like a 3G modem to bypass public wifi competely (but still connect via https). I have one (from Three), and it's great as a ADSL backup and also for travelling - no more £5.95 for 1 hour's unsecure internet access for me !
- Make sure you have a personal
question that is non-obvious (don't do date of birth, mother's maiden
name etc). If your provider doesn't allow you to have a non-obvious
question, then change, or don't store anything of value in there.
- Make
sure you are backed up, and that your backups work. I know this is one
of those things that everyone says, but really, do it. You have no idea
how much of a comfort it is when you know that all your really
important info is backed up in a number of different places. JungleDisk is
pretty amazing for letting you just set and forget - I back up all my
pictures, and documents there, as well as my partner's docs - and
Jungledisk is smart enough to only upload files that are new or changed
(and you can pay $1 per month to activate a service to only upload
diffs to large files).
- Get a good virusscanner, malware
protector and firewall. Keyloggers are another source of danger - I
hear a lot of reports of kids playing WoW who have had their accounts
hacked via keyloggers (from programs they've downloaded). Set your
firewall to alert you on any new outbound connections, and don't allow
anything you don't recognise through.
Leave a comment