# Wired Journalist Hacked



## WendyM (Jun 28, 2003)

Heard this on NPR this morning. It reiterates a lot of the things we already know about password security and backing up data, but it also shows how easy it is for someone to get into your accounts with a very small amount of information:

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/


----------



## valis (Sep 24, 2004)

been following that since it happened.....talk about a black eye for Apple.

by the by, here's another good read about social engineering and how effective it can be.

http://finance.yahoo.com/news/how-a-lying--social-engineer--hacked-wal-mart.html


----------



## WendyM (Jun 28, 2003)

Yeah, I imagine it's surprisingly easy to get people to give you what seems like innocuous information. Nobody's going to give you a social security number or a credit card number, but a casual chat about the type of computer you're using? Sure, why not?


----------



## valis (Sep 24, 2004)

especially if you say you are from corporate IT.


----------



## dandxg (Feb 22, 2007)

I have so many passwords and user names, I kid you not it must be 80-100. I can't even keep them written down so I use a pretty weak one frankly for e-mail and no secure stuff and then use a couple of strong ones for everything secure required. I mean what's the answer to keep track of so many user name passwords, Roboform? Or just put them in excel and obfuscate them?


----------



## dandxg (Feb 22, 2007)

If you guys are really interested there are some good books on social engineering and there is a forum on linkedin, black hat that talks about some of this.


----------



## Ent (Apr 11, 2009)

dandxg said:


> I have so many passwords and user names, I kid you not it must be 80-100. I can't even keep them written down so I use a pretty weak one frankly for e-mail and no secure stuff and then use a couple of strong ones for everything secure required. I mean what's the answer to keep track of so many user name passwords, Roboform? Or just put them in excel and obfuscate them?


Password managers can be a good solution.

Remember that some passwords need special care. As the article points out it's particularly important to protect services which are considered an authoritative indication of who you are. I'd suggest it could be more dangerous to reuse a password on 10 sites than to use the same password for your main email and one other site. The simple reason is that if someone does gain access to your email, they'll normally also have access to dozens of "password reset" options on external sites.


----------



## loserOlimbs (Jun 19, 2004)

dandxg said:


> I have so many passwords and user names, I kid you not it must be 80-100. I can't even keep them written down so I use a pretty weak one frankly for e-mail and no secure stuff and then use a couple of strong ones for everything secure required. I mean what's the answer to keep track of so many user name passwords, Roboform? Or just put them in excel and obfuscate them?


There are a few ways.

1) There are Password Managers. Things like Keepass http://keepass.info/
Its free, and will store your passwords, generate them for you, and even allow you to use passwords more secure than what you can generally remember. Things like 30 character passwords randomly generated with Mixed case, numerals and special characters.

2) Group your passwords. I like this idea personally. Its an easy way to keep your passwords separate, but not have dozens of passwords. Have 1 password for things like forums, another password for email, a third password for banking sites. Most importantly here, is that if someone gains access to one, they can't automatically have access to it all.

Things I would not do, is leave any of these open or use open storage. For example if you use Keepass, secure it with a really good password.

Do not use thing like Firefox's "remember my password" feature. It takes me a matter of seconds to locate the database Firefox stores these in and decrypt them to plain text.


----------

