Monday, March 10, 2008

It's my computer... I will install any program I want to.

http://www.codinghorror.com/blog/archives/001072.html

Brief: The program G-Archiver mails the username and password of every person who use(d)(s) it to a specific gmail email address, and to make matters worse the username and password of the account they everybody's information was sent to was also in the code.


There has been some discussion about the intentions of the programmer, whether the intent was accidental or malicious, I'm hoping it was accidental. With that said it does not help the fact that the usernames and password of at least 1777 users of this program and gmail were potentially compromised. There are 2 lessons I would like to bring to peoples attention here:

1. Use a different password on every site you visit, or at the least use a group of passwords 1 or 2 for throw away registrations, ie local newspapers, national papers, other sites that do you would not give person/private information to. And then separate password for each banking site, financial institution, or shopping site. If I came across a set of usernames and passwords I would search the web for those usernames on various forums, myspace, facebook, etc and then I would try several of those combinations.

2. It is important that you know what programs you have on your computer, and that if you have and IT department or a computer guy/gal that they know what programs you have installed on your computer. Also when your resident IT/computer guy/gal tells you, or asks you not to install an application, it is generally not because they are being mean, they are trying to help keep your data and your computer safe.

-- Tim Krabec
Kracomp.com

No comments: