decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
How I Resurrected My Digital Life After an Epic Hacking | 155 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
How I Resurrected My Digital Life After an Epic Hacking
Authored by: tknarr on Thursday, August 23 2012 @ 12:40 PM EDT

I think she was talking about how he says he now uses 1Password to store his passwords. I don't think it's wise to tell everyone what service you use, but I also think it shouldn't matter. If a service stores passwords, and advertises itself as that, then you know hackers are going to target it because it's a trove of passwords and account information. They don't care what service one particular person uses, it's the other way around: what people use the service they targeted. The only risk might be if someone was already targeting you specifically.

Frankly I'd never use a third-party service to store passwords at all. I use a local program to store all my passwords, with (encrypted) copies maintained on my other machines. If I'm compromised it'll be because of my mistakes, not someone else's.

[ Reply to This | Parent | # ]

  • Yes - Authored by: Anonymous on Thursday, August 23 2012 @ 04:18 PM EDT
    • Yes - Authored by: PJ on Thursday, August 23 2012 @ 04:44 PM EDT
    • Yes - Authored by: tknarr on Friday, August 24 2012 @ 12:40 AM EDT
Has He Resurrected His Digital Life After an Epic Hacking?
Authored by: Anonymous on Thursday, August 23 2012 @ 04:54 PM EDT
wired.com
And then I remembered that I had also used Dropbox previously on my wifeís machine. Had I stored the password there?

Five hours after the hack started, still locked out of everything, I flipped open the lid of her computer, and nervously powered it up. And there it was: my Dropbox. And in it, my 1Password keychain, the gateway to my digital life.

Well, I won't go into how much a man can trust his wife, the way he tells it, a miscreant who slipped his wife's laptop out of the side pocket of her car would have just as easy a job to get his keychain.

Iím certainly a backup believer now. When you control your data locally, and have it stored redundantly, no one can take it from you. Not permanently, at least. Iíve now got a local and online backup solution, and Iím about to add a second off-site backup into that mix. That means Iíll have four copies of everything important to me. Overkill? Probably. But Iím once bitten.
See also A belt and suspenders for your cloud storage cringley.com.

[ Reply to This | Parent | # ]

No, I think he is still clueless
Authored by: artp on Thursday, August 23 2012 @ 11:31 PM EDT

The part right before your quote says:

I stored my credit cards with the merchants I used for faster transactions. I didnít enable two-factor authentication on Google or Facebook. I never set up dedicated (and secret) e-mail accounts for password management.

So he is now storing credit card info somewhere else, enabling two-factor authorization and setting up separate email accounts. He may be doing other things, but they aren't mentioned here. And he does say:

Iím a heavy 1Password user. I use it for everything. That means most of my passwords are long, alphanumeric strings of gibberish with random symbols. Itís on my iPhone, iPad and Macbook. It syncs up across all those devices because I store the keychain in the cloud on Dropbox. Update a password on my phone, and the file is saved on Dropbox, where my computer will pull it down later, and vice versa.

Notice how everything is in present tense? He is relying on two things:

1. His passphrase is secret, and

2. Hackers won't be able to break into his 1Password account.

The clueless part comes from being hacked on the cloud, and keeping everything on the cloud. True, he is now doing backups, but everything is still on the cloud! The drawback to having data only local is that if I lose it, it is MY fault. The drawback to having data on the cloud is that if I lose it, there are billions of suspects, but only one person responsible: ME!

If you want to keep your data secure, keep it to yourself. If you want to keep a secret, don't tell anybody. The cloud is an attractive proposition - I don't have to do any work. Well, he found out that he couldn't trust the cloud to keep his data safe from unauthorized people, and he still puts his data back on the cloud.

Plus, he is now a target. The last thing you want to do is draw attention to yourself. After getting hacked in the cloud, he goes out and tells everyone, including his hacker and associated friends, just what he has done to prevent losing more data.

It will take them longer this time. After all, they have to crack his backup scheme first, so that all the backups he has are empty or corrupted. Patience! But then they can do the whole thing all over again.

I have recommended this book before: John McAfee's "Computer viruses, worms, data diddlers, killer programs, and other threats to your system: What they are, how they work, and how to defend your PC, Mac, or mainframe". Although it came out in 1989, I still think it covers the basics of security in a way that most people can understand. To implement high security, you need technical skills. To get started, and to know what high security to implement, you need to read this book, or something like it.

One of his rules says: You will be hacked. Don't make yourself an attractive target. Words to compute by!

A note on the term "cloud". I remember making diagrams back in 1990 that had a nice prominent "cloud" symbol for the Internet. It was common representation back then. Calling Internet storage simply "the cloud" is like calling an operating system "Windows". It preempts a commonly used term and gives it a different meaning.

---
Userfriendly on WGA server outage:
When you're chained to an oar you don't think you should go down when the galley sinks ?

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )