Quick antispam observation
One thing I’ve been doing recently is removing my membership of a load of websites that I don’t seem to have used in a long time. One side effect of not using a website in a long time is that I forget the password I created for the account, so I get to see how the website handles failed login attempts. Often, quite a few times :-(.
Now, some of these sites – and I’ve been notifying the owners as I go – give you a different failure message if you get your password wrong or your e-mail address. This is, to quote the twitterverse, made of fail. It means these websites can be used to automatically generate lists of the members’ e-mail addresses; useful to spammers, phishers (remember that the list is based on being a member of a particular site, so it’s easy to target the phish at that site) and even for later trying to compromise accounts on that site. I’d really avoid being a member of any site whose login page worked like that, and try to get them to change their error messages.
Happy New Year Graham,
time for a New Year’s Resolution : Keep track of all the passwords to the sites that you subscribe to.
There are plenty of tools around now to help with this.
Comment by Anonymous — 2009-01-01 @ 13:13
Thanks Martin, happy new year to you too :-). I already do have a password manager (based on one of the keychains on one of my computers), but some of these sites I haven’t used in so long they pre-date that management system. For instance, I’ve had to remove myself from some undergrad sites. However, I believe we’re covering 1password at the next OxMUG meeting.
Comment by Graham Lee — 2009-01-01 @ 14:29