Saturday, June 18, 2011

Security Update

So it looks like an old Yahoo email address that I haven't used in 5 years was broken into last night.  Almost none of the addresses in it were current. But if you did get an email from me advising you to stop smoking, while I agree with the sentiment, I would strongly recommend against clicking on the associated link.

So no real harm, but the interesting thing to me is how the spammer got in.  Like I said, I haven't used the account in years, and probably haven't logged into any other yahoo service in many months.  I also don't use that username and password for anything else.  So I doubt it was any kind of keystroke logging malware.  Also, since it is a unique password, it wasn't leaked out from some other website with lax security.  That really leaves only two possibilities.  They got in through some flaw in Yahoo, which I strongly doubt.  Or, more likely, they guessed the password.

The password I used is actually one I would still consider moderately strong.  It is 8 characters, not a dictionary word, and includes numbers.  No capital letters or symbols, but still, pretty decent.  I use passwords of similar strength for pretty much everything else I do log into on a regular basis.  So I guess I'm going to have to step up my game.  Maybe break down and use some kind of password management service.

Anyway, let this be a fair warning to everyone.  I like to think I know what I'm doing in terms of computer security and things like this can still happen to me.  Be careful out there.