Loading
Use Comcast? Change Your Password
Having strong passwords that are frequently changed is the first line of defense against being on the receiving end of a compromised user account. This is the lesson being learned by a number of Comcast customers this week, as the appearance of a mass login list prompts the company to begin freezing accounts.
The list in question was posted to file-sharing site Scribd some two months ago, but it wasn't until midday yesterday — after a New York Times reporter began asking questions — that the site's administration finally removed it from circulation. The document reportedly contained over 8,000 lines, though due to duplication, it was estimated that the list contained the information of around 4,000 users — Comcast claims only 700 of the accounts in the list belong to current Comcast customers. The company believes that phishing attacks or other forms of password lifting were responsible for the compromised credentials, rather than an inside job.
The situation came to light after a Wilkes University professor read a PC World article about search engines like Pipl that specialize in information about individuals. Curious, the professor, Kevin Andreyo, searched for information about himself and discovered the list on Scribd, complete with his email address and current password. Andreyo in turn contacted the FBI and Comcast on Monday morning — along with a number of technology journalists, including the New York Times' Brad Stone. It wasn't until Stone contacted Scribd several hours later that the site finally pulled the list, though it had already been viewed several hundred times — and downloaded a few dozen — in the two months it was on the site.
According to reports, Comcast has frozen all the compromised accounts, and will be educating the users about safe password practices. It's likely that Comcast accounts weren't the only to be compromised, at that: Andreyo — who in addition to his role as professor is also described as an "educational technology specialist" — revealed that he, like many, used the same password everywhere else online. It is a chilling reminder to everyone how important it is to properly protect ones passwords and to operate in a safe and secure manner — even to those of us quite aware we ought to know better.
______________________
Justin Ryan is a Contributing Editor for Linux Journal.
- A Statistical Approach to the Spam Problem
- Validate an E-Mail Address with PHP, the Right Way
- OpenLDAP Everywhere Reloaded, Part I
- Strip DRM from WMV File
- Linux--The Internet Appliance?
- Eagles BBS
- The Linux Signals Handling Model
- Boot with GRUB
- Streaming MPEG-4 with Linux
- Chapter 16: Ubuntu and Your iPod
- Editorial Standards?
3 hours 54 min ago - Great one
5 hours 28 min ago - Common form in many
5 hours 50 min ago - Awsome
10 hours 53 min ago - Euro 2012 Coupon Codes - Get 20% Off Pavtube TiVo Converter
3 days 9 hours ago - Euro 2012 Big Sale: 20% Off Instant Savings on TiVo Converter
3 days 9 hours ago - MakeMKV works as well, though
3 days 9 hours ago - Euro 2012 Big Sale: 20% Off Instant Savings on TiVo Converter
3 days 10 hours ago - Awesome
4 days 8 hours ago - Who worries approx the
4 days 10 hours ago
Comments
Need Password Security Software? C'mon DOWN!
In fact, FireFox (all platforms) and Galeon (the GNOME browser), Konqueror (for Linux/KDE) and Epiphany, as well as most others that I have tried out (LOTS to try out on Linux; I have near a dozen different ones to choose from and LOVE it!) are designed to securely encrypt and cache site passwords for later use on contact.
This plethora of conveniences was not always so; logging the logins and then hiding the Little Black System Sub-Book apparently has, thankfully, been pretty much eliminated these days. The KDE desktop suite itself (certainly the Linux and most likely the Windows version, I think) also offers the cross-application masterpiece titled "KWallet", which also does a superb job of remembering those mission-critical ASCII strings that I not only cannot comfortably or reliably remember, but would generally prefer not to bother with anyway. This is so with KWallet no matter what KDE-based app I am working with at the time.
Result: Logging-in all around the Web has never been easier. Once registered on the site, the password cache asks whether to remember my login credentials on that site. I tell it yes, then yes again at the normal login page. Then I discard my scratch paper password composition record (using one helps avoid many common password-related erors and headaches) and stop with all the worry already.
If something ever glitches (rare), a click on the "Remind me" link on the site's login page generally puts things to rights within a few short minutes via email. Then back to work I go! Honestly, with all this cyber-based end-user support these days, I have nothing but joy throughout my Web time these days.
Being happily ensconced in the Linux sphere for many years now, I cannot readily vouch for what third-party Windows-world vendors may offer as password safes. I do expect they are likely available in numerous flavors and at an an entire spectrum of price-points from zero dollars on up to the moon.
That too is OK by me; the Linux "Community of Quality" approach to cybertech does me right every time. That is why I recommend the experience to all interested in keeping system software costs down and uptime high, especially during these current lean times.
...but my memory is failing in my old age...
It seems that with each passing day I am accumulating more online accounts, and subsequently have more passwords to remember. Rather than writing down my passwords, or attempting to rely on my failing memory (has nothing to do with the Jager), I utilize various pieces of available software. Currently, I am using Revelation for this task. I am not sure of how many folks are aware of the various software solutions to software management are available for the Linux platform. For this reason (I have not checked the archives) a Linux Journal article might be in order. Just a thought...
-K