?

Log in

No account? Create an account
 
 
darkhavens
09 March 2009 @ 02:33 am
Thank you letters and another PSA
First of all, thank you to everyone who sent birthday wishes, by email, ecard, PM, comment and journal post. (If anyone sent one by skywriter... I missed it. Sorry. :D ) It was a wonderful day full of the bestest food and the bestest booze and the bestest boys doing the bestest things to each other. ;)

Secondly, to anyone who has a flist of 500+ or moderates a comm of 500+, you need to READ THIS POST IMMEDIATELY.

Thirdly, and this applies to everyone, here is a little security advice for your lj:
1. ENABLE A SECURITY QUESTION IMMEDIATELY.
If you enable a security question, then anyone attempting to get your password sent to an email address will have to answer a security question first. This includes you, so REMEMBER THE ANSWER. (You can make up your own question so there's no excuse for forgetting!)

Edited to correct false info (thanks, uniquewonders):

You have to answer the security question only if you've lost access to all of the e-mail addresses associated to your account. The security question was precisely implemented "as an alternate method of restoring access to your account in case you have forgotten your password and cannot access any of the email addresses associated with your LiveJournal account."

"If you don't have access to the your mailbox, and you have recorded a secret question and answer for use with your account, you will be able to change your password in 5 days. This waiting period is due to security reasons. You must return to the Lost Information page after (five days), enter your username, and press "Continue" in order to reset your password using this method. If you successfully log in at any time during the 5 day waiting-period,
this request will be canceled."

So, all in all, not as good a security feature as I'd thought.

ETA2: it has just been pointed out to me (thanks ciaran_h) that having a security question may actually reduce the security of your lj, especially if you do not log in every day (ref: the 5 day waiting period mentioned above):

Normally, you can only reset your password in LJ if you have access to the current email address on your account or any previously validated address. Before the security question was set up, there was no way for anybody who was not logged in as you to reset your password if they did not have access to one of those email addresses.

However, with a security question set up, the password can be reset using *any* email address merely by knowing the answer to the secret question - and chances are, many people will pick a question that can probably be answered by looking at their journal posts. It can be significantly easier for a hacker to know the answer to a secret question that it normally is for the same person to have access to one of your email addresses.

Also, if the person has access to your email address, they don't have to go through the secret question - the question is only there for the benefit of anybody who loses access to their validated email address, because there's no other way to regain an account.

There's more info on this at this FAQ: http://www.livejournal.com/support/faqbrowse.bml?faqid=287 .
:/
2. GO HERE AND REMOVE ANY EMAIL ADDRESSES THAT YOU NO LONGER CONTROL.
To remove old addresses, you will need to have a validated email addy that is at least 6 months old. This prevents someone from reregistering an old Hotmail address (for example) you deleted years ago and which Hotmail has since purged. It can happen. It has happened.

Wondering why I'm so worried? It's because posts like this (click for larger version):
 HACKER'C COMM POST
have started popping up in various comms again, and that's not good. If you follow a link in a post like this, you should run your antivirus programs immediately, as the linked pages can contain viruses and keyloggers, and if they gain control of your journal, they will systematically delete every single post there, and then they will attack any comms you moderate.

It sucks, but them's the facts. For a much better look at the problem, read acari's post how not to become the next hacker victim.

(Please don't ask for technical details or help because all I've done is read the posts that are floating around and thought "I gotta warn everyone!". If you read the linked posts, you have as much info as I do.)
Tags: ,
 
 
feeling: grumpygrumpy
 
Rhonda: TH Bill Stop (lastfirewllrise)saifai on March 9th, 2009 02:42 am (UTC)
Thanks for the links! I don't always follow what goes on around here, so it's always good to get heads up. *goes off to tighten security*
darkhavens: sn bed guh [literati]darkhavens on March 9th, 2009 03:01 am (UTC)
I hate that it's necessary to make posts like this, but the thought of losing everything because these f*ckt*rds delete every single post is just too horrifying to bear, so I share.

I just x-posted to several journals I mod and co-mod. If anyone complains about me spamming their flist, well, I'm not sure what I'll say, but it won't be pretty. *g*
Goes "Ding" When There's Stuff: Ben/Michael kisssuki_blue on March 9th, 2009 08:35 pm (UTC)
Thanks for the info, luv!
darkhavens: dexter & miguel holding hands [literati]darkhavens on March 9th, 2009 08:39 pm (UTC)
Gah! I've been given new info and I edited at all four comms I posted to... and I forgot to edit this one. *headdesk*

Post has now been edited for your further edification.

(I hate that posts like this are necessary, I really do. A pox on the hackers! A POX, I say! *g*)
outsideth3box: Flexi Felix Hiya!outsideth3box on March 17th, 2009 10:22 pm (UTC)
LOL, I'm just using your LJ to try something, didn't want to be rude and do it in a fic post.








Edited at 2009-03-17 10:31 pm (UTC)