I got a message from google this morning.
Technomage Hawke
technomage.hawke at gmail.com
Mon May 14 13:55:23 MST 2012
changing passwords often is definitely a good rule to live by. making them memorable should also be made easier, especially if you use a couple of tricks. I won't go into them here as this list is publicly searchable.
one thing I use (on a mac) is a keychains file. you have to know the user password to open it and you also have to confirm that password to view the password field in each entry. this allows me to memorize 1 password and make any of the site specific passwords as complex as I want. I am not sure they have such a key management setup in linux, but it would probably be a good idea.
also, generate a gpg key pair, put your public key on the remote shell machine, change the settings in sshd.conf to use that public key (this will turn off the password prompt). this way, getting into your remote shell sessions gets a lot harder for would-be attackers. its little tricks like these that will save you a lot of problems later.
btw, as soon as I change passwords on my accounts, keychains comes up and asks if I would like to save the new password. I say yes and go on with life. mind you, keychains is an OS X thing, but there should be similar utilities for linux (and if there is not, someone can code one).
-eric
On May 14, 2012, at 8:26 AM, Lisa Kachold wrote:
> You can display the mail headers of any Google message:
> http://support.google.com/mail/bin/answer.py?hl=en&answer=22454
>
> That will verify the IP sender and other information.
>
> Irregardless of the security of your account or veracity of this message, change your password. Change them often, do not share them between other accounts.
>
> On Sun, May 13, 2012 at 8:37 PM, Matt Graham <danceswithcrows at usa.net> wrote:
> > On May 13, 2012, at 5:57 PM, Michael Havens wrote:
> >> This is the second message I've gotten from them telling me someone
> >> broke into my account. [...] Is google just filling us with paranoia
> >> or is someone really hacking me?
> From: Alex Dean <alex at crackpot.org>
> > Are you sure that message is from Google? Could be more phishing.
>
> Phishing attempts are usually totally obvious if you look at the full headers
> of a message and/or the href= attributes of any links within the HTML portions
> of a message. So: Take a look at the message's raw source and find out.
>
> (If this *is* phishing, I fully expect to see about 20 mails like this in my
> work account tomorrow morning, since whoever's in charge of mail filtering
> there seems to miss a lot of stuff....)
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog: http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list