Monday, December 13, 2010

Today has been one of those days...

It's been one of those days where it just feels as if there's been...  a disturbance in the force.  Not the extinguishing of millions of outcrying voices, more the subtle murmur of apology from the pickpocket who just accidentally bumped into you.

It started this morning.  My BlackBerry notifies me that it can no longer access my gmail account.  I log in from my laptop and it claims there has been suspicous activity with my account and I must enter my cell phone number to proceed with account revalidation.  I do, change my password, and successfully access my gmail account.  I hit the page where Google logs ip addresses used for accessing my gmail account and see nothing untoward.  My laptop from home and work, my BlackBerry, and nothing more.  When my wife's gmail account was hacked last month, it clearly showed an ip address from China, so the event was fresh in my mind and I knew exactly what the suspicious activity would look like.  (Unfortunate that Google didn't disable her account in a similar fashion to how mine was disabled before her account was used to send messages to her entire addressbook containing a malicious link.)  Presumably, Google has just today tightened security up a bit more. Since my BlackBerry uses BIS to hit gmail, it appears as if the connection is coming from a Canadian ip address, thousands of miles from my current location.  This seems the likely culprit of the suspicious activity.  I was due for a password change anyway and LastPass generates beautiful ones.  No harm, no foul.

Next, a message from my wife.  She asks about a small charge appearing on our account from a bookstore in Colorado.  Mental red flag is on its way back up even before it's come all the way back down from the last incident.  Start investigating, turns out it was just a book my wife ordered through the local school book fair, which is operated by a company in CO.  No harm, no foul.

Enter Twitter.  LastPass, which normally does a fine job of handling Twitter logins automatically, balks.  Invalid password.  W. T. F.  The red flag goes up like it was tied to the camel of a radical middle eastern zealot running late for a good stoning.  I log in and start analyzing my account for wrongdoing.  I notice the password it attempted to use was the wrong one.  My wonton use of LastPass anywhere and everywhere across all my operating systems, (Linux, Win7, WinXP, BlackBerry) and all the browsers I use regularly, (Chrome dev, Chrome canary, Firefox 4, Safari, Opera 10, Opera 11, occasionally IE9), caused a little bit of a sync problem when last I changed my twitter password.  No harm no foul.

Just for the sake of giving my red flag a rest, I went and changed several of my important passwords and wanted to take the time to encourage you to do the same.  Lifehacker has posted this handy guide in response to the Gawker hack that occurred recently.  Take a moment to read through it and give your passwords and accounts a good once-over.  Lifehacker: How to Audit and Update Your Passwords