Thursday, April 30, 2009

A reflection on security

As a technically-minded person, I'd like to think I have a pretty good grasp on Internet security. Well I got rocked today and I didn't realize it until the moment after I hit enter and gave away some information.

I needed to find a good way to generate thumbnails on a series of images for a work assignment. I wanted it to be scriptable so I could jam in a few commands and let my computer do the work. Well I found a good solution on this blog post.

If you go there, you might notice a small pop up stating a Twitter API needs a password. To me, this made sense. I have a few applications to feed the Twitter addiction, and I didn't think twice before dropping my password to make my Twitter plug-ins work again.

This is social engineering at its finest. However, when I think of social engineering, I think of people who are too "stupid" (for lack of a better term) to realize people are playing against that ignorance. I suppose I allowed my arrogance to shove me into complacency.

It was a good reminder to realize the Internet isn't necessarily safe and my confidence in my technical ability was perfect bait.

Now I don't know whether this guy did this intentionally or not. He has some pretty solid information on there that helped me a lot. It could be a third party hijacked his site. Either way, I had to change my password and all other passwords similar to it.

A sobering reminder.

No comments: