The whole fiasco with Gawker’s (largest blogging network I know of) passwords being leaked just reminds me of this XKCD comic. Pretty much in the comic he was going to make a fake service, like an image sharing site or something, and then get people to sign up. One of the biggest security wholes is a problem in most humans, memory. We like to reuse passwords across multiple sites, which allows this type of attack to occur. The people who hacked gawker’s passwords were smart enough to start brute forcing these username/password combinations on other sites like twitter. They could then use the account to spam followers. Image what kind of financial accounts they recovered!

Today I saw this list of top Gawker passwords released. While these passwords don’t surprise me, they are pretty amusing. One thing that I noticed is that the author pointed out people who used gawker website names as their password. I think they were pointing out how stupid it is, but actually it’s the opposite. Think about it, I bet you those people didn’t reuse their username and password on another site. It’s almost a full proof password for public sites. The only thing it needs is a salt, something added to the password to make sure it is unique.

To keep yourself safe I would recommend using some type of password scheme for public sites. Choose something like the first 4 letters of a site + a salt you can remember. So my salt for this example will be 32#@. So if i was logging into gawker I would know my password is gawk32#@. Simple to remember, secure, and NOT reused on any other site!

I haven’t paid a whole lot of attention to this site. The original purpose was to get me a new career. Once that worked out I somewhat forgot about this. During that time we did have some problems with ftp accounts being leaked on our server. I thought I had everything cleared up, but it looks like their could have been more problems than I thought.

I found a strange catchall domain setup on the account for this site. It appears that someone was using that domain to forward spam. I’m still not sure about the specifics and will have to look into it. I think I have the spam stopped for now. Maybe I will post something interesting on here from time to time. This will probably end up being more of a personal site than technical related since I post all of my tutorials over at TeamTutorials.

It’s been difficult to find the time to write tutorials lately. I finally decided to sit down and write one today. A wrote a tutorial on Simple XML to XHTML Transformation using XSLT. It should be pretty simple for beginners to follow.