Trust No One

My boyfriend got miffed at me a few weeks ago. I had put his email in a list that would invite him to join Shelfari. Though he was slightly annoyed to get email from them, he was more annoyed that I gave this site my google name and password. It really didn’t occur to me that this was possibly insecure.

I would have challenged him as paranoid but the day before I had been downloading aps for facebook. I came across a particularly lovely app that would auto-check your myspace and tell you if you had any updates. But the programmer who wrote the nifty app had taken it down. He had an accidental security hole that allowed the username and password to be transmitted transparently, causing malicious folks access to the email info of those who had the installed the application.

I have to remind myself that just becuase I trust the programmer that wrote the program not to do anything shady with my info doesn’t mean that its safe to pass it along.

Here’s another way to look at it: If you have a password, one reason you don’t give it out to those you trust is because if there is some kind of security breach — whether it be a home robbery or online identity theft — you can detective* out how your password got into the wrong hands. The more people who have access to your info, the more difficult that is. And I have heard of cases where the source wasn’t resolved and the same asshole cracker** came back and socked the victim again.

This is all a long lead-up to this link, from hackademix.net, about four recent security weaknesses in google.

This is particularly telling, as google is so widely respected. I don’t know about you, but I’m holding my passwords a little closer to my chest in the future.