darkhavens: (chaos panic disorder [secondverse])
[personal profile] darkhavens
First of all, thank you to everyone who sent birthday wishes, by email, ecard, PM, comment and journal post. (If anyone sent one by skywriter... I missed it. Sorry. :D ) It was a wonderful day full of the bestest food and the bestest booze and the bestest boys doing the bestest things to each other. ;)

Secondly, to anyone who has a flist of 500+ or moderates a comm of 500+, you need to READ THIS POST IMMEDIATELY.

Thirdly, and this applies to everyone, here is a little security advice for your lj:
1. ENABLE A SECURITY QUESTION IMMEDIATELY.
If you enable a security question, then anyone attempting to get your password sent to an email address will have to answer a security question first. This includes you, so REMEMBER THE ANSWER. (You can make up your own question so there's no excuse for forgetting!)

Edited to correct false info (thanks, uniquewonders):

You have to answer the security question only if you've lost access to all of the e-mail addresses associated to your account. The security question was precisely implemented "as an alternate method of restoring access to your account in case you have forgotten your password and cannot access any of the email addresses associated with your LiveJournal account."

"If you don't have access to the your mailbox, and you have recorded a secret question and answer for use with your account, you will be able to change your password in 5 days. This waiting period is due to security reasons. You must return to the Lost Information page after (five days), enter your username, and press "Continue" in order to reset your password using this method. If you successfully log in at any time during the 5 day waiting-period,
this request will be canceled."

So, all in all, not as good a security feature as I'd thought.

ETA2: it has just been pointed out to me (thanks ciaran_h) that having a security question may actually reduce the security of your lj, especially if you do not log in every day (ref: the 5 day waiting period mentioned above):

Normally, you can only reset your password in LJ if you have access to the current email address on your account or any previously validated address. Before the security question was set up, there was no way for anybody who was not logged in as you to reset your password if they did not have access to one of those email addresses.

However, with a security question set up, the password can be reset using *any* email address merely by knowing the answer to the secret question - and chances are, many people will pick a question that can probably be answered by looking at their journal posts. It can be significantly easier for a hacker to know the answer to a secret question that it normally is for the same person to have access to one of your email addresses.

Also, if the person has access to your email address, they don't have to go through the secret question - the question is only there for the benefit of anybody who loses access to their validated email address, because there's no other way to regain an account.

There's more info on this at this FAQ: http://www.livejournal.com/support/faqbrowse.bml?faqid=287 .
:/
2. GO HERE AND REMOVE ANY EMAIL ADDRESSES THAT YOU NO LONGER CONTROL.
To remove old addresses, you will need to have a validated email addy that is at least 6 months old. This prevents someone from reregistering an old Hotmail address (for example) you deleted years ago and which Hotmail has since purged. It can happen. It has happened.

Wondering why I'm so worried? It's because posts like this (click for larger version):
 HACKER'C COMM POST
have started popping up in various comms again, and that's not good. If you follow a link in a post like this, you should run your antivirus programs immediately, as the linked pages can contain viruses and keyloggers, and if they gain control of your journal, they will systematically delete every single post there, and then they will attack any comms you moderate.

It sucks, but them's the facts. For a much better look at the problem, read [livejournal.com profile] acari's post how not to become the next hacker victim.

(Please don't ask for technical details or help because all I've done is read the posts that are floating around and thought "I gotta warn everyone!". If you read the linked posts, you have as much info as I do.)

on 2009-03-09 02:42 am (UTC)
ext_74119: (TH Bill Stop (lastfirewllrise))
Posted by [identity profile] saifai.livejournal.com
Thanks for the links! I don't always follow what goes on around here, so it's always good to get heads up. *goes off to tighten security*

on 2009-03-09 03:01 am (UTC)
Posted by [identity profile] darkhavens.livejournal.com
I hate that it's necessary to make posts like this, but the thought of losing everything because these f*ckt*rds delete every single post is just too horrifying to bear, so I share.

I just x-posted to several journals I mod and co-mod. If anyone complains about me spamming their flist, well, I'm not sure what I'll say, but it won't be pretty. *g*

on 2009-03-09 08:35 pm (UTC)
ext_11979: (Ben/Michael kiss)
Posted by [identity profile] suki-blue.livejournal.com
Thanks for the info, luv!

on 2009-03-09 08:39 pm (UTC)
Posted by [identity profile] darkhavens.livejournal.com
Gah! I've been given new info and I edited at all four comms I posted to... and I forgot to edit this one. *headdesk*

Post has now been edited for your further edification.

(I hate that posts like this are necessary, I really do. A pox on the hackers! A POX, I say! *g*)

on 2009-03-17 10:22 pm (UTC)
Posted by [identity profile] outsideth3box.livejournal.com
LOL, I'm just using your LJ to try something, didn't want to be rude and do it in a fic post.






Profile

darkhavens: text icon: 15 m/m pairings in dk purple, with paler txt darkhavens and even paler txt multifandom ho. (Default)
darkhavens

November 2009

S M T W T F S
123 45 67
8 91011121314
15161718192021
22232425262728
2930     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 26th, 2017 01:42 pm
Powered by Dreamwidth Studios