Comments on: Cory Doctorow: Persistence Pays Parasites

By: In which I am stupid | PeterMBall.com

In which I am stupid | PeterMBall.com — Fri, 20 Aug 2010 05:11:15 +0000

[...] you’ve never read the Persistence Pays Parasites entry of Cory Doctrow’s Locus column then I heartily recommend dropping over and taking a [...]

By: Alec Berg

Alec Berg — Mon, 28 Jun 2010 14:40:57 +0000

I use McAfee SiteAdvisor which is free and always check the url before I enter a password. Also use different passwords on different sites. Don’t drop your guard for a second.

By: Shawn M.

Shawn M. — Wed, 23 Jun 2010 02:09:08 +0000

Besides all the tips listed above, another good thing to do is enter a bogus password if you suspect the site is illegitimate. Usually it will accept it without protest, whereas the true site will error out.

By: John

John — Sun, 20 Jun 2010 21:10:02 +0000

I stopped reading at the Firefox / Linux snobbery. Being as unsophisticated as I am, I merely use IE with no anti-virus software whatsoever, and I’ve never had any sort of virus, malware, etc.

You Linux / Mac guys really need to get over yourselves.

By: CptNerd

CptNerd — Sat, 19 Jun 2010 21:35:01 +0000

The MacOS X mail app has the ability to show the full URL of any link in an email, and I use it all the time when I get mail that seems legit (I spam filter out all the obvious crap), and even if the URL looks real, that is, matches the text in the email, I go to a browser to log in using a bookmark to that site. In other words, I get mail from “Amazon.com” that has a link text of “amazon.com” but a real URL of “amazon.com.bogus.site.ru/gobblygook_amazon/passwordgrabber.php”, so I teach the spam filter that it’s spam. If the URL matches the text, I still don’t click on the link. I’d still be vulnerable to DNS poisoning, but there’s not much I could do about that anyway.

By: Blacque Jacques Shellacque

Blacque Jacques Shellacque — Sat, 19 Jun 2010 21:34:50 +0000

I saw the URL that my browser was contacting with the login info: http://twitter.scamsite.com…

Whenever I look at my mail (I don’t have any use for those iPhone style cells), if I see something that looks like it might be legit and there’s a link, I always put the cursor over it and look at the status bar below to see if the displayed link name matches. 99.9% of the time the phishing expedition becomes obvious right then and there.

By: Sean

Sean — Sat, 19 Jun 2010 18:51:45 +0000

So you’re using a coffee shop’s un-secure WiFi, to enter your passwords somewhere, and you’re clicking on shortened hyperlinks, amongst other things.

And you SERIOUSLY call yourself technically proficient? You got what you deserved, really. Those are some things no one should do to keep themselves secure, and the “technically sophisticated” author seems to do a lot of them.

By: W^L+

W^L+ — Sat, 19 Jun 2010 18:16:11 +0000

@Fred
Almost every *desktop* browser has those same protections. *Mobile* browsers don’t have the space to show the full domain name of a twitter.scamsite URL.

By: tom swift

tom swift — Sat, 19 Jun 2010 17:30:03 +0000

Hmmm. So all the fancy techno-gimcracks, the encrupted drive, long random passwords, use of a fringe OS, were not useful defenses. The weak point is the user, not the OS or any of that fancy stuff.

The other approach is the one I use. Skip the techno tricks (though of course nobody should be using any Microsoft browser in any case) and type in passwords only on sites I’ve typed in myself. No exceptions!

At least, it’s worked so far.

By: Fred

Fred — Thu, 10 Jun 2010 14:49:18 +0000

Amusingly, ‘dogs like Internet Explorer’ use the address bar point out what the actual domain of the website you visit is, even if it’s not fully visible, which would have saved you from the twitter.scamsite.com debacle. But hey, let’s all keep reiterating how bad IE is instead of looking for the strong and weak points in all browsers.