My Milkshake
15 Jan 2011
Seen at Trueburger, Oakland
My Yahoo account was hacked this morning. The first sign that something was up was an email from Yahoo saying that an email address was added to my account. The address was “bradley_greenlee@yahoo.com”. Tricky. It definitely gave me pause. That’s my name, but I didn’t think I had that account. I went in and deleted it.
Suddenly Adium went nuts, popping up 20+ dialogs saying “<username> has (retroactively) denied your request to add them to your list.” Huh. Then came the first of a number of emails from friends (basically, Y! IM friends) saying that they had gotten an email from me saying that I was stuck in Wales without my creditcard and passport yada yada. Yup, hacked.
I was already on my way to changing my password. Unfortunately, my Yahoo account was still tied to my old AT&T DSL account, and I had to remember the username for that before I got in (this actually probably saved my butt, preventing the attacker from changing my password). I did eventually get in, though, and changed it to a nice, long random string.
So, how did this happen? Well, Yahoo was my spam-bucket account–I used it on a lot of throwaway sites that needed an email address. Unfortunately, I never changed the password from a common one I use on a lot of those same throwaway sites (for sites that I actually care about, I generate a random password, which I store in 1Password). Stupid. I’m sure one of those sites got compromised and were storing their passwords in plaintext.
I don’t think much damage was done, other than spamming a lot of Y! IM friends. The upside was that I got back in touch with some friends I hadn’t talked to in ages.
The lesson here is to never trust any site to keep your password secure. Count on it getting compromised at some point. Use a random password for each one, and a tool like 1Password or LastPass to keep track of them.
Most important, never use the same password on your email accounts that you do on any other site. If your email account gets compromised, the attacker can use that account to gain access (via “forgot password”) to any other sites that use that email address.
ReadWriteWeb posted a short article today, The iPad Not a Savior of Magazines, as Digital Sales Continue to Fall. Looking at the current sales trend is pretty silly, however. Of course you’re going to see a big drop-off. Early adopters are eager to check out The Future, but people aren’t going to continue to pay newsstand prices for digital editions of magazines, especially if they’re already paying for a print subscription.
I don’t think we’ll see much improvement until both Apple and the publishers get over themselves and come to an agreement on subscription pricing. At issue is how much access the publishers get to their subscribers’ data. Traditionally, what keeps print publications alive is their ability to resell their subscribers’ information to advertisers. But Apple isn’t about to give that up. So either publishers need to accept that they’re going to have to give up some control in order to play in Apple’s ecosystem, or Apple needs to loosen its grip a bit (less likely).
Still, I’d wager that in 5 years, digital subscription sales will surpass print.