Blog (Possibly) Interrupted

The blog might be down a few times over the next week as it gets upgraded to the latest WordPress version. The downtime should be brief, but if you experience any trouble accessing the blog I apologize. It seems the older version had some security issues that may have contributed to a minor but annoying hack of the blog that happened last week. No data lost or anything, and the problem may not have anything to do with WordPress’s security… but better safe than sorry.

I suspect the problem may have been with a computer we sold via Craigslist a week or so ago. It was The Lovely Anna‘s computer, and she had gotten a new one recently prompting the sale of the old one. It sold so fast… they called, agreed on the price and drove straight over, the listing was up and down within hours… that I did not have time to properly prepare the computer to give to an unknown party. Computers store things like usernames and passwords in strings and cookies, and just clearing caches or browser history won’t necessarily get rid of them. If someone knows where and how to look, that kind of information can be recovered. I’m not saying that’s what happened, but I did use Anna’s computer to access my blog admin area, and it’s possible that my username and password was compromised and someone gained access to the editing interface.

Following the sale of the computer, Anna and I visited all the sites she ever logged into with a password and changed her password for each. She has had no problems of any kind. I even changed her e-mail password on the mail server. It did not occur to me that I had ever accessed any of my secure sites from her computer, but I had done so with the blog. I have since changed my password here. I don’t know if that took care of the problem or not, but there has been no reoccurance since that change.

Again, I don’t know if that was the problem or some bug in WordPress… but I did learn a lesson I’d pass on to everyone. In this day and age of identity theft, our computers are like boxes containing keys to our houses and cars, our checkbooks, our credit cards and our entire life savings in one flimsy digital safe. Selling an old computer should not be done lightly. I can see how the buying of old computers from the ignorant or careless Joe Sixpack by dishonest people would be a big business, using the purchased machine to extract passwords and personal info that could be used to steal. However some preventive measures will insure you do not have a problem when selling a computer. Here are some things to remember:

1. When you buy a computer, save all the manuals and original disks carefully. You’ll need them to restore the computer to factory settings. I save it all in the original box so it’s easy to find.
2. Create passwords for your accounts that are totally random, which include letters and numbers, and have no relation to you personally (like your street name or your birthday backwards).
3. Change your password every so often. I change mine every 3 months for all my accounts.
4. When you sell your computer, completely reformat your hard drive. Do a full reformat. This is the only way to completely delete all information from your drive. Then reinstall your system software. Most computers have instructions on how to bring your system back to factory standard.
5. Right before you sell your computer, change all your passwords using your new computer.

That fourth one is most important, and something I failed to do. Just deleting files doesn’t erase them, it just tells your computer to ignore that they are there and to overwrite them when something new is installed, copied or created. They are still there and can be recovered by special software you can buy anywhere.

It’s a different world. Much of our lives exists in strings of 1’s and 0’s on magnetic disks protected by nothing but software and passwords. These days putting your wallet in your front pocket when walking down crowded city streets isn’t enough to keep from getting your digital pockets picked. Be careful out there….