June 2006

I finished His Dark Materials tonight. A few brief thoughts below the fold, to prevent spoiler action.

Monday afternoon I changed my password for the first time in ten years.

That’s a terrible thing to admit, especially given that I’ve made my career in network security, but it’s true. Ten years ago I set my password on the server where I still send and receive what I think of as my “real” email, and I hadn’t changed it since. It was many characters long, a sensible mix of letters and symbols and numbers. In all those ten years, my account was never cracked, my password never guessed, my login never abused.

Then I logged in on Monday afternoon, and I saw an email from Ebay telling me I’d successfully created a listing for 1,000 gold from World of Warcraft. Only, I hadn’t. I figured it was phishing spam, but it mentioned my specific Ebay login. So, I checked my account on Ebay, rarely used, and saw that, whoops, there were over 1,500 fake listings for WoW gold in my name. They were identical, and each listing page included Paypal buttons for the ordering of gold and leveling in WoW – it didn’t matter that they listed them using my account, because the goods weren’t actually bought at auction. It was just a convenient way for them to advertise their product and offer a direct-purchase Paypal link so many times that they could flood the listings one would get were they to search Ebay for World of Warcraft gold.

Long story short, the Ebay rep who talked to me (they call you after initially working with you online, which really sealed the deal for me in terms of coming away viewing it as a positive customer service experience – that, and it took them all of fifteen minutes to have the situation entirely fixed) told me two things: that it was the most fake listings he had ever seen, so many it crashed his administrative interface to the site when he tried to cancel them en masse, and that I should change the password on my email account.

Now, realize that the account in question is an old account. I’ve had it for over a decade. It’s an actual shell account on an actual server where I use Pine to read my email. It is not some Hotmail junk. I remember when I worked there, there was a terminal set up in one corner and whenever someone mistyped a password for an account on our system, an alert would pop up on that monitor.

But I work in network security, and I couldn’t very well just cross my fingers and hope for the best, could I? I’d already cancelled my Paypal account entirely in a fit of paranoid track-covering. I was already in slash-and-burn mode regarding anything related to my Ebay account. It occurred to me that if they had logged in as me then they knew my street address, they knew my email address, they knew my phone number, everything. Even if they couldn’t do much with my street address, it still drove me bat-shit just knowing they knew that. Anything I could do to improve the chances of not having my life dug further into, well, it had to be a pretty good idea, right? And so I sucked it up and typed something I hadn’t in a very long time:


Now I have to remember a new one. The old one is so programmed into my fingers that I still type it every time I log in. I felt oddly invaded, oddly stripped bare by the experience, but nothing about it is as bad, frankly, as my annoyance at having to remember a new password.

If I could wrap my hands around the necks of those bastards, that’s the last thing they’d hear as the light dimmed: You made me remember a new password, you fuckers.

What’s funniest to me is that I change all my other passwords all the time. Ebay password? Totally changed. I don’t buy or sell on Ebay that often, but I log in fairly frequently just to glance around. I change that password a lot. I just didn’t get lucky on this one.

It’s just that one password, on my “real” email, that I’d let stay the same. Eventually it was like a quiet point of shameful pride, like a monk with a prodigious collection of skin mags. But now even I, perverse as I am, will change it often as well. Just one more thing to go in the calendar appointments, one more account to remind myself to change every so often.

I would wring those bastards’ necks in two seconds, given half a chance.

« Previous Page