Thoughts on the Gawker hack fiasco

So if you haven’t heard about this massive fiasco yet, read this article for a quick summary.  We were talking about this in my wow guild chat and someone said “that’s why my password is complex with a lot of 1’s and o’s.”  The ones of us who are computer literate lolled for a bit and then informed him that he completely had no idea of what was going on.  This article is for the people who read this blog who are like him.

The problem here is that the usernames and passwords were all compromised, meaning that the hackers could SEE everything.  It doesn’t matter if your password has lots of 1’s and 0’s.  It’s out there now.  Everyone on the internet has access to it.  What also got me about my guildie’s statement was that he said “password”.  Singular.  While I didn’t verify this, I get the feeling that he probably has one password that he uses for everything.  THIS IS BAD.  If you read the article I linked at the beginning of this post, it mentions that the compromised account usernames and passwords might have something to do with a bunch of twitter accounts getting hacked right after this happened.  To write a script that uses these usernames and passwords against a multitude of services is relatively trivial.  Blizzard has even sent out emails to users who might be affected by this hack (link).  This is also one reason everyone who plays wow should get an authenticator.  But I digress.

WHAT DOES THIS ALL MEAN?  At the very least, everyone should be examining their username/password security policies.  The ideal solution is to create unique usernames and passwords for each site/service you subscribe to, but this is not going to happen because 1) people are lazy and 2) good is dumb (points if you’re old enough to remember where that reference came from).  At the very least, you can create tiers, or groups, of logins/passwords.  For sites where all you do with your login is comment or read (like forums), a dummy account should suffice.  If this dummy account were to be compromised, the risk associated is pretty low.  OMG SOMEONE CAN SPOOF ME AND WRITE COMMENTS ON GIZMODO!  Who the fuck cares.  However, when you start dealing with services and sites that could have extreme damaging effects if compromised, a unique username and password system is the best method.  Make sure to pick a complex password and not something like “123456” or “password” as so many people using the gawker sites did.  The bad side to this is that we all use the internet so much now that this system can lead to mountains of usernames/passwords that we have to remember.  For this, you could try using a password manager, but that in itself is worthy of a whole other discussion (keeping all your passwords in one central location accessible by only a single password).

Anyways, I hope this incident has at least made people think about their current username/password policies and perhaps contemplate upgrading their security.  I also would just like to note that while I don’t condone hacking into other people’s sites/systems, Gawker is dumb.  They actively went after 4chan/gnosis/whatever and instigated this.  What they did was the equivalent of driving into the bad part of town in their yuppie VW Jetta and talking shit to feel good about themselves.  You know the old saying.  Play with fire…

some more guitar

An E minor jam I did a while back and never got around to uploading to my computer until today.  The jam is from the third movement in Phish’s Antelope, Em -> D.  Maybe I’ll get around to doing the entire song one day…

{% youtube 67YquYYZ-K0 %}

‘Review: Mass Effect 2’

ME2

So I’ve been on a console game kick lately and have a slew of reviews to write up, but since I just finished ME2, I wanted to get my thoughts out before they start to fade.  I’ll try not to include any specific plot points so I don’t spoil anyone’s fun.  Having played the first Mass Effect, I was already a bit invested in the series and when I finally started the sequel, the opening sequence got me hooked.  It felt like I had just started a movie and was already at the edge of my seat when the opening credits started.

One big annoyance I had with the first one was that there was far too much planetary exploration.  You’d come across an unexplored planet and have to set down in your dune buggy vehicle and roll all over the place to gather up resources and occasionally kill some baddies.  They’ve streamlined that in the sequel.  There’s no more dune buggy exploration (unless you download the Firewalker DLC.  protip: not worth it) and you can do your resource mining from space.  The “hacking” and “bypassing” mini-games are a little better this time around.

I played as soldier class, but my friend who played through as adept told me that the adept biotic skills have undergone significant improvement.  You can now “bend” your abilities and can even use them around corners.  If I ever make it to a second play through, I’m going full renegade adept.

The game did seem a bit short as you’ll find that most of your side quests are just “loyalty” missions to get individual crew members to become loyal to you.  I wish there was a bit more variety, but I guess that’s what DLC is for nowadays…  Another complaint is that the game is still ultra linear and your paragon/renegade choices don’t seem to do much to vary the plot.  I hope Mass Effect 3 has a bit more variety and maybe multiple endings depending on your in-game choices.

In conclusion, I’d have to say that I liked the game (despite my gripes) and it kept me entertained for the week I played it.  I’m a fan of the storyline so I can’t wait to see what happens in the next game.  There’s even rumors of an online version of Mass Effect which would be kinda cool.  Bioware has succeeded yet again in making a fantastic product, but perhaps they’re leaving some of the biggest surprises for the 3rd game (more weapons, better quest variety, multiple endings, etc).  I give this game an A.