Eideard

When I was an IT admin, I had the pleasure of dealing often with people who would submit urgent service requests and then leave for the day, leaving their office empty and computer locked by the time I could get there to help. Fortunately, I was often able to fix their problem while they weren’t there. Why? Their password was somewhere on their desk in one of these easy-to-find locations.

Under the Keyboard. This is a pretty common one, and one of the first places to look if you need to find someone’s password (or one of the first places to avoid if you need to jot down an often-used but difficult to remember password.) The worst offenders leave them on a post-it on their keyboard tray, or under the spot where their keyboard lives. Others attach the post-it to the underside of the keyboard, thinking it’s better hidden there. In both cases, it’s a sure bet that anything under the keyboard will have a password on it…

Under the Mouse Pad. This is another common hiding place for people who don’t want to put their passwords under their keyboard. They’ll usually slide a couple of sheets of paper under the mousepad with their usernames and passwords on it and refer to them when they forget, or update them when their password expires…

Under the Desk. One of the most disturbingly common spots many officer workers hide their passwords is one of the easiest to find: right under their desk surface. Just sit down at their desk and put your hand directly under the desktop, and you’ll often find yet another post-it note attached there. Most people who do this operate under the assumption that no one’s ever under their desk to see or notice such a thing—except the IT admin or help desk tech they call when they’ve jostled the Ethernet cable loose from the back of their desktop…

I haven’t even posted half of the silly places people think are secure in the world of prairie-dog cubicles. If you’re guilty of any of these, go apologize in advance to your network administrator. You may have compromised everything that should be secure. And if your password is “1-2-3-4-5″ – quit your job and go back to flipping burgers for a living.

So where should you store your passwords? RTFA for a couple of suggestions.

A glamorous young Russian woman alleged to have assisted a gang of computer hackers who stole $3 million (£1.9 million) in an internet banking fraud is now in court.

Kristina Svechinskaya, who was arrested in New York earlier this month, is one of 37 people charged over the alleged fraud, in which hackers allegedly broke into people’s computers to steal their money.

It is alleged that they sent victims emails containing Trojan horses, pieces of software which, when clicked, allowed the sender access to the recipients files and passwords.

Miss Svechinskaya, who drew comparisons with the Russian spy Anna Chapman after pictures of her were found online, is charged with conspiracy to commit bank fraud and the false use of a passport. She has been dubbed the “world’s sexiest computer hacker”.

She is accused of helping to provide bank accounts for the hackers, into which $35,000 was fraudulently deposited and $11,000 withdrawn, in return for a ten per cent cut of the stolen money. It is claimed she opened at least five accounts…

Of course, she is not a hacker. She’s a “mule” – the appropriate term in the world of fraud for the service she provided. Not unlike the mules who smuggle heroin or cocaine to a destination in balloons in their stomachs.

U.S. prosecutors have unveiled charges against more than 60 defendants allegedly involved in a global cybercrime scheme that used the Zeus Trojan and other Internet viruses to steal over $ 3 million dollars from U.S. bank accounts.

The scheme was engineered by unnamed hackers based in Eastern Europe who hijacked bank accounts…

“The mouse and the keyboard can be far more effective than the gun and the mask,” U.S. Attorney Preet Bharara told reporters.

Prosecutors described a complex “money mule” organization in which foreigners who entered the United States on student visas were recruited as “mules” to open bank accounts under fake names. The accounts were then used to receive and transfer the stolen funds, they said.

Federal prosecutors announced charges against 37 defendants, while Manhattan District Attorney prosecutors charged 36 people on top of 19 previously arrested. City and federal prosecutors said a number of those charged were not yet in custody.

London’s Metropolitan Police arrested 19 people on Tuesday in a possibly related case in which 6 million pounds were allegedly stolen from a number of unidentified major world banks.

There still is no patch for stupidity.

A U.S. data security firm said a study of passwords from the Rockyou.com breach found “123456″ was the most commonly used password among users.

The Imperva security firm said in a release Thursday a study of the 32 million passwords exposed during a December breach of a RockYou database indicates numerical passwords were popular among users.

While “123456″ topped the list, the study found “12345″ was the second most commonly used password among Rockyou.com users. The password “123456789″ was third overall…

Imperva Chief Technical Officer Amichai Shulman said the list, which was rounded off with “abc123″ in 10th, shows the vulnerability of certain passwords.

“Vulnerability of certain passwords”? How about the vulnerability of people who are too stupid to come up with a useful password?

Cripes!

Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work.

The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users’ states of residence. The information does not include Social Security numbers, which Monster.com said it doesn’t collect, or resumes.

USAJobs.com, the U.S. government Web site for federal jobs, is hosted by Monster.com and was also subject to the data theft. USAJobs.com also posted a warning about the breach.

The company advised users to change their passwords and reminded them to ignore e-mails they may get that purport to be from the company and that ask for password information or instruct the user to download anything.

I think it’s reasonably creepy that monster.com isn’t directly contacting users whose accounts were compromised. Is that arrogance or are they just cheapskates?