No big deal?

Normally this would be a bummer because you would need a new laptop or at least an expensive repair, but in his case it is 3 days before senior project. I know these students had placed most of their code into github.com and that this student has already delivered much of the code to the client (he logs into the client server regularly while I am assisting him). So yeah pretty big deal just before senior project.

How does Dropbox help?

Any computer with Office 2007, Visual Studio and Remote Desktop Connection would allow this student to keep working and finish anything he needed for his project. He can just log into dropbox.com and manually upload and download the files he needs. Piece of cake.

I sent him the signup code: https://www.dropbox.com/referrals/NTgxNTA3OQ. I was notified within minutes that my storage was increased because he has signed up.

Good job Jake. Move everything you want saved into your dropbox folder inside of my documents and just let it do the uploading. 2 gigs for free and when you refer friends you get a bit more:

It isn’t that I am doing anything wrong, it is just that I do not need the next guy who gets my machine to look up my photos or something like that. I might have some unencrypted files that I do not want them to access. You know stuff like that.

So what do I do before I sell a laptop or otherwise release a HDD into the wild?

I use DBAN. I simply install it to a bootable USB (or DVD) and let it run. I choose all the defaults and just let it go. The last drive I ran it on it took 36 hours to run. I feel reasonable secure that my data is no longer on the drive and it is left in a state that I can either install the OS or place the restore disks from the manufacturer in the machine and let it go.

Seriously a good option. I remember Shawn asking me a few years ago if I did this and I kinda laughed it off. I took him very serious after some reports of data on HDDs coming off of Ebay etc.

http://www.dailymail.co.uk/news/article-1178239/Computer-hard-drive-sold-eBay-details-secret-U-S-missile-defence-system.html

http://blog.alertsec.com/2009/09/ebay-allowing-unencrypted-drives-to-live-on/

Anyway. Not my data.

Why is it so important (and why am I going to change my behavior)?

Let’s say China gets into Google’s servers and finds my password. They can probably assume that they can now also get into my twitter and facebook accounts too (and they would be correct). They can probably access 100 different services and find information or change information about me to suit their needs. I know China is out for me.

So I have to get a new password for each site I visit.

I have a plan. I already have a password that is something like Y0u4reAB1gD0rk, but now I will add in something like the last three characters of the site in “their location in the alphabet” to the password. So for google you will have gle. g = 4, l = 12, and e = 5, so 21. I will change my password there to be Y0u4reAB1g21D0rk. Neat huh?

They will never catch me this way

So what about changing my password often? Do I need to do that? No.
The idea from changing your password often is that if your password is compromised you change it and the bad stuff stops. Well if you are using a different password for each site then the bad stuff was limited to that site and the bad guys probably locked you out anyway.

If you are using the same password for all sites then the bad guys are probably going to use your password really quickly. So you need to change your password like every minute to overcome this. Ready for that task? No. Don’t bother. Just create a good password for each site and change it every so often. I might go with once every 90 days or so, but really it just does not matter.

The password I used above: Y0u4reAB1g21D0rk is rated “BEST” by Microsoft

http://www.microsoft.com/protect/fraud/passwords/checker.aspx

According to KeePass my password Y0u4reAB1g21D0rk is 87 bits. This means it would take like 76 years to crack it. I can have my Grandchildren change it for me long after I am gone

BTW. The wikipedia article has some great quotes on writing down your password and not using the same one on multiple sites.

http://en.wikipedia.org/wiki/Password_strength#Time_needed_for_password_searches