Another title might be “A Website’s For Life, Not Just For Christmas”. It’s also technically a Lesson From ’12, but hey, it’s still January, so near enough.

I made the mistake of not regularly updating one of the applications installed on this server for a few months. Zen Photo, which runs the gallery where I host my photographs, had a pair of lethal security holes thanks to some insecure versions of 3rd-party code (TinyMCE and ajaxFilemanager) which resulted in a rather ingeniously stealthy hack being deployed without me noticing.

UPDATE: acrylian from ZenPhoto mentions that TinyMCE itself was not involved in the breach, just the ajaxFilemanager plugin.

Plus, I’m fairly sure I wouldn’t have detected it, if it hadn’t been for the security breach at my hosting provider, Dreamhost, a few days ago.
(more…)

2011 saw an explosion of ‘hacktivism’ and black-hat chicanery – the antics of LulzSec and AntiSec, the breaching of Sony’s PlayStation Network, HBGary and Stratfor; previously confidential data getting sprayed onto Pastebin on a weekly basis.

Despite none of my precious private data being involved, all this carnage steadily convinced me it was time to take my password management much more seriously. Although I had a handful of decent passwords in play, some were shared amongst several sites, some were years old .. and who knew what my logins were for the swathe of random forums and mailing lists I’d accrued over the years? Decidedly amateur.

Enter KeePass and Wuala.
(more…)