Xiaxue: The Price Of Technoignorance

First up, for those of you who know what’s going on and happen to like Xiaxue, this is not a Xiaxue bashing post. For those of you who don’t like Xiaxue, I say again…this is not a Xiaxue bashing post. For those of you who think this is about Xiaxue not knowing techno dance music…I have no idea what else to say about that one except…no, it’s definitely not about that either.

That being said, let’s get on with the post.

A lot of my life revolves data, information and secrets. So naturally…a lot of my life revolves around the net, people in it and the ways to protect information from those people. Now…I’m not THE best hacker around. All I do is your basic low key stuff like packet sniffing and SAM cracking from time to time when people need it. But what’s important here in regards to Xiaxue is the fact that both of her Blogger and Gmail accounts got broken into…which begs two questions.

  1. How simple was the password?
  2. How much time did the person spend to break the password?

That ladies and gentlemen, is what it is all about. Time. How long it takes for us to break your passwords depends entirely on how simple your passwords are. Those of us who just spend time to put in the minimum letters for a password aren’t really going to be very safe considering it can take a pretty short time to run through all the probabilities that those letters have. It takes an even shorter time if that password can be found in a dictionary.

So it comes to the first lesson of all this.

Use long passwords you can’t find in the dictionary.

Of course, the simplest ones you can remember would simply go like:

“bEtChaAintgOnNAdiGtiS1” or “br34kth15n0wY0u455h0Le5”

Just remember the rule of the thumb. If it’s more than 10 words. You’re pretty much safe. If it’s got numbers, then you’re even safer. If you back it up with upper and lower case keys then change it every 60 days, judgement day would arrive sooner than it would take for anyone to break that password of yours. It just follows a simple equation that’s all.

Complexity = headache.

It works for my blog, it can work for you too.

Of course, breaking into a blog or an email is a sad thing. Having three years worth of posts deleted because of that break-in is a sheer blogocidal attrocity. Ironically enough…there is a solution to all that…and I blogged about it yesterday here in this post.

That’s right, as long as we all backup our data in a safe place, come hell or black-hats, whatever you saved up for so long would still be there for you to put it back up.

As far as I know, fans of Xiaxue are at this very moment scouring google-cache for the rest of her posts which are floating around there in C-space. Not the best form of backup…but if they pull it all the together in the end, the best scenario is that you should be able to recover at least 95% of all her posts that have been deleted.

All I do is delete the oldest backup in my mailbox and download the newest backup onto my computer as my blog emails them to seperate unknown email account.

Double redundancy and double the safety.

My best recommendation to anyone who doesn’t want the same thing that happened to Xiaxue happen to them. Get yourself a webhost and at least publish your blogs there. You have a backup redundancy on both blogger and the webhost in case something goes wrong with one of them. Given that you would have a complex passwod with you at all times, I highly doubt someone is going to break in and erase everything.

Or…you can do what I did and use this instead.

No harm no fowl.

So what are you waiting for?

Don’t you think it’s time you upped your blog security a little bit more?

Wouldn’t want the worse to happen to you now won’t we?

8 thoughts on “Xiaxue: The Price Of Technoignorance

  1. i installed the backup plugin,weird thing is it cant seems to send the backups to my email.but i managed to get a copy of the backup also la,altho i would prefer to have it sent to the email.

    is there like any way to backup blogger’s post? coz someone asked bout this in the malaysiabloggers forums.

  2. According to what she told me, her password isn’t THAT easy to guess. Its nothing public, not like her phone number, dog’s name or things like that at all.

  3. Reallybites: In my case, the backups go to my junkmail for some reason. Check to see if your junkmail has those files. Also, your mailbox has to be big (my backup is 4mb big currently). There is only one way to back up your blogger files that I know off. Get a webhost and FTP your blogger archives off to the webhost. That’s what I did before I used WordPress. It works.

    Kenny: I never said guessed, I mean anyone can use a brute-force breaker to break the password. The shorter and less complex (no alphanumeric, no small/large cap combination, use dictionary words) a password is, the faster it is to break it. I’ve broken simple passwords in less than 3 days with brute-force hacking. Any yahoo with the right software can download it off the net and try it.

  4. Maybe like what ive stated in my blog, a possible cracker, or keylogging, though being hacked is possible. But if blogspot should be able to detect the hacker’s IP ina way…

  5. Keylogging won’t work unless the person has access to the same terminal the person uses and installed the software there.

    Even if they release it if they have it…but it won’t do you much good. Getting an IP address would only get you as far as knowing where it might be. You need an actual court order to get the details from the ISP for the IP adresses and that’s subject to standard internet privacy laws. I doubt the law would go that far for something like this cause even when RIAA wanted Universities and ISP to release those private information from Kazaa users…they had to to go the supreme court to get that order approved.

  6. Well, things happen. Kinda sad that her blog got hacked. All of us gotta take prevention before it happen to us. Hmm.. Pity XiaXue.. Well, that’s a great rule. People wouldn’t be able to guess it. Cheers. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *