Recycling is good when it is papers, plastics, and metals. But recycling old Hotmail addresses that haven't been used in over a year, can cause problems as I'm learning from a LiveJournal news item Keeping Your Journal Safe:
Other sites may be vulnerable to the recycled Hotmail address exploitation of the "forgot password" functions. All too often, there's an assumption that only you will have access to the email address associated with you. (Then there is the security economics where for most sites it is more cost effective to email the password info than to do extensive checks of the requesters. If it's a free email service, what do you expect?)
Some countermeasures:
<<---The new "owner" of the Hotmail address could use the LiveJournal services' help for lost passwords to the get the password info sent to the Hotmail address. LiveJournal has no way of knowing that the email address has been recycled.
Recently some journals and communities have been broken into, their contents deleted, and their owners locked out. We want to explain how this can happen and give you some steps you can take to help prevent this from happening to your journal or community.
First of all, we would like to dispel the rumor that these break-ins have something to do with the accounts that have recently been friending large numbers of users (sometimes called friending bots). We do not believe these are related. The problem appears to stem from Hotmail's policy of recycling inactive email addresses.
The recent break-ins resulted from hijackers finding and accessing lapsed Hotmail accounts that were used with LiveJournal accounts and publicly displayed on Profile pages in the past. You should be aware that Hotmail recycles email addresses that haven't been used in more than a year. If you validated a Hotmail address for your journal and displayed it publicly in the past, but then let the address lapse, someone who finds and re-registers that address can use it to obtain control of the journal.
--->>
Other sites may be vulnerable to the recycled Hotmail address exploitation of the "forgot password" functions. All too often, there's an assumption that only you will have access to the email address associated with you. (Then there is the security economics where for most sites it is more cost effective to email the password info than to do extensive checks of the requesters. If it's a free email service, what do you expect?)
Some countermeasures:
- Review online accounts at Web/blog hosting, online banking, etc. services periodically to make sure that the email and other contact info is still correct.
- Use additional security features, such as "secret questions" for your online accounts, if available.
- If abandoning an email address, let your more important contacts know so they don't send anything sensitive to the old address. Abandoning an email account does not mean it will never resurface.
Remember to recycle those electrons!
J.D. Abolins
Hello world
Although 20six.co.uk has served me well for a couple of years, I've decided to try a new home for my Networked World blog. LiveJournal seems like a good place. It has the features I want to have for a blog. Also, there are several open source clients, such as Drivel and LogJam, that work with Live Journal
Over the next few days, I'll move a few on the current posts from the other blog over here and, then, start new postings.
Jonathan "J.D." Abolins
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
