[hcs-d] Important password security information

Jim Danz danz at fas.harvard.edu
Thu Dec 9 20:23:29 EST 2010


OK, that SGTM.

On Thu, Dec 9, 2010 at 8:13 PM, Jeremy Cushman <jscushman at gmail.com> wrote:
> I support sending this out as concerned individuals.
>
> On Thu, Dec 9, 2010 at 8:09 PM, Jim Danz <danz at fas.harvard.edu> wrote:
>>
>> Wait, before this goes out, what is going to be the branding on this?
>> Are we just supposed to send it off as if we're individuals with our
>> opinions, or is this an official "HCS" warning?
>>
>> On Thu, Dec 9, 2010 at 8:05 PM, Jeremy Cushman <jscushman at gmail.com>
>> wrote:
>> > And actually, perhaps the third one (Never log in to any website when
>> > you
>> > don't see https:// in the address bar) is too strong; the important part
>> > is
>> > that it's submitted to a page that uses https, but I wasn't sure quite
>> > how
>> > to explain that.
>> > Jeremy
>> >
>> > On Thu, Dec 9, 2010 at 8:02 PM, Jeremy Cushman <jscushman at gmail.com>
>> > wrote:
>> >>
>> >> Here's a password security PSA; it would be awesome if we could get
>> >> this
>> >> out to all the house/dorm lists tonight!  Obviously substitute in the
>> >> house
>> >> name and your name at the bottom :-)
>> >> Feel free to tweak it around too if you'd like.
>> >>
>> >> Jeremy
>> >> ------------------------------
>> >> Hey [housename],
>> >> Every year at the CS 50 fair, hundreds of students demo their great new
>> >> web apps to the Harvard community.  While you should definitely try out
>> >> as
>> >> many sites as possible, to be safe, you should:
>> >> - Never use an important password to register for any student's
>> >> website.
>> >>  Always assume that any password you type might be seen by the site
>> >> creator.
>> >> - Never give your FAS, @college, Gmail, Facebook or password to a
>> >> student's website unless you're at the familiar PIN authentication page
>> >> or
>> >> logging in through the familiar Gmail or Facebook login pages.
>> >> - Never log in to any website when you don't see https:// in the
>> >> address
>> >> bar.
>> >> - Be aware that by logging into your Facebook or Google accounts at the
>> >> fair you are very vulnerable to Firesheep and account hijacking.
>> >> Enjoy the fair!
>> >> [name]
>> >
>> > _______________________________________________
>> > hcs-discuss mailing list
>> > hcs-discuss at lists.hcs.harvard.edu
>> > https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >
>> >
>
>


More information about the hcs-discuss mailing list