Something Dave and I have been talking about a lot is trust.  This is an old topic that is coming into sharper focus as the years go on.  In simple terms, a trusted environment is one in which other members can be assumed to be who and what they appear to be:  that email from your Mom’s Facebook account, is legit, right?  The problem is that the Internet is not a trusted environment and requires validation.  How far we validate and require people to authenticate depends on the amount of risk we want to accept.  Reading a text based email from a long lost friend is probably ok but opening an attachment … probably not.

I’ve been reading some great work by Daniel Solove about the history of some of the issues we’re experiencing on the Internet.  (Props to David Mortman for making me aware of this guy)  Solove talks at length about how some social dynamics are distorted on the Internet in ways they aren’t in the physical world.  An ill-advised comment on Twitter could haunt you forEVER!

When we started using the Internet it was an insulated place and although true authentication was difficult, there were so few people using it, a phishing email would have seemed absurd.  Many people who are using the Web today, see it in terms of social media;  the friendly screens of Facebook or Twitter.  This is a confusing mix of real world friends and family and typical Internet ‘friends’.  Though even our relationships with some of these remote acquaintances is that of close friends.  Seen through the lens of Davezilla (click image for larger, downloadable version):

Part of the problem is that we’ve lost the healthy fear we once had of the Internet.  One of the results is that bad things are becoming more frequent.  Symantec’s Threat Report tells part of the story:  Between 2002 and 2008, new malware reported each year is exploding.

To be clear:  I think the benefits of all of the technology far outweigh the problems.  We just need to make sure we’re following some basic rules for this bad neighborhood.  We’ll never be able to eliminate all of the risks of using the Internet.  But you can reduce it to a manageable level making it much less likely that you’ll have problems.

Commonsense Media has a some great resources for Internet safety.

What are your thoughts about how we should be approaching this issue?

Here’s another good take on the Twitter “Is this you lol” Phishing scam. I really like that author, Graham Cluley reminds readers to use better passwords. People. This is basic and yet 33% of you use the same password everywhere. This is ludicrous.

Would you pin your child’s social security number to their jacket and send them to school? Of course not! But you’ll use the same password because you can’t be bothered to spend 30 seconds to think of a new one. I mean, that’s 30 seconds less you would get to play Farmville, god forbid.

But I digress… Let’s be constructive here. Passwords. There is nothing more critical to the security of your basic identity than having a set of good passwords to use. I know what’s running through your head right now. “I know, I know should do that, but I just can’t remember more than one and I know enough not to tape it under my keyboard.” Congratulations. You’re half way to recovery. Now you just need some tools.

Unless you have a truly random brain, you need to use a password generator. There are several free ones. Go use these ones now.

1. Strong Password Generator is one of my favorites. You can choose the number of password characters (please don’t choose fewer than 12), whether or not to include symbols (yes, please!) and it even gives mnemonic hints to help you recall the password, despite it being quite random.
2. From Bytes Interactive comes two password generators. One creates passwords similar to Strong Password Generator with several options, the other generator creates 1337 passwords (LEET) which are based on a phrase you can recall. They also have a secure server.
3. RandPass has been online forever and generates very good passwords. What I like about them is the ability to generate large batches of passwords at once.

You also need some place to store passwords, but no, written down on paper is for chumps who deserve to be robbed blind. Do it right. Use a password database. Here are some of my favorites:

1. 1Password. This costs $40, but isn’t your identity worth it? 1Password can also generate them for you and has a 100% moneyback guarantee. It also comes as an iPhone app. Mac only
2. OnePassword is free. It integrates into Internet Explorer as a toolbar and has many of the features of 1Password.
3. How about your blog? A great plugin by Marcel Bokhorst exists for WordPress, called One-Time Password. As the name implies, it generates password logins for WordPress that can only be used one time, preventing password theft. Outstanding plugin.

Hope these tips help! Do you know of any good password generators or password databases I didn’t mention? Let us know in the comments.

1. You can remove passwords from edit-restricted PDFs. This article shows you how to defeat the PDF DRM.
2. How to edit your video online for free or cheap
3. The Automation Labs Facebook security scare. Yet another chain message tripping out folks on Facebook.
4. How to avoid YouTube scams
5. Spear Phishers target military

It’s no secret to my friends that I am a WordPress fanatic. Having been on the original B2 dev team back in the day, I love seeing how far it’s gone. But with growth comes attention and sometimes that means negative attention à la scams, spammers, etc. WordPress has certainly seen its fair share of attacks. Fortunately, there are some great security plugins available to protect your blog and prevent attacks. Here are my faves:

1. WordPress Exploit Scanner:This plugin searches the files and database of your website for signs of suspicious activity. It will not stop someone hacking into your site, but it may help you find any uploaded or compromised files left by the hacker.
2. WP Security Scan: I love this plugin. It does exactly what it promises, and has protected my blog many times. Scans include passwords, file permissions, database security, version hiding, WordPress admin protection/security and removing the WP Generator META tag from core code—a simple method for protecting your blog from attacks that target specific versions of WordPress.
3. Secure WordPress: This fine German plugin has a few unique tricks I haven’t seen on the other plugins, including removing the error-information on the login-page, adding an index.php to the plugin-directory and removing core update information for non-admins.
4. Secure Invites for Wordpress MU: I haven’t personally tried this plugin, but it gets great reviews, so here is the plugin page description: “This plugin stops access to your signup page, except where the visitor has been invited and clicked the link in their invitation email. Your users invite people, and you can see who has sent the most invitations, and how many resulting signups have occurred.”
5. Fast and Secure Contact Form: With a 5-star rating (and no rating under 5), this is arguably the most popular and secure contact form available. I used to use Contact7, but was furious with how much spam gets through it. So many features that I recommend you read the plugin homepage to take it all in.
6. WP-DB-Backup: WordPress database backup creates backups of your core WordPress tables as well as other tables of your choice in the same database. Backups are something I suggest you all do on a weekly basis, daily if you blog for a living. Plugins like this allow you to schedule the backups automatically and not have to remember to do it. It’s all about the automation.
7. root Cookie: By default the wordpress cookie exactly matches the URL of your installation, this plugin removes any subfolders from the cookie so that your whole domain has access to it. This useful plugin also allows your authentication to work across subdomains!
8. WP-Secure Remove Wordpress Version: While plugins like Security Scan and Secure WordPress do this, if you aren’t up to installing big guns like them, at the very least add this plugin. It’s a one-trick pony, but a very good trick. It removes the version number from the WordPress meta tag; something spammers target all the time.
9. Akismet: Despite being a default plugin, I am amazed at how many people will not take the 30 seconds to sign up for an Akismet key. Do it now. It is the most effective spam plugin ever developed. Bar none.

Which plugins do you use for security?