Couple of things today, mostly hung together on the common thread of people being jerks to webcomics creators.
Here’s the thing: Rosemary Mosco is great at field biology, and even better at explaining nature to the rest of us in ways that make complex ideas easily graspable. Her art and writing styles are unique and unmistakable, and her reputation is of somebody that both knows what she’s talking about and being level-headed and worthy of your trust.
So it sucks that somebody out there is appropriating her good name in a Twitter account. It’s not the case of somebody else coincidentally being named Rosemary Mosco¹; it’s somebody that’s grabbed her avatar and links to her site and uses her name in the account name. Granted, there are only four tweets there and none in the past 18 months, but how many people following the fake account think it’s the real Rosemary Mosco? Scanning the followers of the fake reveals it’s recently been followed by two different environmental organizations, who presumably don’t want to follow an account that’s likely laying fallow until the day that it unleashes a torrent of spam.
Unfortunately, Twitter itself seems monumentally uninterested in dealing with the situation, describing the impostor account as a mere case of similarity. There’s not much to say here other than you have to proactively keep an eye on your name and who may be using it; you have to keep an eye on websites formerly associated with you (a situation which has afflicted Rene Engström, Box Brown, and Vera Brosgol) as well as those that are actively yours (cf: Lore Sjöberg’s domain-jacking, the brute-force attempt to steal Digger yesterday²).
Can you still get screwed even with best practices? Sure — you don’t know who else is taking security seriously, which can lead to things like an unsecured database resulting in 37 million compromised accounts³. But doing nothing because somebody else might not hold up their end of the load isn’t acceptable practice — be a little paranoid, take a few minutes to review your online security (in every sense of the phrase), and make things a little more difficult for the sumbitches that seek to make our lives a little more miserable.
Spam of the day:
Invitation Only event for: email@example.com Ashley Madison is the top rated married-dating company in the U.S., dedicated to privacy.
Boy, did you pick the wrong day to send this crap. Note to readers: I swear that this is a verbatim spam that I received 18 minutes ago as I write this. It’s one thing to be a lowlife spammer, but a stupid lowlife spammer? Just go back to school, get your GED, and maybe you can work your way up to Do Not Call List-evading phone solicitations.
¹ Much as I am plagued — plagued, I tell you! — by the existence of the other Gary Tyrrell. He got the Twitter name, I got the domain name, and our uneasy détente continues.
² On the topic of brute-forcing, you may be interested in a recent accounting of how many apps allow brute-force password guessing and how long it will take to guess your password (between 30 minutes and half an hour, depending on password strength). If that scares you, please reference past discussions on securing your sites, securing your data, and developing a general approach to security. Short version: take a lot of backups, don’t use an admin account for posting, and secure all accounts with unique, long-ass passwords.
³ Although a website for cheaters would appear to have little to do with the primary mission of this site, I decided the Ashley Madison hack was relevant for three reasons:
- It’s timely.
- I teach databases in the day job (much of which revolves around securing the damn things, which ain’t rocket surgery) and this one has me shaking my head at what a boneheaded, easily-prevented situation was the root cause.
- With 37 million accounts that were compromised, some of them have to be webcomickers. This is not an invitation to start speculating.