I think the odds of any of the recently compromised celebs actually reading this are practically a billion to one. I’m going to go over things anyway:
- First and foremost – lift a finger to help yourselves. Seriously. If you don’t take your own security seriously, nobody else will. If your password is in lists that already exist (rockyou, etc), you’re gonna have a bad time. Spend 5 minutes to check. Don’t know how? ASK SOMEONE – there are a bajillion people that would stab each other at the opportunity to help
- Second – Do not presume that corporate entities have your best interests in mind. They do not. They exist to placate shareholders and to “make money”. Apple is a great example. While there are many people who work for apple that strive to better their security posture, at the end of the day apple is a publicly held company and is at the mercy of their shareholders – so if the board of directors says ‘fuck security’, then you’re kind of on your own there. Do not let your fate depend on someone else. Protect yourself from people and companies that “give no fucks” and introduce risks to your personal brand and your reputation. Understand that “shit gets hacked sometimes” and factor that into your decision making process. Ask yourself “what would happen if <this service under scrutiny> got popped? What would happen to me?”
- Third – If you take naked pictures of yourself, again, lift a finger to help yourself and do not store them in places that other people can get to them. I know that the point here is that they’re being sent to boyfriend/girlfriend/husband/pet groomers/whoever, but if the intention is that “only that person should see it”, then seriously take 5 minutes to give the operational security of that photo some thought. “what would happen if the service I’m using to transmit this photo got popped? could the paparazzi get to it?” etc.
This is not rocket science, people – and security professionals say EXACTLY THE SAME THINGS every time there’s some huge hack or leak like this.
The problem is that nobody listens. So if there’s someone out there that knows a better way, I’m all ears.
For now, I’ll start with putting together a talk for the next TedX San Diego – we’ll see if I can even make the roster. Security people complaining to other security people is getting us nowhere.
