Turns out the dude was shagging a Chinese spy after she picked him up in a nightclub and she stole it.

Oy…

Good spot though.

The idea is to never make them hard to remember or hard to type once known, especially if a number of people for what ever reason need access to the same account and password since then lists become an unfortunate necessity. By the way, a hard copy of said list kept in a laptop bag left relatively unattended in an office strikes me as even worse than keeping it somewhere on a network share. ;-P

http://crimelert.co.za/latest/got-a-wireless-network-fbi-alert.html

Luckily you pointed that out.

Prefixes are a very helpful tool, and one of the best security tips I came across recently.

Regarding your practices, what helps for passwords, and if you must have lists, use a combination password. In other words, have a prefix that is really hard to guess that you keep constant for all your machines, and then a suffix which is unique for each machine/purpose. You should still decide who to trust with what and preferably have multiple prefixes for different levels of things you care about (In other words, do NOT use the same prefix you use for your root passwords and banking for forums access). This also has the advantage that in your list (which you probably need to keep if you’re requiring this advice) that you only need to store the suffixes. So even if the list gets compromised it helps not unless that person also manages to obtain the prefix (which SHOULD NOT be written down anywhere – EVER). The problem is there is always some wise crack somewhere that puts the prefix down as part of his list.

Also note that notebooks seem to have a nasty tendency of actually having RAM that keeps their content in relatively good condition for up to 10 minutes if properly prepped after shutting down. This means that if someone steals a “hot” notebook, even if the screen is properly locked, they potentially can still get hold of the content on the drive by inserting a _very_ minimalistic CD with the appropriate tools on it to scan the RAM for the hard-drive key, then pull the power and the battery (no clean shutdown or some process may do the right thing and scrub the RAM), put the battery back and boot the LiveCD.

Also, your subnetting trick is security through obscurity unless none of the machines on your LAN segment knows how to route back through the buffalo. Or it has a proper firewall only allowing connections through it that also goes over the ADSL router, in which case it’s not particularly useful for “extending the LAN”. Very nifty idea though, and definitely an advantage (most script kiddies – the type of person that would perform a non-targeted penetration – would not know how to detect this).

What I’ve been saying for a while now is this: We have the technology to enable computer security to a sufficient level, what we don’t seem to have is the savvy to use it.