« StillSecure secures an IQ award | Main | More frustrations with web infrastructure »

August 16, 2008

Our web infrastructure needs to be at public utility levels

This is going to be the first in a series of posts I am going to write about my experience in recovering from the recent attack against me. Many people have asked me "what do you do if this happens to you".  Well first of all it helps to have a team like the StillSecure Security Alert Team (SAT).  In particular, Brad Doctor, the director of our SAT was my rock during this whole ordeal.  Brad quickly saw the full scope of the attack against me and guided me in my steps.

First thing was to take care of financial exposure.  Getting your credit and debit cards canceled is relatively easy. You get on the phone and just about every financial institution had an option for lost or stolen cards or other fraud.  Within a half hour or so that is taken care of.  The card companies will send you out new cards and credit you for any charges on your accounts. Protecting your credit and identity financially speaking was fairly easy as well. There are any number of firms that offer great services in locking down anyone trying to open accounts in your name or social security number. I will give more details on who I choose on this in a later article.

Next Brad had me cleaning out my own computer and my online identity.  I wish that this was easy as protecting my financial exposure. The fact is our web infrastructure that so many of us depend on is just not up to the challenge.  The shame is that at this point in time web companies are almost utility like.  If something happens to your electric or water or cable, you can pick up a phone and eventually get someone on a phone to help you. Not the case with our web utilities.  They are set up for volume and scale, but not customer support in emergency time frames.  The standard response in contacting any of the web companies was an auto-generated reply that someone would email me back in 24 to 72 hours or more! When you are dealing with an emergency, you are locked out of your accounts and your identity is being stolen and abused, that is just not good enough.

As I have written earlier, I was lucky in that I was able to call on people to help me out.  For instance my friends at FeedBurner/Google, Matt Shobe and Dick Costollo, quickly took control of my FeedBurner accounts, including the SBN feed.  They were also to get someone live at Typepad to allow me to take back the blog.  This took more time than it should have though.  Until the Feedburner reached out to someone, the Typepad support team just kept sending a new password to mailboxes that the attackers controlled, even though I was mailing them from my stillsecure mail box! You could not get any of these people on a phone.  Very frustrating!

In any event, if you don't know anyone with some "juice", you have to go through the process.  You can keep sending emails. I think it is important that you write full emails that really explain the gravity of the situation.  Eventually when a live person looks at it, it does help.

But all in all, generally once I was able to get a live person on the phone, I was able to undo some of the damage done.  Our web providers like Yahoo, Microsoft, Google, etc. need to have emergency phone numbers that people can use for these type of situations!  However, even having a phone number does not guarantee success.  In the case of Go Daddy, it was just the opposite. In fact Go Daddy can be the hackers best friend!  More about that in my next post.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Our web infrastructure needs to be at public utility levels:


My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.


Lijit Search

Blog powered by TypePad
Member since 10/2005