It’s refreshing to see a public admission from a security professional regarding their own failings to remain safe from an attack.
I’ve said it before…security is hard. Keeping vigilant all the time is mentally exhausting, and the majority of the time your extra effort is for nothing.
When people in the security field open up about our failures(hard to do when you are predisposed to keeping quiet), we help everyone get better at maintaining personal security. Learning from mistakes tends to make a more lasting impression.
In the interest of continuing the discussion, here is my personal confession.
A few years ago I was ordering a pizza online. After filling in the order form, I clicked the button to continue, and I got a warning about the SSL certificate.
I see these all the time. Sometimes it’s a self-signed development machine, other times somebody screwed up a registration somewhere. So, I just clicked past the warning without looking at the details.
I saw a strange URL in the location bar…got a sinking feeling in my stomach…and that’s when I figured out that someone had probably hijacked my DNS request and stolen my credit card number.
Credit card companies have gotten pretty good at detecting fraud, so the account was quickly disabled. The only hassle for me was having to wait a few days for the new cards to arrive. Still, I should have known not to let my guard down so readily.
So, learn from my example…if something seems slightly out of the ordinary check and double-check it out before risking any of your information.