Domain security : Password protect your USB drive

When traveling, whether it’s to attend domain name conferences or for leisure, make sure all your digital devices are safe and secure.

At the turn of the new year, I took a trip to Puerto Rico; a great place, where the food is delicious and the people and island waters are warm year-round. A rocky earthquake finale brought back memories from Greece, but that’s part of life’s experiences; to awaken one’s senses fully.

On my flight to San Juan I found a shiny USB drive on the floor, as soon as I sat down. I put it in my backpack and forgot about it for the rest of the trip. After all, I had lovely company to keep me occupied, and a family party to attend on New Year’s eve.

Upon returning home, I plugged the USB drive in my computer, and by a quick look of the filenames the stick was important to whoever had lost it. Financial documents, other records, some photos, and a file named “GO DADDY.docx” – the latter I went ahead and opened.

It contained detailed information on a domain name, its server IP, account, and a very insecure password. The two page document pointed me to the domain name, used by a non-profit company in Texas. I typed in the domain and was able to confirm the name of its founder, and retrieve his contact information.

After a couple of days of reaching out via phone, text, and email, I heard back with a thank you. The unprotected USB drive is being mailed back to the owner’s address, and there’s a lesson right there.

All this proprietary information would have been at stake in the wrong hands. Luckily, it was me, and the data is being returned.

Such information should be on an encrypted USB stick, or at the very least, zipped up with a password. It should not be left around exposing domain information, registrar and hosting credentials, or anything else for that matter.

Here’s a tutorial on how to encrypt a USB stick under Windows. If you have a Mac, go here.

Safe travels, for you and your domain data.

 

Comments

  1. I’d be concerned that the “lost / dropped” USB drive could be a ploy or a trap = plug it in and a Trojan now sits somewhere on your computer.

  2. Jeff – The drive was scanned by my antivirus/antitrojan software the moment it was plugged in. But that gave me a great idea: make a “domains for sale” list and “forget” them on airplanes. Who knows, a sales lead might come from that mindless dispersion of shiny USB drives!

  3. Actually the USB key could have been packed with an HID attack (think keyboard emulation à la Rubber Ducky) or something else – it’s not something the AV can really detect. Beware ‘lost’ USB keys 🙂

  4. Kate – I agree that the risk of such an attack is possible, e.g. via free USB drives at conferences or via the mail even (e.g. product samples.) I considered the incident safe enough to check out the drive’s contents on my sandboxed PC.

Speak Your Mind

*