Uncle T, I guess i just look at it like this... I blame the company and its employee's who he was able to take information and hack into. It's because of this carelessness that we as individuals have our privacy and personal security violated in instances like this. We expect company's who we do business with to keep our information secure. No matter how you slice it, they did something wrong at some point along the road.
A Hacker, much like a Terrorist only has to get it right once. Failure on the side of the government to protect us, is unacceptable. The same applies to company's we do business with.
I simply cannot help but to look at this and say, This guy turned over the information about the vulnerability to Gawker Media... So that he could and would be paid _something_ for his discovery. Had he sent it to AT&T it would have been ignored (I have personally seen this happen HUNDREDS of times) and he would have been unrewarded for his hard work. And even IF AT&T had done something about it, you would have never known that they F**ed up
IN HANDING YOUR INFORMATION because they would have frivolously sued the shit out of this kid to get him to sign a Non-Disclosure Agreement (Again, I've actually been with a company who pulled that same shit).
I'm not saying that what happened is right, but I think that AT&T is most certainly the one to blame here.
Anyway... My security.... I keep it really simple...
Router:
- I make sure I have a complicated password on my router AND I write it down with a marker right on the router so i don't forget... I look at it like this... You have to survive coming into my house to read the password.
- I disable SSID broadcast so it doesn't broadcast the ID/network's existence.. I like to hide.
- I always turn down the broadcast power/range so that I can control how close people have to be to access my network (of course this limits my own use, but i don't care)
- I also use 802.11b... Yes it is slower, but It's also gives me a stronger signal and more reliable speed AFTER turning down the broadcast power.
- I also turn off the ability for people to PING my router and the ability to access its web interface from the Web. Again, I want it to look like nothing lives at my IP Address.
On my computer, I also keep it simple...
- I use a password on my PC's login...
- I use Eset NOD32 for my Antivirus (I do prefer the Smart Security Suite they offer)...
- For my Firewall i use COMODO, which is free... I do think the Eset Smart Security Suite is worth the money and a better program... But, to save some cash I use COMODO.
- Last but not least, I keep MalwareBytes installed (but i don't leave it running) JUST IN CASE I ever need to load into
"Safe Mode w/Networking" to get rid of some nasty stuff... At that point in time, I can update it before running it.
Beyond that, I'm just smart about what I open on my computer, what sites I visit, what programs I install. I believe in keeping it as simple as possible at home. To quote possibly the best/worst hacker in the world, "The weakest link in security has and will always be the human element. The only way to guaranty a system cannot be compromised is to unplug its power and put it into a locked room that no one has access to".
In a corporate environment you cant just "hide" like you can at home.. Which is when you employ intrusion detection systems, hardware AND software firewalls, multiple levels of access control for users, hardware spam/virus filters, anti-virus software, etc...