It was a busy week in IT security, starting with news that Gawker Media had been compromised.

The hack on Gawker Media’s servers exposed e-mail addresses and passwords belonging to users of Gawker Media Websites, including Lifehacker, Gizmodo, Deadspin, and obviously Gawker.com itself. The incident highlighted issues of password security, as many people who used the same password for both their and Twitter Gawker accounts fell victim to a spam attack on Twitter.

According to an analysis by Duo Security, many of the passwords being used were simplistic; the most common passwords were “123456″ an “password.”

“(The) No. 1 best practice is never use a word that can be found in the dictionary,” Richard Stiennon, chief research analyst at IT-Harvest, told eWEEK. “A simple way to create a hard-to-guess password is to use the first letter of each word in a phrase. ‘When IT Rains it Pours’ becomes WIRIP. Add a number to make it eight characters long – WIRIP421. Change the “I” to “!” and you have a pretty strong password you can remember: W!R!P421.  Do that for sites you pay for and ones that are important to you.”

In response to the incident, Gawker said it would work with outside security pros to improve security and maintain “a reliable level of security.”

While Gawker dealt with the fallout from the attack, the open source community dealt with some security controversy of its own. News broke this week that Gregory Perry, now CEO of GoVirtual Education, had accused the FBI in an e-mail to OpenBSD founder Theo de Raadt of putting backdoors and side-channel key leak mechanisms into the OpenBSD Cryptographic Framework roughly a decade ago. However doubt has been cast on his allegations, as at least one developer he accused of involvement denied having any ties to such a plot, and others called the accusations unlikely.

“I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF),” Jason L. Wright, one of the men Perry accused, wrote in an e-mail to the OpenBSD mailing list. “The code I touched during that work relates mostly to device drivers to support the framework. I don’t believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes).  However, I welcome an audit of everything I committed to OpenBSD’s tree.”