ff1324
Everybody Goes Home
Premium
join:2002-08-24
On Four Day | reply to coxta
Re: Sarah Palin's Yahoo Account Hacked
Um....a Yahoo email account isn't a public account. The communications of that account are personal / private.
What meets your litmus test of a non-public account? |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| reply to SUMware
I wonder if Sarah Has read these post on this site??
my two cents the kid did it the kid should be punished.
Even a kid has to know that hacking into a V.P. candidate
Which is a State Governor A federal employee.
Would be agianst the law.
Now Not saying we need to sned the kid to prison but something defantly needs to be done to send a message to all the script kiddie hacker's .
Perhaps the kid needs more direction in their life.
More guidence from the parents and not so much computer time to be doing this kinda thing.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!!The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!!!! |
|
marigolds
Gainfully employed, finally
Premium,MVM
join:2002-05-13
Saint Louis, MO
| reply to ff1324
said by ff1324  :Um....a Yahoo email account isn't a public account. The communications of that account are personal / private. What meets your litmus test of a non-public account? An account that cannot be accessed from the internet with a vpn or some other validation of the connecting computer?
--
ISCABBS - the oldest and largest BBS on the Internet
telnet://bbs.iscabbs.com
Professional Geographer
Geographic Information Science researcher |
|
ff1324
Everybody Goes Home
Premium
join:2002-08-24
On Four Day
| said by marigolds :said by ff1324 :Um....a Yahoo email account isn't a public account. The communications of that account are personal / private. What meets your litmus test of a non-public account? An account that cannot be accessed from the internet with a vpn or some other validation of the connecting computer? A closed system?
--
What do you want to do to the world, Ronald?
Burn it all.
See you next year, Ronald. |
|
marigolds
Gainfully employed, finally
Premium,MVM
join:2002-05-13
Saint Louis, MO
| Well, a closed system would be one example. I've seen a few different options in use in government. One is to require access through a vpn. Another is using hardware dongles. Even something as straight forward as having domain logins on issued laptops and require access to be a from a domain computer with the correct credentials (yeah, it can be beat, but it still makes beating it a more complicated matter).
The real problem here is not the information being accessed. Since most government records are public, there are only a few information types that would be sensitive enough to be an issue putting out over yahoo.
The real issue here is that the records are gone. The email account got hacked, someone wiped the account, and yahoo may or may not have backups (either way, the backups are out of the hands of the State of Alaska and the Governor). Government records have to be available to the public. These records are not and will not be available any time soon, if ever.
--
ISCABBS - the oldest and largest BBS on the Internet
telnet://bbs.iscabbs.com
Professional Geographer
Geographic Information Science researcher |
|
coxta
Ultramundane
Premium
join:2000-07-15
LALALALALALA
 ·Pacific Bell - SBC
1 edit | reply to ff1324
Re: Sarah Palin's Yahoo Account Hacked
said by ff1324 :Um....a Yahoo email account isn't a public account. The communications of that account are personal / private. What meets your litmus test of a non-public account? It's public in the sense that it's open to anyone and that Yahoo while it does not own the content can do anything they want with the content and that they could public ally post it if they want to. Read the TOS.
As far as I'm concerned, it's just an email account not associated with a governmental person. It's personal. To think that this merits a crime of high treason is ridiculous. It's a simple hack. Too bad it was a presidential candidate.
--
I've never been drunk, but often I've been overserved.
|
|
Littlem129
Premium
join:2007-05-13
White Pine, TN
·America Online
| reply to SUMware
I saw on my local news tonight that the FBI is investigating a University of Tennessee student for hacking into Palin's yahoo account.
»www.wbir.com/news/local/story.as···&catid=2 |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | said by the article :
(person being investigated) is the son of Mike Kernell, a Democratic state representative from Memphis. This is gonna be great; grab yer popcorn. |
|
jadinolf
I love you Fred
Premium
join:2005-07-09
Ojai, CA
·DSL EXTREME
| said by Steve :said by the article :
(person being investigated) is the son of Mike Kernell, a Democratic state representative from Memphis. This is gonna be great; grab yer popcorn. And lawn chair. 
--
This post printed on 100% recycled bytes |
|
SUMware
Premium
join:2002-05-21
| reply to Littlem129
said by Littlem129 :I saw on my local news tonight that the FBI is investigating a University of Tennessee student for hacking into Palin's yahoo account. said by Steve :said by the article :
(person being investigated) is the son of Mike Kernell, a Democratic state representative from Memphis. This is gonna be great; grab yer popcorn. This was posted on September 18, 2008 by Just Basics »Proxy used in Palin hack?
State rep confirms that son is subject of Palin e-mail chatter |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Steve
said by Steve :..... her actions don't convey any kind of self-styled internet expertise, ..... Agreed, and even if it did, I am not sure it really matters. Having ones Yahoo or Gmail account compromised, appears to cut across all levels of security and technical expertise. Admittedly, the skill level to pull it off is a variable:
quote:
Security researchers' accounts ransacked in embarrasing hacklash
13th August 2008
On Sunday morning, security consultant Alan Shimel woke to discover that his personal blog, which is frequented by countless peers and reporters, was pointing to a website featuring explicit gay porn. Equally disturbing, he found someone had cracked open his Yahoo! Mail account and aired sensitive documents he filed with the Internal Revenue Service.
Oh, and while the miscreants were at it, they sent crude pornographic images to parents on the Little League baseball team Shimel coached.
The chief strategy officer for security firm StillSecure, Shimel is one of three high-profile researchers in the security world known to have been attacked by unknown criminals over the past week. A personal Gmail account belonging to Petko D. Petkov, of the GNUCitizen ethical hacking collective, was ransacked and 2GB of its contents made public. And logs believed to come from the home blog of Security-Protocols.com researcher Tom Ferris have also been exposed.
.....
..
.... The public attacks are the latest reminder that privacy on the internet is never guaranteed, even for those whose technical skills far surpass those of the average internet denizen.
"Personally, I don't keep any personal email on any webserver," said Jeremiah Grossman, CTO of White Hat Security and the only non-victim security researcher willing to be named in this story.
....
ref:»www.theregister.co.uk/2008/08/13···argeted/
MGD |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | Surely the point to be made is that, if you keep stuff on (say) Yahoo's web server, then it is largely irrelevant how good your grasp of security might be -- it's how good Yahoo's grasp of security might be. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| said by dave :Surely the point to be made is that, if you keep stuff on (say) Yahoo's web server, then it is largely irrelevant how good your grasp of security might be -- it's how good Yahoo's grasp of security might be. Not totally.
Weak passwords & weak password reset answers are in the users domain. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| said by SnowyOne :Weak passwords & weak password reset answers are in the users domain. Agreed on the passwords.
Not agreed on the password-reset answers. You have two choices when asked for your mother's maiden name (etc.)
1) Tell the truth
2) Lie
The truth is easier to remember. You can lie and give a 'strong' answer. But then you have to remember it. So, you're in the position of having to remember a second password in case you forget your first password. How stupid is that?
The presentation certainly encourages users to tell the truth, and the truth is a bad solution. The problem here is the very existence of password reset answers. It's the equivalent to hiding the key to the bank vault underneath the welcome mat. |
|
KodiacZiller
join:2008-09-04
73368
| ZZZZZZZZZZZZZZZZZ
I am surprised this thread is still going. *Yawn*
Lesson: Don't use Yahoo or Gmail for sensitive e-mail. If you have to for some reason, encrypt your e-mail with something like PGP, and make your contacts do the same.
End of lesson. |
|
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to dave
said by dave :. . . It's the equivalent to hiding the key to the bank vault underneath the welcome mat. Your bank still has a welcome mat?  My bank's was replaced with a tin cup and a "Will take your money for free" sign crudely labeled on a piece of cardboard. I think that was about a week ago. 
And they dispensed with the key to the vault entirely.
--
Regards,
Joseph V. Morris |
|
