jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to dave
Re: Sarah Palin's Yahoo Account Hacked
said by dave  :. . . It's the equivalent to hiding the key to the bank vault underneath the welcome mat. Your bank still has a welcome mat?  My bank's was replaced with a tin cup and a "Will take your money for free" sign crudely labeled on a piece of cardboard. I think that was about a week ago. 
And they dispensed with the key to the vault entirely.
--
Regards,
Joseph V. Morris |
|
KodiacZiller
join:2008-09-04
73368
| reply to dave
ZZZZZZZZZZZZZZZZZ
I am surprised this thread is still going. *Yawn*
Lesson: Don't use Yahoo or Gmail for sensitive e-mail. If you have to for some reason, encrypt your e-mail with something like PGP, and make your contacts do the same.
End of lesson. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to SnowyOne
said by SnowyOne :Weak passwords & weak password reset answers are in the users domain. Agreed on the passwords.
Not agreed on the password-reset answers. You have two choices when asked for your mother's maiden name (etc.)
1) Tell the truth
2) Lie
The truth is easier to remember. You can lie and give a 'strong' answer. But then you have to remember it. So, you're in the position of having to remember a second password in case you forget your first password. How stupid is that?
The presentation certainly encourages users to tell the truth, and the truth is a bad solution. The problem here is the very existence of password reset answers. It's the equivalent to hiding the key to the bank vault underneath the welcome mat. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to dave
said by dave :Surely the point to be made is that, if you keep stuff on (say) Yahoo's web server, then it is largely irrelevant how good your grasp of security might be -- it's how good Yahoo's grasp of security might be. Not totally.
Weak passwords & weak password reset answers are in the users domain. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to MGD
Surely the point to be made is that, if you keep stuff on (say) Yahoo's web server, then it is largely irrelevant how good your grasp of security might be -- it's how good Yahoo's grasp of security might be. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Steve
said by Steve :..... her actions don't convey any kind of self-styled internet expertise, ..... Agreed, and even if it did, I am not sure it really matters. Having ones Yahoo or Gmail account compromised, appears to cut across all levels of security and technical expertise. Admittedly, the skill level to pull it off is a variable:
quote:
Security researchers' accounts ransacked in embarrasing hacklash
13th August 2008
On Sunday morning, security consultant Alan Shimel woke to discover that his personal blog, which is frequented by countless peers and reporters, was pointing to a website featuring explicit gay porn. Equally disturbing, he found someone had cracked open his Yahoo! Mail account and aired sensitive documents he filed with the Internal Revenue Service.
Oh, and while the miscreants were at it, they sent crude pornographic images to parents on the Little League baseball team Shimel coached.
The chief strategy officer for security firm StillSecure, Shimel is one of three high-profile researchers in the security world known to have been attacked by unknown criminals over the past week. A personal Gmail account belonging to Petko D. Petkov, of the GNUCitizen ethical hacking collective, was ransacked and 2GB of its contents made public. And logs believed to come from the home blog of Security-Protocols.com researcher Tom Ferris have also been exposed.
.....
..
.... The public attacks are the latest reminder that privacy on the internet is never guaranteed, even for those whose technical skills far surpass those of the average internet denizen.
"Personally, I don't keep any personal email on any webserver," said Jeremiah Grossman, CTO of White Hat Security and the only non-victim security researcher willing to be named in this story.
....
ref:»www.theregister.co.uk/2008/08/13···argeted/
MGD |
|
SUMware
Premium
join:2002-05-21
| reply to Titus Pullo
said by Titus Pullo :Someone shoot me. I take that back ... someone probably would!  Yes, probably Dick Cheney. |
|
Titus Pullo
I came, I saw, I slept
join:2004-06-26
·Embarq
| reply to SUMware
Of course. It's either stinking, rotten political skullduggery or subterfuge. Either way, the public will never know. Caribou Barbie walks away and is still one heartbeat from leading the nation. Someone shoot me. I take that back ... someone probably would!
-- |
|
SUMware
Premium
join:2002-05-21
| reply to Titus Pullo
said by Titus Pullo :Anyone believing anything about this or troopergate needs desperately to buy my bridge to nowhere for pennies on the dollar This is simply too convenient to pass any smell test known to people maintaining a modicum of common sense. palin.gov@yahoo.com + official state business / hacked = pure unwiped ass. -- Interested readers can follow the developing 'Troopergate' coverage from the Anchorage Daily News:
Campaign fields Palin questions September 18th, 2008
MCCAIN STEPS IN: Questions about her now go to national operatives.
GOP vice presidential candidate Sarah Palin is effectively turning over questions about her record as Alaska's governor to John McCain's political campaign, part of an ambitious Republican strategy to limit any embarrassing disclosures and carefully shape her image for voters in the rest of the country.
Inquiry into Monegan dismissal heats up September 18th, 2008
Partisan diversion - Palin counterattacks instead of answering Troopergate questions September 17th, 2008 |
|
Titus Pullo
I came, I saw, I slept
join:2004-06-26
·Embarq
| reply to Steve
said by Steve :said by Its a Secret :[By thinking she can get away with using a Yahoo account for official biz. Illegal and stupid. Thank you for telling us that you don't expect to be taken seriously; her actions don't convey any kind of self-styled internet expertise, so this is just partisan nonsense. The most telling thing about this episode is that there's not any real "dirt". How many of us could have our private emails revealed to the nation without telling everybody much more about ourselves than we'd be comfortable with. Yup, yup.
And how many of us are a US state Governor now running for VP?
Give it a break. Anyone believing anything about this or troopergate needs desperately to buy my bridge to nowhere for pennies on the dollar
This is simply too convenient to pass any smell test known to people maintaining a modicum of common sense.
palin.gov@yahoo.com + official state business / hacked = pure unwiped ass.
-- |
|
supergirl
join:2007-03-20
Pensacola, FL
 ·Cox VOIP
·Skype
·Cox HSI
·AT&T Southeast
·magicjack.com
| reply to Steve
An update:
The hacker got spooked and shut down his computer, deleted everything, and disconnected his Internet. He wanted to download everything and zip file it and put it on rapidshare.com. He tried to get "anonymous" to do it and he informed Ms. Palin's friend after changing her password. He's really upset with "anonymous". LOL!
--
Saving the world keeps me busy. However, I find Earth very primitive from my home planet of Krypton.
-Supergirl |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| reply to Steve
said by Steve : ... so this is just partisan nonsense. Sorry Steve, but I live in Canada and can't vote in the US, I have zero to gain. Insofar as my being taken seriously, I have to laugh at that. It WAS stupid and is illegal. but if you're cracking at me for the 'self-styled' remark, well, keep hitting it.
--
"In the future, that which is not mandatory will be illegal" |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to Its a Secret
said by Its a Secret :[By thinking she can get away with using a Yahoo account for official biz. Illegal and stupid. Thank you for telling us that you don't expect to be taken seriously; her actions don't convey any kind of self-styled internet expertise, so this is just partisan nonsense.
The most telling thing about this episode is that there's not any real "dirt". How many of us could have our private emails revealed to the nation without telling everybody much more about ourselves than we'd be comfortable with.
I assume that everybody involved in high-level politics - Gov. Palin and Senators McCain, Obama, and Biden, all say things in private that would be really damaging if brought to light.
Steve — off to tidy my outbox
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
Its a Secret
Whatever
Premium
join:2008-02-23
U B Funny
·Shaw
| reply to Steve
said by Steve :How does she style herself as an internet expert? By thinking she can get away with using a Yahoo account for official biz. Illegal and stupid.
--
"In the future, that which is not mandatory will be illegal" |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA | reply to Its a Secret
How does she style herself as an internet expert? |
|
