- 1,000 firefighters called to battle stubborn Big Sur wildfire
- Black Friday brouhaha: Millions of Target shoppers hit by credit card theft
- Britain orders airplane to rescue citizens from violent South Sudan
- Mega Millions winner emerges as Georgia mom, in ‘disbelief’
- ‘Duck Dynasty’ Phil Robertson suspended ‘indefinitely’ for gay comments
- John Podesta eats crow: ‘I apologize to Speaker Boehner’
- U.S., China race to finish line on ‘invisibility cloak’
- Obama ‘cavalier’ in hiding foreign aid order, judge rules
- Prince Charles: Muslims are driving Christians from Mideast through persecution
- Gitmo’s first commander: Close the prison down
SHEFFIELD: Hacking of Palin’s e-mail reveals how easy it is
Question of the Day
As FBI agents close in on the computer hacker (said to be David Kernell, son of Democratic Tennessee state Rep. Mike Kernell) who broke into the private e-mail account of Republican vice-presidential nominee Sarah Palin, one startling aspect of the case has emerged - just how easy it was to compromise.
Like many people, Mrs. Palin uses a “webmail” service to send and receive e-mail messages through the Internet.
Since the late 1990s, webmail sites of Yahoo, Microsoft, Google and America Online have attracted hundreds of millions of users through convenient access and free pricing.
Webmail has one important flaw, however, and that is that anyone on the Web can try to get access to your account information.
In the past, attacks on people’s e-mail accounts have relied on computer viruses or programs designed to illegally obtain information. A more sophisticated technique, so-called “phishing,” involves tricking someone to disclose voluntarily their passwords or credit cards through fake Web sites.
In the Palin case, the person who broke into her account did not have anything to do with the computers she uses on a daily basis. Instead, the hacker used a flaw in Yahoo’s webmail service that requires all Yahoo users to secure their accounts through easily obtainable information such as a pet’s name, where you met your spouse, or what your high school mascot was.
While that may seem like personal information, it actually isn’t. Someone with even a casual knowledge of your personal life in many cases could complete that information, as could someone with some time on his hands.
Throw in Google, Facebook, MySpace and personal blogs, and there is a lot of information out there about many of us. A malicious person finding that out would then be able to change your password and have full access to your account.
That’s exactly what happened to Mrs. Palin. Her information was even easier to get since it already had been reported by the news media, as journalists have dug into her background to inform the public. (A similar incident happened to singer/reality television star Paris Hilton in 2002.)
We know all this because the hacker, using the pseudonym “rubico” that the Web site ZDNet linked to Mr. Kernell, told all of this in a posting to a Web bulletin board in which he disclosed how he broke into Mrs. Palin’s account.
It took all of 45 minutes. The hacker was able to reset Mrs. Palin’s password by finding out her birthday, ZIP code and where she had met her husband, Todd.
For someone whose personal life isn’t so public, it would take longer, but it can still be done.
That’s a problem. One that Yahoo owes it to its users to fix.
The best way to do this would be to allow people to specify their own security questions rather than choosing from a list of too-easy queries. Instead of asking your dog’s name, you should be allowed to ask much more personalized questions.
In the meantime, if you’re currently a Yahoo e-mail account holder, there are several things you can do to improve the security of your information:
• Link your account to another one. If you forget your password with your Yahoo account, you can have your password reset instructions e-mailed to your other e-mail address, instead of being asked the default generic questions.
• Answer the questions with a number. If you must answer that your dog’s name is Rover, set up the answer as Rover99 instead. That makes it harder for a would-be attacker to get in.
• Use a synonym. Instead of saying “Rover,” type in a description of your dog. Just make sure to remember it exactly as you typed it in if you ever need to remember.
If none of the above proves satisfying, you can always switch e-mail providers. Gmail, the e-mail service offered by Google, allows you to specify your own password-hint questions as does Microsoft’s Windows Live service.
• Matthew Sheffield is a Web consultant and creator of NewsBusters.org. E-mail: email@example.com.
About the Author
By Andrew P. Napolitano
Fourth Amendment says Obama is not at liberty to collect metadata
- U.S. Army mulls wiping out memory of Robert E. Lee, 'Stonewall' Jackson
- Half of America strips religion from Christmas
- Gov't wasted $30 billion on 'pillownauts,' crystal goblets -- buying human urine!
- BOLTON: Nero in the White House
- Sen. Max Baucus: Obamas choice for China ambassador
- Obama's own panel rips NSA spying on phone calls of Americans
- President gets budget win -- but only by staying out of negotiations
- Armed response, not restrictive gun laws, brought swift end to school shooting
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- NAPOLITANO: NSA spies pick up interference from the Constitution
Independent voices from the The Washington Times Communities
Covering the world of soccer, including the World Cup, Major League Soccer, D.C. United and the English Premier League and other interesting sporting events.
Lists of top ten movies, songs, funny moments, fashion statements, automobiles, children's names, stupid celebrity moments, first dates, last dates, weddings, and much, much more.
Right-brain investing in a left-brain world. You can do it. I can help.
News and views on the Civil War.
Top 10 handguns in the U.S.
Extraordinary day at Redskins Park
White House pets gone wild!
Let it snow