Palin's Email "Hacker" Found
September 23, 2008
From the thats-not-hacking-department and Slashdot: The person responsible for breaching Sarah Palin’s private email account has been found.
[Slashdot] discussed the breach last Wednesday, shortly before a message from the hacker, a University of Tennessee-Knoxville student, posted a message detailing his methods. Wired has a story examining the potential legal consequences for the hacker.
Like I said, that’s not hacking, that’s guessing – read the “detailing his methods” link for the gory details.
Palin’s biggest mistake was assuming that Yahoo was even remotely secure. Her second mistake was providing a researchable answer for Yahoo’s password reset “challenge and response” question and answer pair.
For example, the next time you have to “give the name of your elementary school” as a challenge, you should give a completely nonsensical or non-researchable answer that only you would know (like “trickle-down economics with a cherry on top”). Once you’ve done that then you should stash both the question and the answer in a PasswordValet file for future reference.
That way, nobody can research and/or guess your answer and take control of your account. To accomplish that, all they’d have to do is hoover the local wireless access point if you’re using Yahoo, Hotmail, AOL and possibly even Gmail.
But that’s another topic unto itself.
