Hackers Access Palin's Personal E-Mail, Post Some Online

Reverend_Hellh0und · 09-18-08, 01:18 PM

Quote:

Originally Posted by Metropolis

I can only imagine how many people are trying to hack their bosses e-mails now.

We have not seen any uptick in this area on any of our clients.

American · 09-18-08, 01:33 PM

You can put lipstick on a Yahoo, but it's still a Yahoo.

ADK_Forever · 09-18-08, 01:33 PM

Here's one article on it: Hack of Palin e-mail makes case for sticking with .gov account

In addition to making passwords more secure (upper and lower case letters, #s, special chars, no words assoc'd with you, 8+ length) this should also be a lesson on those secret questions used to reset passwords. Select answers that aren't true but, that you'll remember. Write them down and file somewhere in case you need them.

I wonder if many will make their computer accounts more secure from this story? Anyone for an over/under bet?

Kernel Sanders · 09-18-08, 01:51 PM

Quote:

Originally Posted by ADK_Forever

Select answers that aren't true but, that you'll remember. Write them down and file somewhere in case you need them.

Good idea - I may start doing that, although I somehow doubt that it is necessary for your average joe. Palin was specifically targeted, which is hard to fight against. Most of the account security techniques are to guard agains brute-force attacks

PeteEU · 09-18-08, 01:59 PM

Quote:

Originally Posted by scourge99

First off, I'm a software/computer engineer.

And I have been involved in computers since 1979.

Quote:

Furthermore I have experience and expertise with software secruity. Let me debunk your egotistical falsities.

Oh lets see.

Quote:

Wrong. Trojans can be very hard to detect as well as most other malware. Sometimes near impossible. Virus scanners are of limited use because of the way in which they "detect". You can be infected right now and not even know it. In fact, if you use the internet and download a lot or visit random websites often you probably are infected with some type of malware.

So you are saying that all the security software, free and pay versions are just junk and do not do anything!? Do you want us to stop using them or something? Do you also have unprotected sex with strangers?

Listen, the harmful viral community is always a step ahead of the anti viral community, that's how it is. But if you have some expertise with security, then you would be promoting as much anti spy/malware as possible and promote not going on to "suspect sites" and downloading stuff or clicking on files in emails. Funny how you do not mention that, but instead go head on in how "hard" it is to detect trojans and what not.

Do you really think that she was targeted with some new super dupper trojan that the anti viral software available on the market does not know about? Chances are, if it was a trojan, it would be a known entity, and that she like so many many many people had no anti spy/malware software installed, and if she had it was probably not updated. If you are a person with some expertise in the security aspect you would know that a huge portion of "normal" people do not live up to the basic security recommendations that the industry recommends. I see it every day btw, people not having updated anti viral, anti spy/malware and even Windows machines, and they wonder why their mouse moves across the screen on its own.

Quote:

Computer security is never 100%. EVERYTHING is vulnerable. Some things are just better protected or carefully watched over such as banking centers. Email servers? Pfff, they care only enough to keep your business. G Mail is notoriously easy to steal passwords for because of the poor security measures taken, at least it was a few years ago.

Yes computer security is never 100%, I never claimed that and will never claim that. However there are some systems that are more secure than others, and I would wager that Palin's computer is not as secure as Yahoo's systems. If Yahoo had issues, do you not think we would have heard about it?

As for GMail. It is still in beta, and if you knew just a bit about it, you would know that it was started in 2004 (that's 4 years ago), and was only on an invite bases until last year when it was opened up to all. Yahoo has been around for far longer. Any vulnerability in Gmail that I know of has been corrected. However I am also anti online mail systems for anything important as its too risky.

Quote:

blind accusation.

Is it? If you were involved in the computer security industry, you would know that one of the biggest vulnerabilities is passwords not being complex enough and easily guessable. By guess, with out looking at the recent revelations, is that this is what made the "hacker" get in. She probably had a childs name in the password or something similar. And don't tell me people do not do that. I busted my own father, who has been involved with computers longer than me, having a password consisting of my name and another family member. And he still hears about it, 10 years after the fact.

Quote:

I didn't see any official state business in the e-mails. Did anyone else? No documents, no confidential policies, nothing proprietary. Merely personal opinion and talk. THAT'S CALLED PERSONAL EMAIL!

Oh so you admit reading all 11.000 emails, not to mention possible committing a crime?

Quote:

Anyone else want to blindly comment on what they THINK they know about computer security?

Well you surely do not know much, or are so blinded by partisanship that your professional judgement is impaired.

scourge99 · 09-18-08, 02:03 PM

Quote:

Originally Posted by Kernel Sanders

I'm a CompE CompSci student with no real experience, but I still disagree with you on a couple of points

Bring it!

Quote:

True, but trojans tend to be widespread attacks. It's generally pretty difficult to get a targeted person infected

Depends on your delivery method. Yes, most trojan infections are random because the malware is simply attached to a public file but I can just as easily load a trojan on your comp via flashdrive, cd just by plugging it in. Also, email works great. Or if I'm feeling bold I can try port accesses or buffer overflow methods from know bugs in programs on your PC (java programs, jpegs, gifs, word files, etc). Possibilties are endless especially for social engineering attacks.

Quote:

Also true, but kinda off the mark. I seriously doubt that somebody took the effort and risk to penetrate yahoo's servers just to get at Palin's non-work email account.

I doubt it too. But there are other easy methods. Most email browsing is NOT encrypted (IE its not https or the router your using doesn't encrypt its wifi). This means that if you log onto your email with your wireless connection I can easily sniff your packet off the air and voila, thanks for your password and username.. We proved this effective against gmail accounts at ASU.

Quote:

I'm fairly confident that this guy didn't have access to yahoo's servers at any point

I doubt it too.

Quote:

Except that he was right. The password was 'popcorn.' Dictionary word, no caps, pretty short, nothing besides letters. Still, a weak password is probably not the attack vector

From the Ars article (admittedly unsubstantiated, but plausible), the guy used yahoo's lost password feature, along with personal info pulled from google to gain access. Trojans and hacking yahoo are certainly possible but pretty unlikely especially considering that the weak link is the nature of passwords. People forget them, and need a way to recover them. After that it's all about convincing yahoo that you know enough about Palin to plausibly be palin.

I was never implying what method was used. I'm merely debunking Pete's assertions that
1) Only idiots get hacked
2) Everything is safe in "secure" software.

Hatuey · 09-18-08, 02:08 PM

Well....at least...... she proves she's a Republican by trusting business and not the government.

JMak · 09-18-08, 02:10 PM

Quote:

Originally Posted by ADK_Forever

It's the Patriot Act that is unconstitutional and scares the hell out of people who value their civil rights.

A lot of things scare the hell out of a lot people. That doesn't make their fear rational and reasonable.

I recall many people being scared to death that the Patriot Act somehow threatened their library records. Of course, the Patriot Act didn't change anything in regard to library records.

I recall that recently people expressing fear of Palin because she supposedly banned books and fired a librarian for not banning books. Of course, Palin neither banned books or fired a librarian for not banning books.

Quote:

Haven't heard.

Well, then, why are you asking anything about a position you have no idea about?

Quote:

It could use some tweeking to get a faster reply but, it's been working fine.

Ok.

Quote:

???

It seems that within your comments there was a suggestion that FISA was bad law because you questioned whether Palin would change her mind on that law because of this incident and the only reason she might change her mind based on this incident is that this incident could be perceived as demonstrating the threat of arbitrary eavesdropping aka as Bushevism's.

Quote:

The current FISA law doesn't scare people.

Ok. I think I get it now. You really meant Patriot Act when you referred to FISA.

I'm new so I'm slow, I guess.

American · 09-18-08, 02:14 PM

Quote:

Originally Posted by PeteEU

And I have been involved in computers since 1979.

Yup, you were an expert before Bill Gates was even born. Back in those days you had to walk barefoot through the snow to the computer room, up hill both ways.

Frolicking Dinosaurs · 09-18-08, 02:17 PM

Quote:

And I have been involved in computers since 1979.

::: Dino remembers punched cards & saving data on cassette tapes - runs screaming from thread :::

09-18-08, 01:33 PM	#122
American Constitutionalist Join Date: Mar 2006 Last Seen: Yesterday 05:27 AM Location: VA Posts: 14,786 Thanks: 2,994 Thanked 2,956 Times in 2,051 Posts Lean: Conservative Gender:	Re: Hackers Access Palin's Personal E-Mail, Post Some Online You can put lipstick on a Yahoo, but it's still a Yahoo.
	__________________ "Laws are made for men of ordinary understanding and should, therefore, be construed by the ordinary rules of common sense. Their meaning is not to be sought for in metaphysical subtleties which may make anything mean everything or nothing at pleasure." -- Thomas Jefferson יהוה

09-18-08, 01:33 PM	#123
ADK_Forever Guru Join Date: Sep 2008 Last Seen: Yesterday 10:06 PM Posts: 2,930 Thanks: 772 Thanked 753 Times in 552 Posts Total Awards: 1	Re: Hackers Access Palin's Personal E-Mail, Post Some Online Here's one article on it: Hack of Palin e-mail makes case for sticking with .gov account In addition to making passwords more secure (upper and lower case letters, #s, special chars, no words assoc'd with you, 8+ length) this should also be a lesson on those secret questions used to reset passwords. Select answers that aren't true but, that you'll remember. Write them down and file somewhere in case you need them. I wonder if many will make their computer accounts more secure from this story? Anyone for an over/under bet?

09-18-08, 02:08 PM	#127
Hatuey Young Money Millionaire Join Date: Oct 2006 Last Seen: Today 01:08 AM Posts: 17,059 Thanks: 4,410 Thanked 4,917 Times in 2,983 Posts Lean: Liberal Gender: Total Awards: 1	Re: Hackers Access Palin's Personal E-Mail, Post Some Online Well....at least...... she proves she's a Republican by trusting business and not the government.
	__________________ Is Intolerant Because He Won't Let The Intolerant Run Other People's Lives.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

LinkBacks (?) LinkBack to this Thread: http://www.debatepolitics.com/archives/36369-hackers-access-palins-personal-e-mail-post-some-online.html
Posted By	For	Type	Date
Son Of Tennessee Democratic State Representative Mike Kernell Hacked Into Palin’s E-mail \| Right Voices	Post #26	Pingback	09-18-08 04:52 PM
Michelle Malkin » The story behind the Palin e-mail hacking	This thread	Refback	09-18-08 02:17 PM