Palin E-Mail Hacker Says It Was Easy

["Richard M. Smith" <rms () computerbytesman com>]

http://blog.wired.com/27bstroke6/2008/09/palin-e-mail-ha.html

A person claiming to be the hacker who obtained access to Alaska Gov. Sarah
Palin's private Yahoo e-mail on Tuesday has posted a supposed first-person
account of the hack, revealing the relatively simple steps he says he took
to crack the private e-mail of the Republican vice-presidential candidate.

The story was briefly posted Tuesday to the 4chan forum where the hack first
surfaced. Bloggers have connected the handle of the poster, "Rubico," to an
e-mail address, and tentatively identified the owner as a college student.

As detailed in the postings, the Palin hack didn't require any real skill.
Instead, the hacker simply reset Palin's password using her birthdate, ZIP
code and information about where she met her spouse -- the security question
on her Yahoo account, which was answered (Wasilla High) by a simple Google
search.

The simplicity of the attack, of course, makes it no less illegal.

...



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.