Friday, November 12, 2010

Wired Mag: "Sarah Palin E-mail Hacker Sentenced to 1 Year in Custody"

"David Kernell, the former Tennessee student convicted of hacking into Sarah Palin’s personal e-mail account, was sentenced on Friday to one year in custody.

Kernell, 22, was convicted earlier this year of misdemeanour computer intrusion and a felony count of obstruction of justice. The jury found him not guilty of a wire-fraud charge and hung on a fourth charge for identity theft, after four days of deliberating.

The convictions carried a maximum sentence of 20 years in custody and a possible fine of up to $250,000. Federal sentencing guidelines recommend a sentence of between 15 and 21 months in prison. The government was seeking 18 months, but Kernell’s attorney asked the court to forgo a prison sentence and give his client probation instead"

Wired Mag - Sarah Palin E-mail Hacker Sentenced to 1 Year in Custody


So why is this a story about privacy?

Two other paragraphs from this story say why:

"Threat Level broke the story in September 2008 that someone using the name “Rubico” had obtained access to Palin’s personal Yahoo e-mail account. Palin was then running for vice president on the Republican ticket. Kernell got into the account by using publicly available information — such as Palin’s birthdate and postal ZIP code — to reset the password to “popcorn” and gain control of her account."


"Although Kernell never found information in the account that was damaging to her campaign, the hack did show that Palin used her personal e-mail account to conduct official Alaska state business. Critics had accused the Alaska governor and her staff of using personal e-mail accounts to avoid public oversight."


More on the problematic activity of using Yahoo emails to avoid oversight while trying to get your former brother-in-law fired here:

Ars Technica - Palin comes under fire for using Yahoo e-mail for state biz


Here's a primer on how to avoid the secret questions trap, courtesy of Lauren Weinstein of "People For Internet Responsibility" []

Greetings. I've already discussed the hacking of Sarah Palin's Yahoo e-mail account and why that hack was both dumb and wrong ( ).

But how was this attack accomplished? Reports suggest that a youngster exploited one of the weakest aspects of account protection at many sites, the so-called "secret question" system.

The secret question (and its corresponding "secret answer") is supposed to be used for you to recover system access when you've lost or forgotten your real password. Questions like: "What is your favorite color?" or "What High School did you attend?" (that's the one that was used in Palin's case, we're told), or "What was your first dog's name?" and so on.

Supposedly the concept behind this approach is to come up with something that you know well and won't forget. The problem of course is that in many cases the answers to these questions are trivial to guess or research, as seems to have been the case with Palin's account hacker.

How to Avoid the Sarah Palin "Secret Question" Account Trap


Yeah - don't be stupid when it comes to verification questions. Sarah Palin was stupid (whether she still is stupid I will leave to your own personal observations).

So don't be like Sarah Palin.

Protect your passwords.

No comments:

Post a Comment