Palin's hacked e-mail: Lessons to learn
Republican vice-president candidate Sarah Palin learned a lesson that many of us often forget: The Web isn't safe.
A hacker was able to get into Governor Palin's Yahoo Mail account through the "reset password" feature, which allows users to retrieve or change their login password if the user can confirm their identity with personal information—their birthday, spouse's name, etc. As some news outlets have reported, Palin's cyber-attacker was able to easily fool Yahoo by finding such information about the politician online.
But a word of warning: Celebrities and politicians aren't the only ones who are vulnerable to such hacker tricks. With an increasing number of people posting personal information on Web sites such as Facebook, MySpace and blogs, nearly anyone can fall victim to such online account hijacks. One security expert noted how he used such trickery on a friend (with permission) to successfully gain access to that person's e-mail—and many other online services, such as that person's bank accounts. (Read his account, "How I Stole Someone’s Identity," on Scientific American.)
To avoid becoming a victim like Sarah Palin, follow these simple tips:
- Choose your security questions—and answers—carefully. Avoid those that ask for answers that might be easily obtained or guessed. Birthdays, home addresses and spouses' names might be obtained through various sources, including government Web sites where such information might be available as part of official "public records."
- Use strong passwords. These are codes that contain a mix of numbers, letters and special characters. Such pass-phrases don't have to be hard to remember, either. "1Mgr8@th!s" looks like gibberish, but you'll easily remember it if you think of it as "I'm great at this."
- Don't use the same password for all your logins.
- Avoid using public computers to check Web accounts. These public PCs—ones at an Internet café or public library—might contain "keyloggers" or software programs that record where users go online and what they type.
- Don't use unfamiliar public WiFi hotspots.
TheyAccess points not clearly associated with a nearby business offering suchdummywireless services can be dangerous traps set up by hackers, looking to capture login IDs and passwords. But even if you do use a trusted public WiFi hotspot, don't use it to check your e-mail or conduct other sensitive online business. - Turn on your home WiFi's security. Enable WEP protection and other security protocols to prevent any outside computers from joining your home network—and possibly installing spyware on your home computers. If you don't, every word you send can be easily seen by anyone nearby with a laptop and some freely-available software.
For more online safety and ID theft prevention tips, see our free online security information center. And read our 7 online blunders report to learn of other unsafe practices to avoid.
—Paul Eng
Posted by: Amrendra | Sep 24, 2008 8:16:18 AM
This is one of the most ridiculous factors with internet today. When the time will come when users can be ensured for 100% online security.
Posted by: Derrick G | Sep 22, 2008 2:48:04 PM
And remember if your employer is providing an account to conduct official business with, use it. It's likely to be much more secure than a free account such as Yahoo! and many companies have policies that require the use of the company's system because it's more secure and also because of the appearance of unethical conduct that using a personal account could created. You could be setting yourself up to be fired or setting the company up for a lawsuit if you don't follow policy.
Posted by: Larry Gross | Sep 20, 2008 8:56:50 AM
Strong passwords are relatively easy to do but most folks are too unimaginative to do so.
For instance, a password could be the date of your birth plus the date of your marriage, graduation or any other significant event in your life.
You then combine them AND you use the actual month so instead of 92480 - you would use 24SEP80 or even better 80SEP24.
The trick is to use something that only you can remember - not only the date itself - but how you chose to represent it.
Same deal if you're going to do your spouses Name as a security question.
don't use "George" - use his nickname plus incorporate the date of his birth or of your marriage, etc into the password.
What happened to Palin - can happen almost to anyone now days of GOOGLE searches where someone can pretty easily figure out who you are and relatives, etc, but what they cannot figure out near as easy is the dates of significant events in your life - represented in such a way that only you know how you chose to represent.
Posted by: mason | Sep 19, 2008 10:48:23 PM
never use WEP. It can be cracked by freely available tools in about a minute. Always use WPA wireless encryption.