Comments | smarriveurr: More Palin news

smarriveurr

More Palin news

Sep 19, 2008 15:47

Not that I'm political - but I am a techie. See, if you haven't heard yet, Sarah Palin just had her email account hacked. Not her official email, mind you. Her gov.palin YAHOO email account, the one it was speculated she used in part to avoid freedom of information laws. How did these criminal masterminds gain access to the candidate for First ( Read more... )

security, politics, tech

Comments 44

(The comment has been removed)

smarriveurr September 19 2008, 20:20:29 UTC

No-one expects the Alaskan Politician!

Her chief weapon is surprise... and fear.

(The comment has been removed)

smarriveurr September 19 2008, 20:29:15 UTC

Yeah. Though I mainly stopped because, y'know, it was too accurate for comfort.

Thread 12

darkenglishrose September 19 2008, 20:49:57 UTC

HAHAHAHAHAHA too right she deserves it.
Hear hear.

smarriveurr September 19 2008, 20:51:56 UTC

Seriously. Like I said, we can laugh when Queen Ditz Paris is hacked for having stupid security... when someone who wants access to the metaphorical Big Red Button has only slightly better security... oy vey.

stephiny September 19 2008, 22:35:20 UTC

It's a case of being secure enough. For most people there is no critical issue with their yahoo account being compromised, there should be nothing in there that they really can't lose. Casual conversation emails, not business, so at worst it should be embarassing.

Some banks that offer online banking offer a USB card reader which you insert your bank card into as well as using a password. For financial transactions I think this is brilliant

The world is slowly getting smarter when it comes to security, but there is a delicate balance between what is necessary and what is too inconvenient

smarriveurr September 19 2008, 22:46:57 UTC

Well, that's just it. If this happened to Joe Q. Public, I would feel sorry for him, because his birth date, zip code, and where he went to highschool aren't national public knowledge. When it happens to a Governor and VP candidate, and they were using these unencrypted, unsecured email accounts for (possibly illegal) political purposes... well, that's a whole different matter.

That thing "some banks" do... is what all banks were supposed to be doing in the first place, for the record. Years ago, the suggestion went out for two-layer security - the "have something/know something" method I mention above - e.g., your bank sends you a little USB dongle that their system will recognize, and you log in with a password. As I recall, it was a legal requirement in the US to do two-pass security, and nicely secure, since it was unlikely a criminal could get your data and your dongle at the same time without you noticing.

That was basically deemed expensive, so what was done instead was "two-pass" know-something security - which is why, e ( ... )

stephiny September 19 2008, 23:30:33 UTC

Palin deserved what she got. It was stupid and irrisponsible and I'm pretty sure that it is illegal to use any private email address for government communications, which I think more than some of those were

Banking - I'm not too good with US law, but I'm not entirely sure what the UK law on this is either. I have a user code (something to know), a password (something to know) and a pin (something to know). I'm not impressed, but if i want to do anything other than transfer money between my own accounts I need the card reader. That makes me much happier but I would much rather need something to access my information at all.

I think there was one european country which used a list of codes for online banking. You log on and are given a code, and have to refer to your unique list to find and enter the code paired with the one on display. That is an interesting method too though I probably explained it badly

smarriveurr September 20 2008, 00:32:51 UTC

Yeah, that's part of the folderol as well. It's definitely illegal to do any state business over unsecured private email. It's considered by some that she did it to avoid the information in the emails coming to light if someone filed for disclosure - which is just dumb, because we're seeing how secure it is, and by putting it on Yahoo, again, it's available with a subpoena - or, if she were one of us lesser people, probably to anyone with a badge and a smile, these days.

The physical addition is key, to me. Yeah, it can be faked by a determined attacker, but it's more effective than asking me to enter my grandmother's first name, my favorite sports team, and the size of my penis every time I try to log in.

The simple fact is, the more complicated you make the information people have to remember to enter your site, the more likely those people are to just write it all down. Which, in turn, makes it pretty damn insecure. When I was creating passwords for my last job, I tried to make sure I could come up with secure codes that ( ... )

Thread 25

(The comment has been removed)

Re: On the email topic. smarriveurr September 20 2008, 00:17:58 UTC

Frankly, I never said they didn't. I said repubs would start bitching about how they don't and how we'd react if they did. The truth and what the republican party chooses to focus on seldom intersect.

Frankly, there's a degree to which this whole thing could be repub-engineered - because although nothing really incriminating has been found in the leaked info, Palin's people had an excuse to immediately delete her other account that she has admitted to using for business, gov.sarah. Of course, jokes on them, because Yahoo keeps backups and they can still be subpoena'd for the ethics case the repubs are trying to bury.

Naturally, however, they can now claim that the "compromised" accounts are meaningless, cuz EBIL HACKERZ!

(Me, I'm just hoping somewhere out there, Anonymous is hitting gov.sarahpalin, gov.sarah.palin, gov.palin.sarah... etc.)

Re: On the email topic. celemon September 20 2008, 13:35:23 UTC

The liberals here did something similar to the social democrats - got the password from someone, and sneaked onto the webpage to find out strategies before the election. It all ended with resignations, public embarrassment, and I think a few prison sentences.

(The comment has been removed)

Thread 11

(The comment has been removed)

smarriveurr September 20 2008, 00:23:50 UTC

This is very common when I rant. Just take deep breaths, and eventually, I'll say something stupid, and life can go on. ;)

This stuff has just been driving me up a wall for ages. In the early 90s, my Dad had an ID card from Nynex that did the rotating security code thing in a built-in digital display. 15 years ago, FFS. You're telling me I can't get a USB Proof Dongle to protect my bank account? I'd pay 5 bucks for it.

I'm not actually familiar with Beyond Fear - I may have to look it up. From my experience, you won't have nearly the influence you want to get the security you feel is necessary, but just having one person seriously considering it will vastly improve things. No system is ever 100% bulletproof, but every little bit helps convince the casual attacker to try a less secure system.