Not entirely innocent, are we?

While government leaders debate a Wall St. bail-out and everyone else decries the greedy bankers, some of the basis of this “crisis” can be discovered by looking in the mirror: see Hanson’s article in RCP.

Financial meltdown: What to do now?

I like this article from NYT (Taking control of your financial risks) for advice on what people should be doing during the current financial market turmoil.

To summarize:

• if you are not close to retirement: you have to stay in the stock/bond markets; maintaining a high percentage of your retirement holdings in cash or near-cash (i.e., money-market fund accounts) is too risky …
• if you are close to retirement, you still need to keep your portfolio in stocks/bonds; if you are nervous about the future of capitalism or the markets near term performance, adjust your stock/bond – cash mix only slightly; don’t go whole hog into cash
• if you are in retirement, focus on controlling what you can: your spending habits. Cut down on those expenses in support of your kids or grandchildren; stop eating out; cut back on some of the luxuries of your retirement years (if you have any)

Hacking Palin’s email account

The news yesterday that VP candidate Palin’s email account at yahoo was hacked got my attention quickly.  I was curious not about the information that was obtained (it was mundane) or the target (who cares?) but how someone got the data.  How does someone hack into a major email service provider?

It took a little surfing and digging but I got a possible true summary of what happened from a michelle malkin blog post where she may have received a communication from the hacker.  To confirm this story, one needs to understand the yahoo.com methodology for password re-setting (of which I am unfamiliar).

The hacker obtained Palin’s email address and then attempted access to the account, via the password recovery routine,

after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)

the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…[michelle maklin post; see above]

So, the implication is this hacker used some relatively manual brute search techniques to get the answers to Palin’s challenge questions: what is your birthday? what is your zipcode? and where did you meet your spouse?

If this is how it was done, I would conclude that yahoo does not have a limitation on the number of tries for successful challenge question answers.  The ability to bang away with any number of answer combinations seems like a weak security feature. There is also a lesson for us all in how we select challenge questions and the answers.

An overview of the Wall St.meltdown – so far

I like this posting from the NYTimes Freakonomics blog empire (9/18/08): economists Diamond and Kashyap recap how we got to the sublimation of Bear Stearns, the nationalization of the mortgage enablers Freddie and Fannie, the decapitation of Lehman Bros., the take-out of Merrill Lynch, and the socialization of AIG.

It is short on who might be next, specifically, but it is becoming more clear that the people of the US, through the government-that-we-deserve, will end up paying for this.