Hacking Palin’s email account
The news yesterday that VP candidate Palin’s email account at yahoo was hacked got my attention quickly. I was curious not about the information that was obtained (it was mundane) or the target (who cares?) but how someone got the data. How does someone hack into a major email service provider?
It took a little surfing and digging but I got a possible true summary of what happened from a michelle malkin blog post where she may have received a communication from the hacker. To confirm this story, one needs to understand the yahoo.com methodology for password re-setting (of which I am unfamiliar).
The hacker obtained Palin’s email address and then attempted access to the account, via the password recovery routine,
after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…[michelle maklin post; see above]
So, the implication is this hacker used some relatively manual brute search techniques to get the answers to Palin’s challenge questions: what is your birthday? what is your zipcode? and where did you meet your spouse?
If this is how it was done, I would conclude that yahoo does not have a limitation on the number of tries for successful challenge question answers. The ability to bang away with any number of answer combinations seems like a weak security feature. There is also a lesson for us all in how we select challenge questions and the answers.
E-mail address matters to spamsters
Here is a fascinating paper which seems to indicate that spam hits different email addresses at different rates; i.e., addresses starting with “a” will get more spam than addresses starting with “z”. If you want to minimize your email account’s spam propensity, start your address with a number.
Eating lobsters is good but killing them badly is bad
Being a resident of Maine and fond of eating lobsters, I found this latest blather about humanely killing lobsters before eating them as pretty idiotic: Back story: Shell shock in the NY Times magazine. I think you either believe they have constitutional rights and should be treated as full citizens (and never eaten) or you consider them good food (and how you kill them is irrelevant); believing they are good food requiring protection from cruel and unusual death suggests someone with some crossed wires or synapses somewhere.
Syrian radar disabled remotely?
We are trying to find more on a story we just became aware of: the Israeli air-strike by a group of F-16s on 6-Sept-2007 on the nuclear material development facility in Raqqa in north-central Syria was aided by a “mysterious” de-activation of Syrian air-defense radar. This assertion apparently comes from an Aviation Week & Space Technology article which may be available on-line via a third-party.
This article seems to suggest that the Israelis managed to have some of the critical integrated chips in the Syrian air defense control system “de-activated” remotely via “back door” access or secret de-activation programming features. An article in the IEEE Spectrum journal describes a variety of ways this could be accomplished and how this introduces a new era in “cyber-war.”
At first glance, it is extremely difficult to believe that a special chip or group of chips could have been designed, created and delivered to the right system project, then activated among a multiple-party chain-of-control at the right hour of a super-secret military operation.
Compromising emanations
I came upon this story via slashdot: which got it from Wired; it explains how Bell engineers and eventually US spying agencies discovered,
“Any machine that processes information — be it a photocopier, an electric typewriter or a laptop — have parts inside that emit electromagnetic and acoustic energy that radiates out, as if they were tiny radio stations.”
This is why the Soviets built us a new embassy sprinkled with eavesdropping doohickies and why US Navy divers placed sensors on underwater cables running between Soviet military installations in the Far East. While many people knew all these devices emitted bothersome EM waves (cell phones on airplanes), few understood that these signals would reveal the data being transmitted as well.
leave a comment