-
September 19th, 2008, 07:00 PM
#1
Palin Email Hack Was "Easy"
Hacking Sarah Palin's Yahoo mail account was easy, exposes shortcomings in password recovery mechanisms.
Attacker: Hacking Sarah Palin’s email was easy - Zero Day Blog, ZDNet.com
...after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college...
I guess it pays to be fairly "anonymous" lest your personal history is online for all to see.
-
September 19th, 2008, 09:47 PM
#2
Sadly, Yahoo just headlined this exact exploit not too long ago. It makes me wonder if this guy knew of the exploit, or learned of it through the story Yahoo ran.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
September 20th, 2008, 05:49 AM
#3
From what I heard it wasnt really an exploit, he just reset the password using the information necessary for the "forgot password" function to be run. Since she is so well known it was easy to find her info.
-
September 22nd, 2008, 03:57 PM
#4
I agree with oofki. This is nothing new. I changed my wife's password while we were still dating as a joke. [I changed it to westinkicks***]
This isn't a security hole... it's a feature :P
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
September 22nd, 2008, 05:19 PM
#5
From what I heard it wasnt really an exploit
I think you & I differ on what we consider an exploit.
he just reset the password using the information necessary for the "forgot password" function to be run
Right. That's what was headlined on Yahoo not too long ago. I'm just curious if this guy learned of it from the story, or knew of it for some time and just decided to recently use the technique.
The timing of the event seemed to coincide with the Yahoo's story that was ran recently. This is more of a "Is there such a thing as too much public knowledge" inquiry.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
September 22nd, 2008, 05:43 PM
#6
I would consider an exploit to be anything which allows a system to be used for something other than its intended purpose.
-
September 22nd, 2008, 06:46 PM
#7
I'd guess most people are of the mindset that an exploit is a flaw in program design. And it makes sense because, that's what most design flaws are called these days. I happen to see it as something that can be manipulated for selfish and/or malicious purposes.
That should clear it up a bit (I hope!)
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
September 23rd, 2008, 06:20 AM
#8
"Hacking is supposed to be about intellectual exploration, so resetting the password of someone’s Yahoo mailbox no matter if it’s the Pope, requires no more than two brain cells put into action."
O
Last edited by Ouroboros; September 23rd, 2008 at 06:22 AM.
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
-Occam's Razor
-
September 23rd, 2008, 09:11 AM
#9
It's not an exploit, he just happened to realise that if you can find someone famous enough and find out if they happen to have a free email addresse, Yahoo, Hotmail or Gmail for instance.
Then most likely they have been ignorant enough to actually use real details for there sign up questions.
This could of happened at any time, it's just that after the story about how you can just do this and this to find out famous people's details, and find out if they have a free email adresse, that you can try to use available information related to this person to see if they were ignorant enough to use the details in there signup questions.
This skiddie is just trying to get some street cred. He just went about boasting about it the wrong way. And if he really knew or had an idea on how to properly cover himself he wouldn't have used a http proxy that so many site's offer these days.
Dir of course the fed's will get a warrant and make the dude running the site offering proxy use to hand over logs for such and such date at such and such time.
-
September 23rd, 2008, 02:38 PM
#10
...speculation by computer security experts who said Yahoo's "forgot-my-password" service almost certainly was exploited
I'm not really looking to debate semantics. Whatever it is, it's not relevant to answering my question.
This could of happened at any time
But, it happened about a week after Yahoo ran the story. I'm curious if this knowledge was gained simply by going to Yahoo and reading an article. That's all I'm really interested in.
Ouroboros,
Yeah, they throw around the term "hacker" in these articles with almost no regard.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
Similar Threads
-
By ai0070 in forum Miscellaneous Security Discussions
Replies: 6
Last Post: October 18th, 2004, 11:21 PM
-
By ShagDevil in forum Other Tutorials Forum
Replies: 0
Last Post: June 13th, 2004, 05:46 PM
-
By uraloony in forum The Security Tutorials Forum
Replies: 6
Last Post: December 24th, 2003, 02:41 AM
-
By zigar in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: February 22nd, 2002, 02:24 PM
-
By rajat in forum Roll Call
Replies: 0
Last Post: February 20th, 2002, 05:08 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|