Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 43

Thread: Palin Email Hack Was "Easy"

  1. #31
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Quote Originally Posted by nihil View Post
    Not really flaws in the service IMO. This sort of thing has been going on for years.

    The real flaw is in the users not realising that if they answer the questions truthfully then other people will also know the answers.

    Just lie.................. it works every time

    I agree. I use a few of the same BS answers on all of the security questions. My wife wouldn't even be able to reset my email account, because my mother's maiden name isn't really vader. [names changed to protect the innocent ]
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #32
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    If you search the archives here, odds are you'll see me saying the password reset trick was already old circa 2003?

    Possibly one of my pseudonyms?

    Why this sort of thing has been allowed to continue is mind blowing. Although anybody who suggests that people actually secure things themselves by using a "not easily found" answer that doesn't strictly relate to the question has obviously never met a real user. Users are idiots. THere is no nice way to put it. THe help desk at the federal facility I work had a user turn in a broken mouse, asking for a new one. They simply repackaged the "broken" mouse, gave it to the guy, told him it was a brand new one. They got a call about 15 minutes later from the guy, thanking them for their quick response and the great mouse. It gets worse. Y'all familiar with ToughBooks? Yeah, the nylon stylus the ToughBook tbalets use cannot break the screen, the stylus breaks far before the screen does. Of course, we get a shattered screen and a user saying they were just tapping it with the stylus.
    Real security doesn't come with an installer.

  3. #33
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Although anybody who suggests that people actually secure things themselves by using a "not easily found" answer that doesn't strictly relate to the question has obviously never met a real user.
    On the contrary, I have met lots of them, several of whom have had their e-mail accounts hijacked.

    I think that the service providers should give a clear warning of the potential dangers of providing correct information, although there is no real excuse for forgetting your password. Just write it down in the back of your bible or whatever flavour religious book you use................. nobody is going to look there

  4. #34
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I was discussing this last week at lunch with some friends. Interestingly enough some of them use Yahoo mail and their response to forgotten password automated anything is this.

    "Anytime I have to answer a predetermined "secret question" in order to gain access to a free service, the answer is always two or three jumps away".

    WTF does 2 - 3 jumps mean (Guys a flippen dataminer for accounting firms - go figure). Anyway, If the question is where did you go to high school. the answer might be back alley - because the one thing I remember most about high school is Laura and my first kiss which was in the alley behind my house.

    So much for guessing or social engineering that "secret question"

    Anyway I just found that logic interesting. Me I'd just not use anything that allowed anyomus password changes.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #35
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    I think the whole idea of providing not-so-obvious answers to these secret questions is a good work around for the "Forgot-my-password" service flaw.

    I think it's my Gmail account that provides the option to write my own question. I think that's a great idea simply because breaking the service is that much more difficult. So instead of the standard 5-10 questions handed on a silver platter to inquisitive malicious users, you could have thousands & thousands of different questions in all kinds of formats. Couple that with some oddball answers and this could really help shore up the "Forgot-My-Password" service security.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #36
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Dinowuff - Great logic. Think I am going to use that from now on.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #37
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Looks like he was indicted:

    Kernell faces a maximum of five years in prison if convicted, along with a $250,000 fine and a three-year term of supervised release. The case is being investigated by the FBI's Anchorage and Knoxville field offices. No trial date is scheduled yet.
    Full Story:

    http://news.cnet.com/8301-13578_3-10060878-38.html
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  8. #38
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Shame, poor guy.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  9. #39
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Quote Originally Posted by Cider View Post
    Shame, poor guy.
    yeah right...booo hooo hooo

    The guys an Id 10 t

    He hacks an american vice presidential candidates email using his own internet access through a proxy...then brags about it......

    DUH

    you dont think the feds were all over that ASAP

    He could have at least used one the the kazillion open WAPs out there...

    I have absolutley no sympathy for stupidity

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #40
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    SO if he used an opened WPA then it would be all good
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. how to finger a user via telnet
    By ai0070 in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: October 18th, 2004, 11:21 PM
  2. HowTo Interpret Email Headers
    By ShagDevil in forum Other Tutorials Forum
    Replies: 0
    Last Post: June 13th, 2004, 05:46 PM
  3. Chapter 2 - Newbie Questions Answered
    By uraloony in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 02:41 AM
  4. hehe...for those who hate AO newbies...
    By zigar in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: February 22nd, 2002, 02:24 PM
  5. How to read email header
    By rajat in forum Roll Call
    Replies: 0
    Last Post: February 20th, 2002, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •