Comments on: Learning From Sarah Palin’s Yahoo Mail Compromise

By: Zero in a bit » A security lesson from the Joe the Plumber snooper

Zero in a bit » A security lesson from the Joe the Plumber snooper — Sat, 25 Oct 2008 20:22:47 +0000

[...] we had the Gov. Palin Yahoo email break in to teach us the vulnerabilities of weak password reset schemes. Now we have a Joe the Plumber government records snooper teaching us about proper computer [...]

By: Sarah Palin and the great Yahoo! angst « Security For All

Sarah Palin and the great Yahoo! angst « Security For All — Sun, 21 Sep 2008 22:59:29 +0000

[...] I’ve already written a blog entry about password security and I also use some of the stuff outlined here. [...]

By: Peggy McGilligan

Peggy McGilligan — Thu, 18 Sep 2008 23:46:38 +0000

While there’s no law per se against a private citizen gathering evidence, people do things everyday for which they might be held to account. Not that Governor Palin is among them. I’d expect to find nothing incriminating. Citizens do have rights though, the right to be secure in their papers among them. Due to the electronic medium, the Sarah Palin case should be groundbreaking. Here’s something for the less technologically inclined: whenever one’s cell phone is switched on, not necessarily making a call, just turned on, that even if it’s not a GPS enabled device, it emits a signal that anyone who knows your SIM card number may track with an array of inexpensive software. GOOGLE GPS tracking devices. The phone’s speaker can also be remotely activated for use as a listening device. Perhaps you’re wondering, as did I, how certain individuals seem to know your whereabouts, or manage to show up when and where they do. High tech and tech devices lend the good, the bad & the ugly a level of sophistication hitherto unimagined. Cell phone option: remove battery when not in use: http://theseedsof9-11.com

By: Son Of Tennessee Democratic State Representative Mike Kernell Hacked Into Palin’s E-mail | Right Voices

Thu, 18 Sep 2008 21:56:17 +0000

[...] Zero in a bit » Learning from Sarah Palin Yahoo email compromise [...]

By: Chris Eng

Chris Eng — Thu, 18 Sep 2008 15:17:30 +0000

Regarding #2, another technique is to simply use fake answers, because it may be difficult to remember all those extra exclamation points.

For example, my credit card issuer doesn’t actually verify that my mother’s maiden name is what I say it is. They just enter it into the system. It’s nothing more than an extra password, with a contextual clue to help you remember it. If I tell Citibank my mother’s maiden name is Aitel, then for all intents and purposes, it is. Now, even if somebody digs up my personal information somewhere, they’re still out of luck.

Another tip is to select a customized secret question if given the option, and make it something completely nonsensical — nothing factual. For example, “What is the square root of my filing cabinet?” With the answer being “I like rabbits.” Don’t worry about re-using the answer repeatedly across different online services, the point is that nobody can look it up.