Comments on: Speculation on Palin E-mail Hack

By: Palin Yahoo Email Hacked « SecuraBit

Palin Yahoo Email Hacked « SecuraBit — Tue, 13 Mar 2012 16:43:25 +0000

[...] EngÂ (guest on Securabit Episode 7) has posted some commentary on what he thinks might have happened to the account. Â What are your thoughts on this matter? [...]

By: Take Business Email Seriously | Seo Vancouver Island

Take Business Email Seriously | Seo Vancouver Island — Sat, 07 Feb 2009 22:15:02 +0000

[...] The biggest news item was VP candidate Sarah Palin’s use of Yahoo Mail for government business. Apparently, the email account was not breached by any high level hacker attack, but by a weakness in the Yahoo Password Reset. [...]

By: Zero Day mobile edition

Zero Day mobile edition — Fri, 19 Sep 2008 13:42:42 +0000

[...] Chris Eng pointed out, you should carefully scrutinize the password reset policy used by the webmail [...]

By: Anonymous

Anonymous — Thu, 18 Sep 2008 09:59:21 +0000

Anonymous is not a group of hackers – it’s a leaderless collective of like-minded individuals, from all walks of life.

http://www.enturbulation.org/press-media/faq

By: MikeA

MikeA — Thu, 18 Sep 2008 09:29:16 +0000

Crap, sorry, met to post this as well.

http://www.theregister.co.uk/2008/09/18/palin_email_investigation/

Apparently the guy was behind a proxy (says so in his write up), and could easily be traced now. Also seems that nothing substantive was found in the account because it was the gov.palin@yahoo.com account instead of gov.sara@yahoo.com – don’t know about you, but I separate out email accounts to work/personal, and the wrong one (well, at least the one everyone was speculating about the contents) was hacked. However, I can’t imagine that having access to one wouldn’t get you access to the other – I could easily see password/information sharing going on.

By: MikeA

MikeA — Thu, 18 Sep 2008 09:19:08 +0000

Yep, after seeing the new details come out, I agree it doesn’t look like an inside job at all – as you said Chris, it was far too easy (which is sad in-and-of-itself). If these people get in they will be in charge of our nuclear codes. Who’s betting that it won’t be something like ’1234′ ;)

By: Chris Eng

Chris Eng — Thu, 18 Sep 2008 05:08:09 +0000

@Chris Wysopal: Weird, when I tried that “can’t access alternate e-mail account” option, it told me my password couldn’t be reset online. Maybe I don’t have a secret question defined.

@MikeA: Sounds like this was so easy that no insider info was required.

By: MikeA

MikeA — Thu, 18 Sep 2008 04:56:55 +0000

Perhaps a question, one that I’ve not heard many people ask during all this is…

Could it be an insider attack?

All these other attack methods are certainly a good possibility, but there’s plenty of people inside Yahoo, lots “democratic” in nature, and I’m not sure about Yahoo, but most companies are pretty open from the inside. There’s certainly a (perhaps small) likelihood that someone inside Y! could have “thrown a switch” or “leaked info” about the account. It’s not as if Y!’s don’t have enough to be pissed off about already, and job security isn’t exactly top of the agenda either.

Just a thought.

By: thehariman.com - Email Sarah Palin Was Hacked! | Computer and Others By Hariman

Thu, 18 Sep 2008 02:31:12 +0000

[...] Sarah palin personal email hacked Speculation how email hacked : Related PostsNo related postsSocial BookmarkingTags: Gawker, Hacked, Palin Hacked, Sarah Palin, [...]

By: links for 2008-09-17 (Jarrett House North)

links for 2008-09-17 (Jarrett House North) — Thu, 18 Sep 2008 02:00:57 +0000

[...] Speculation on Palin E-mail Hack …and here's how they could have done it. Not every hack requires the knowledge of exploiting buffer overflows and SQL injections… sometimes there's just plain bad design at work. (tags: 2008 election palin security) [...]