Archives
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- January 2006
- December 2005
- November 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- January 2005
- December 2004
- October 2004
- September 2004
- January 2004
- December 2003
- October 2003
- June 2003
- January 2003
- December 2002
- June 2002
- January 2002
- January 2001
- May 2000
- April 2000
Categories
Meta
- Home
- Advertise on HaveMacWillBlog
- Analysis
- Downloads
- Images
- IT Quotes
- Navigating This Site
- Other Images
- R & R
- Shipping Rates
- Shopping Cart
- The Skin Changer
- The Testing Menu Page
- What's Hot?
- Hottest Postings For May 2008
- Hottest Postings: for April 2008
- Hottest Postings: for August 2008
- Hottest Postings: for January 2008
- Hottest Postings: for July 2008
- Hottest Postings: For June 2008
- Hottest Postings: for March 2008
- Hottest R&R Since the Blog Began
- Hottest Since The Blog Began (in November 2007)
- The Hottest Images (Since the Blog Began)
- Who Knew?
- New Blog Page
Politicians, Passwords but not Popcorn
Can you trust a politician to choose a good password?
If Sarah Palin, potential VP of the USA, is anything to go by, then the answer is no. Palin chose the word “popcorn” as her password – not “lipstick”, not “caribou”, net even “snocat”, but those choices would have been just as bad. Password cracking software starts off with a list of 30,000 or so common words and only when it exhausts that list does it move on to brute force cracking – using every possible combination on the keyboard.
It’s feasible that Palin’s poor choice of password made it easier for the group that goes by the name Anonymous to break into her email account and expose the fact that she was using a non-governmental email system for governmental email. (There can’t have been much else in her email or we’d all know of it by now.) Officially, this matters because public servants are not supposed to use insecure non-governmental email systems for government business.
Anonymous made matters worse by handing all the information they grabbed from Palin’s email to Wikileaks, the web site whose sole purpose in life is to “publish and be damned”. It matters not to Wikileaks whether the information it publishes has a right to privacy – in fact they only publish information that someone wants to keep private.
The Responsibility of IT
The question that no-one is asking is whether the government IT Department for the State of Alaska properly insisted that all officials had to use the secure email system or to put it more bluntly: Who’s managing IT security in Alaska? Is there no governance happening here?
The most disturbing fact about the email account is that it’s address (now defunct) was “gov.sarah@yahoo.com” which suggests that Palin knew it was going to be used for government business.
Perhaps the whole situation with email has become too hard for most people, including the average politician. Maybe Palin never understood that Yahoo is insecure because anyone can get to the interface. And I suspect no-one was able to set up an email system for her that she could use from anywhere, where personal emails and government emails were naturally kept apart.
(Is that a user problem or is that just a poor system?)
The fact that Palin is the recently announced VP candidate naturally makes her a target for hacking, but she never knew until a few weeks ago that she was even a possible choice, so when she chose her personal password, she probably didn’t think she was a likely target for hacking. But even if she had been briefed on what makes a strong password, would she have chosen better? Users hate cryptic passwords they can’t easily remember and often fail to follow guidelines.
Breaking News….
It is now reported that the hack of Palin’s email account wasn’t achieved by use of a password cracker. It was done – believe it or not – by using the Yahoo password recovery feature, which comes into play if you forget your password. The following posting was made to the bulletin board of 4Chan by the geek who claims he pulled it off this coup.
“After the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)”The second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if you’ll look on some of the screenshots that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
“I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…”
So “popcorn” was not the password that Palin chose. It follows that we can never know what password Palin chose. It may indeed have been “lipstick” or it may have been a much more secure one like “1mG0nnabVP”.
We can at least be certain that John McCain’s email isn’t going to be hacked. He doesn’t use email, or even know how to. (That must be awful – life without spam.)