Number 307 - December 2008
Sarah Palin - Password Protection
by Sandy Berger

How they hacked Palin's email account and how you can prevent that from happening to you.


   When technology is good, it is very, very good, but when it is bad it can be truly atrocious. So it is with the hacking of Sarah Palin's Yahoo email account. The bad guys are out there using technology for their own advantage. Whether they are serious hackers who want information for devious purposes or young students who just want to show their technological prowess, this theft shows that everyone is vulnerable.

   The recent hijacking of Sarah Palin's email account is also a great example of how a hacker can gain access to an email account and how email accounts need to be better protected against such penetration.

   (NOTE: On October 8,2008 David Kernell, University of Tennessee student and son of a Memphis legislator was indicted by a federal grand jury on the charge of hacking Sarah Palin's personal email account.)

   We currently rely on passwords to protect most of our online activity. Professional hackers often use "password crackers" to guess passwords. Anyone can easily find these hacker tools on the Internet. They can even be purchased on CD. There are wordlists for common passwords and dictionary combinations of possible passwords in a variety of different languages. These tools are all aimed at giving a person all the technical tools that they need to guess passwords.In Sarah Palin's case, however, the perpetrator didn't even have to use tools like this. A hacker identifying himself as "Rubico" claims to have been able to change the password on Sarah Palin's Yahoo Mail account quite easily. All he had to do was use her email name to log into the Yahoo Mail's interface and select the option to reset the password. Yahoo then asked him to provide her birth date and zip code, which have become public knowledge. He then had to answer her self-chosen security question which was where she met her husband. After several television interviews of Sarah and her husband, the answer to that question also became public knowledge.

   Sarah Palin was thrown into the public arena quite quickly, but even those of us who are not public figures may find that their passwords and answers to security questions can be easily guessed. Do you use the name of your spouse, children, pet, favorite sport, birthday, or wedding date as your password? Have you entered security questions like place of birth or favorite color that are easy to guess?

   Privacy as we knew it before the Internet is now a thing of the past. With the Internet, more of our lives is online than most of us realize. Many people use blogging as a pastime and post information on MySpace, Facebook, and other social networking websites. Once posted, all of that information is publicly known. And the Internet is archived, so even when you remove current information, previously posted information can still be found in Internet archives. That information can be used to guess passwords and access personal information.


   (I use Roboform www.roboform.com/php/land.php?affid=s1338&frm=frame17, an automated program that encrypts and remembers your passwords for you! You can download the FREE version which will handle up to ten passwords, or purchase the Pro version for $29.95 which handles an unlimited number of passwords and has added feaures. I love it! Click or enter to download.

   So here are a few ground rules that may help keep your private information a little safer online:

   1. Use passwords that are not easy to guess and cannot be easily cracked. (Look for more on how to choose good passwords in next week's column.)

   2. Choose a security question that others will not be able to guess the answer to. Or answer the security question with an answer that you create which is not necessarily the true answer.

   3. Use unique passwords, especially for important services and websites like banking sites and email.

   4. Keep your passwords private. Don't leave them on a sticky note on your computer screen or keep them in an unencrypted file on your computer.

   5. Change your passwords often.

   6. Do not change your password by clicking on a link in an email from someone claiming to be a system administrator, bank representative, or other seemingly reputable party. They may not be who they say they are. When you want to change your password, always type in the address yourself so you know you are at the real website rather than a bogus one.

   7. Use one credit card for all online purchases. This will limit your financial exposure.

   8. Keep your operating system up-to-date.

   9. Use a good anti-virus and anti-spyware programs.

   10. Consider using an encrypted password manager program. The program that I use is RoboForm www.roboform.com/php/land.php?affid=s1338&frm=frame17. It is free for 10 passwords or less and only $29.95 for unlimited use with additional features. It may be the best money you've spent in years! Click on the address to make remembering passwords easy!

   Check the Compu-KISS website at www.compukiss.com for more information on choosing good passwords.
  Number 307 - December 2008