Who Are You?

Sarah Palin’s email account was hacked last week.

More fool her for using a Yahoo account.

The hack didn’t involve any complex attacks, or even a small but elegant program designed to exploit software flaws.

Instead, its an example of social engineering at it’s finest.

Forgot your password? Yahoo asks a few verification questions, and sends a new password to an email you specify once it’s satisfied you are who you say you are.

The hack was simple. Pretend you’re The Lipsticked Pitbull, get the questions right, and take over the account.

Of course, since Palin is a public figure, there’s quite a lot of information about her on the web. Palin’s Wiki entry included her birthdate, and the zip codes for her hometown are listed on public websites, which left the security question, where she met her spouse. After a few google searches, the hacker hit the right answer, ‘Wasilla High’.

Fortunately, Palin didn’t have any State secrets on her yahoo account, but the hack should teach other government leaders and employees the value of decent security.

Meanwhile, in the age of facebook, how sure are you that the answer to your security question isn’t just a google away?

Published by Gerard Cunningham

Gerard Cunningham occupies his time working as a journalist, writer, sub-editor, blogger and tweeter, yet still finds himself underemployed. Go figure.