Sarah Palins Email... the "Hacker's" Interview

[Zylstra]

http://itmanagement.earthweb.com/secu/article.php/3772981/The+Security+Lesson+in+the+Sarah+Palin+Email+Hack.htm

Sarah Palins email was recently hacked, as many of you know. She took the poor choice of using an @yahoo.com email address, meaning that there was a wonderful Password Recovery feature.
Details about how this feature was abused:

As it turns out, I was right. Here’s how the alleged hacker claims to have accessed the account (sic):

“…after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)

the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screen[shots] that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…"

Read more:
http://itmanagement.earthweb.com/secu/article.php/3772981/The+Security+Lesson+in+the+Sarah+Palin+Email+Hack.htm

Another story:
http://blog.wired.com/27bstroke6/2008/09/palin-e-mail-ha.html ( << A direct quote by the "hacker" contains a language obscenity)

[kpac]

Hadn't heard it actually. Nice story.

[drmsucks]

Why anyone would provide correct info to the "forgot your password" questions escapes me. The answers to all those questions are PASSWORDS and need to be treated as such.

If the answer to "Where'd you meet your husband" had been: -Pr$>68b&zhQ2)}52F, I don't think they would have gotten in.

[soybean]

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…"

ROTFL

[mcxeb52!]

I wonder what Palin's face looked like when she couldn't access her own account on first go 

[evilfantasy]

The question I have is where is the mention of the alternate email you need to retrieve the account information?

I said in another thread that since it's Yahoo I wouldn't doubt if the information was sold rather than hacked. It doesn't add up for me.

Like most web account services, Yahoo Mail provides an option to reset or recover one's user name and password. What is unclear is how the account recovery was rerouted from the alternative email address chosen by Palin to a secondary email address.

Palin's email account hacked via social engineering

[drmsucks]

I said in another thread that since it's Yahoo I wouldn't doubt if the information was sold rather than hacked. It doesn't add up for me.

Do you mean that you think that someone at Yahoo broke in to the account and sold the info?

[evilfantasy]

Yep. It's happened with Yahoo before in selling email addresses to spammers.

I have one Yahoo email that I have never used to sign up for anything. It collects spam daily.

[drmsucks]

Interesting...

[BC_Programmer]

Selling E-Mail Addresses is One thing, selling their passwords is another.

[evilfantasy]

True, but what I'm not getting is there is no mention of the alternate email address that is required to retrieve account info.

Just doesn't add up for me...

[drmsucks]

By "alternate email address," do you mean an address to send the password to - after answering the recovery questions?

[evilfantasy]

Yep. You need one to finish the security questions when registering a new account.

[Siscorskiy]

PWNED....

[kpac]

PWNED....

Hmmm?