WiredWX Hobby Weather ToolsLog in

 


descriptionYahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack EmptyYahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack

more_horiz
Tactic used to access VP candidate's e-mail works on the top three services

(Computerworld) Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week.

Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question, according to quick tests run by Computerworld.

Computerworld reporters and editors were able to "break" into their own and colleagues' accounts on all three services, then reset passwords armed only with the account's username and the correct response to one of a limited number of common security questions, such as mother's maiden name, the name of a favorite pet or the make of a first car.

Some of the personal information that would provide answers to the security questions may be easily found by searching social networking sites or the Internet, the approach a hacker labeled as "rubico" claimed to have used to dig up the responses necessary to access Palin's account.


More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115187&source=NLT_SEC&nlid=38

descriptionYahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack EmptyRe: Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack

more_horiz
Not suprised, details of a person like Palin can easily be found on the Wiki.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum