• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page
  • Namecheap.com





  • Don’t Let Them Post Your Email on the Net!

    September 18th, 2008

    Most of you have heard the news that Governor Sarah Palin’s Yahoo-based email account has been hacked, and the contents of her messages, including some family photos, are now being posted all over the Internet, and even being quoted in the mainstream media.

    Now I suspect this dirty trick was perpetrated more as a publicity stunt than by people actually trying to find out some secret information about the Republican vice presidential candidate, though it might be a combination of both. Regardless, the question is how it might have happened, and whether it could happen to you too!

    I’m not about to tell you about the tricks hackers might use to gain control of your email box, because I’m sure they use techniques that I could only begin to understand. But there are two simple things you can do to protect yourself, and they don’t require buying extra software.

    First and foremost, don’t publish your email address online. That only gives ammunition for spammers and other Internet criminals to fill your mailbox with junk. Worse, it creates the climate for someone to hack in, particularly if the account belongs to a high-profile personage.

    In the case of Governor Palin, part of the blame for that disclosure rests squarely on the shoulders of the Washington Post reporters who released her Yahoo addresses. While they have a perfect right to examine various matters concerning a candidate for high office, posting personal information of this sort represents a serious lack of ethics, and it may be why this entire episode occurred.

    Now some people actually create temporarily addresses (or aliases) to use for online commerce and other transactions where the information is given out to third parties. That way, if the account is compromised, it can be quickly deleted without harming your important mail.

    In this case, Governor Palin has also been accused of allegedly doing business for the state of Alaska via her personal email account. I don’t know if that’s true or not, but the ease of cracking her account does demonstrate a lack of knowledge on her part when it comes to Internet questions.

    Once you have established your address, temporary or otherwise, you should always use a strong password. That way, if a third party does acquire the address, it will make it doubly difficult to hack. A typical strong password is generally a random combination of upper and lower case letters and numbers. If that proves to be difficult to remember, you might use a normal word, interspersed with numbers and a random capital letters. That would still make it more difficult for password sniffers to figure it out.

    One example might be teN3nIs4bU8m. The three numbers might have personal significance to you, so they are easily remembered. Regardless, it’s not a bad idea to write it down, and put it in a safe, secure location, such as a bank vault along with your most important documents.

    I suppose if you’re not a supporter of Governor Palin, you might just as well suggest that she got what she deserved, but that’s not the point. She deserves her privacy as much as anyone, and this particular prank happens to be a serious offense. The perpetrators, if they’re ever caught — and I doubt that they will be — can face an extended vacation in a federal prison.

    However, I rather suspect that Alaska’s most famous “hockey mom” might have been the victim of a rather pathetic system devised by Yahoo for retrieving a lost password. In such an instance, the account holder is asked some basic questions that, the service provider presumes, could only be answered by that person and nobody else. In Governor Palin’s case, such information as her zip code, date of birth, and even where she met her husband, are in the public record. So it was simple for a hacker to trick the system and gain access to her account.

    Aside from this lapse, and Yahoo is no less guilty than other email services, they do appear to be working towards making sure they provide a safe environment for their users. However, Yahoo! Mail is also a den of spam. I know I had our sites hosted by them some years back, and I used their email hosting facilities for my regular business mail.

    Alas, I got thousands of bogus messages. So many, in fact, that I once lost a serious sale to a client because her message with a routine inquiry got caught in the morass of junk. As a result, I never saw it until it was too late.

    At present, most email addresses on this site are encrypted by special software, so few of them can be detected by spam robots. Most of the time, we simply redirect you to a special contact page, where your information goes through a background antispam detector, which also helps reduce the amount of junk that ends up in our mailboxes.

    Now I realize very few of you, even if your accounts are hacked, will find the contents of your email exposed all over the Internet. But you should take the above precautions anyway. It won’t stop all spam or totally protect your accounts from being compromised, but at least you’ll have an extra couple of ounces of protection, and that’s always worth it.



    Share
    | Print This Article Print This Article

    12 Responses to “Don’t Let Them Post Your Email on the Net!”

    1. rwahrens says:

      On could argue that her email addresses were not protected from being released to the public because she had converted them to public use accounts through her use of them for State business, so the Washington Post Reporters could be excused for their release of that information.

      While the hacker did break the law, one can also argue that Palin may have as well, by using a non-secure email system for not only State business, but according to posted information, some of that email was in regard to personnel matters, so the Privacy Act could apply.

      Also, there have been allegations surface in regards to her use of those accounts that she may have been trying to circumvent State transparency laws. There were two accounts, and the hacker only got into one, as I understand it. Who knows what may have been in that second account? There are also reports that her aides were questioning whether those accounts would be subject to or exempt from public requests for State documentation under the Freedom of Information Act. Another circumvention of transparency laws.

      All of that being said, however, I have always advised my customers that regarding email, “If you don’t want it published on the front page of the Washington Post, then don’t put it in an email”!!

      I guess soccer moms don’t know that much about technology after all…

    2. Adam says:

      If I found out that Martin O’Malley was using a Yahoo! account for email regarding the business of the State Of Maryland, I would immediately find myself a shark and sue the State on grounds of privacy/security breach.

      That a Governor in the USA in the 21st century would conduct state business on a non-state owned web server is shocking! Add that to her running mate’s admitted non-understanding of technology and I get worried. High tech is how the world does business, and even though aides could handle the high tech needs of the President and VP, I find myself re-evaluatong my November options yet again.

    3. Steve says:

      You say “Now I suspect this dirty trick was perpetrated more as a publicity stunt than by people actually trying to find out some secret information about the Republican vice presidential candidate”, I disagree completely. The compromise of Palin’s email is clearly a political attack. If you want a publicity stunt, you target a well known, high profile technical person who (or whose staff) should know better.

    4. You say “Now I suspect this dirty trick was perpetrated more as a publicity stunt than by people actually trying to find out some secret information about the Republican vice presidential candidate”, I disagree completely. The compromise of Palin’s email is clearly a political attack. If you want a publicity stunt, you target a well known, high profile technical person who (or whose staff) should know better.

      Maybe, but Palin is hot news in the gossip columns now, so there’s a double incentive.

      Peace,
      Gene

    5. anon in tx says:

      At least one of you suspicions was correct. The password was reset by the psw recovery questions. The guy who did it said he had to guess one item several times which suggests Yahoo’s method is faulty and they bear some responsibility. The hacker also said that he did to find incriminating evidence of using the account for state business but there was none. Interesting that your commentators converted the state business allegation to fact for their arguments, unless allegation has been redefined as fact recently.

      Anyone concerned about email privacy should be encryping all of their sensitive emails and never storing them on someone else’s server. The government now requires that all sensitive material be encrypted before emailing (interesting hypothetical – a prosecutor wants an encrypted email decrypted but the employee is retired a can’t remember his last password, which is likely as we have to use strong psws that satisfy gov’t criteria, change frequently, and can’t be repeated for two years)

      Last point: requiring an email address for comment constitutes publishing your email address on the web through the third party show principle.

    6. Ken says:

      re: “her running mate’s admitted non-understanding of technology”

      Umm, not so. His problem with using e-mail is that because of the torture by the North Vietnamese, he cannot type. He cannot comb his own hair because, although he can raise his hands for a very limited time as high as his head, they cannot function well enough at that height to use a comb.

      If some of you ascribe that to a “non-understanding” of technology, you have issues that I certainly cannot and will not help you with. There are independent articles out there about his knowledge of technology, but it is up to you to look them up if you choose to. If you do not choose to, not my problem.

    7. Understand that McCain can easily use dictation software to perform most personal computing tasks, either Mac or PC. So his lack of typing capabilities isn’t a serious issue.

      Also, one of his daughters has a blog that is also used to advance the campaign, and he can’t be out of touch about that. Then again, he doesn’t know how many homes he has either. 😀

      Peace,
      Gene

    8. Adam says:

      re: “her running mate’s admitted non-understanding of technology”

      Umm, not so. His problem with using e-mail is that because of the torture by the North Vietnamese, he cannot type. He cannot comb his own hair because, although he can raise his hands for a very limited time as high as his head, they cannot function well enough at that height to use a comb.

      Although I understand and am extremely sympathetic with the Senator’s injury, he has publicly down-played any expectations people may have about his ability to use the Internet. He does say that he is “learning” but for someone in a position public leadership during the age of electronic research and communication, it’s a bit late in my estimation.

      From interviews this year:

      In an interview with the San Francisco Chronicle, he explained that “I am forcing myself. … Let me put it this way, I am using the computer more and more every day.”

      “I am learning to get online myself, and I will have that down fairly soon, getting on myself,” he told The New York Times in July.

      I don’t expect to be a great communicator, I don’t expect to set up my own blog, but I am becoming computer literate to the point where I can get the information that I need.”
      (emphasis added)

      In this Global society we need a great communicator. I nearly voted for McCain in 2000. I have not ruled him out for ’08, but this is something to seriously think about.

      Sorry to go so off topic.

    9. Taras says:

      The hack was caused by the forgot password functionality of Yahoo, as the hacker guessed the answer to the secret question.

    10. The hack was caused by the forgot password functionality of Yahoo, as the hacker guessed the answer to the secret question.

      Precisely what I wrote. I guess you didn’t get around to finishing the article. 🙂

      In any case, it’s clear that Palin may be the victim of her small town upbringing. She is ignorant of the ways of the Internet, and the potential dangers. Someone from Alaska’s IT department ought to sit down with her and give her a crash course.

      Peace,
      Gene

    11. Patrick says:

      “Palin may be the victim of her small town upbringing. She is ignorant of the ways of the Internet, and the potential dangers.”

      Completely separate from any policital issues, are you seriously claiming that being from (or living in) a small town indicates less knowlege of the internet?

    12. “Palin may be the victim of her small town upbringing. She is ignorant of the ways of the Internet, and the potential dangers.”

      Completely separate from any policital issues, are you seriously claiming that being from (or living in) a small town indicates less knowlege of the internet?

      It’s a question of knowing almost everybody, trusting almost everybody in your home town.

      It seldom works that way in the rest of the world.

      Peace,
      Gene

    Leave Your Comment