The big news isn’t really that Sarah Palin’s yahoo account was hacked.
Hacked, by an online hacking ring called “Anonymous”. Man, that sounds sexy. Who are these dark and mysterious cyber-criminals? We may never know…
The real story is how the attackers did it, with clever and craft and l337 h4x0rz skilz that transcend mere mortals… By clicking the “I forgot my password” link and by using google to break her security questions. Wow. Dare Obasanjo breaks it down quite nicely.
It turns out if you’re famous, none of your “private” information really is. So don’t become famous, accidentally or otherwise.
Oh, and don’t put your private information in a public place. Nothing on the internet is private. If you’re like me, you believe your e-mail is secure. Lots of important stuff flows into and out of my personal e-mail. I *depend* on it being private, which is why Sarah Palin’s hack is bad news.
It didn’t take any special skills.
It didn’t take any particular effort.
It didn’t take any inside knowledge.
Now, I may not be famous (in fact, I’m sure I’m not). But if I put my “private” information on a public social networking site that is not secure (it is fundamentally not secure, and I’m not sure it can ever be secure), I’m compromising my e-mail security. The problem is not, as Dare describes, that the security questions are geared around public knowledge. The problem is that the knowledge is public when it shouldn’t be.