No, I’m not giving her advice on how to be a political hack…she’s getting lots of that already.
You’ve probably heard by now how Sarah Palin’s Yahoo! mail account was accessed by a 20 year old from Memphis. Basically, the attacker used the password reset feature, which prompts you to answer several personally identifiable questions, such as “Where did you meet your spouse?” Being a governor only made that type of information all too easy to find.
Interestingly enough, the Grand Jury in Chattanooga convened on the matter today. I stumbled across this on the ISC Handler’s Diary page and had to share the advice.
Just because you’re presented with a “process” that looks and feels secure, doesn’t mean it is. It’s not just the 1s and 0s that are vulnerable; vulnerabilities start with the user at the keyboard. An uneducated user is almost guaranteed to be attacked. In this case, a seemingly “secure” solution of personal questions provides the user with a choice: secure my information or risk it all. Provide an accurate answer and just about anyone who has some level of personal knowledge (social networking sites anyone?) about you has discovered a vulnerability and can attack at will. Provide a false answer and you increase your odds of protection drastically.