My Challenge Question is “What Language is This Written In?”
By Jesse Singal - Sep 18th, 2008 at 9:45 amVeep candidate Sarah Palin’s Yahoo! email account was hacked yesterday and some of its contents posted online. Two things stand out from the AP’s writeup.
Palin herself used “gov.sarah” in one of her e-mail addresses, but the hackers targeted her “gov.palin” account. Her husband used “fek9wnr” in his address. “Fe” is the representation for iron, and “k9″ is an abbreviation for canine. Todd Palin was the winner of the grueling Iron Dog snowmobile race, and “fek9wnr” also is Todd Palin’s vehicle license tag in Alaska.
It wasn’t immediately clear how hackers broke into Palin’s Yahoo! account, but it would have been possible to trick the service into revealing her password knowing personal details about Palin that include her birthdate and ZIP code. A hacker also might have sent a forged e-mail to her account tricking her into revealing her own password.
First, I have to admit that theĀ “fek9wnr” thing is kinda cool. Second, and perhaps more relevant: I sincerely hope that Yahoo! makes it tougher than that to recover your password. Either Yahoo! mail has incredibly lax security (I mean, who couldn’t dig up someone’s ZIP and password?), or Palin made her “challenge questions” (the personal questions a site asks you when you claim to have lost your password–usually stuff along the lines of “What was the name of your first dog?”) far too easy, which would make this an excellent cautionary tale for those who promote safe, secure web browsing.
“fek9wnr” is just narcissistic and sad. I mean, way to go on winning (four times), but then getting a vanity license plate and changing your e-mail address to brag about it? Define yourself by accomplishments that actually mean something, dude.
Those security questions are almost always one of the easiest ways of obtaining access to a service that has them. I realise it’s probably necessary for the owner to have a mechanism for gaining access to an account once they’ve forgotten the password, but most people don’t think of the questions as being essentially a second password, so they don’t bother with thinking of answers that are actually difficult to get.
September 18th, 2008 at 5:40 pmIt’s a broken system made worse by ignorant users, and it’s not just Yahoo!’s fault.