Stunningly weak Yahoo password security
I was wondering just how the hacker got into Palin's account so easily.
"Rubico claimed the actual intrusion into Palin's account was a relatively easy matter. It began after Rubico read news accounts claiming Palin used gov.palin@yahoo.com in her official capacity of governor of Alaska - which, if true, would skirt the state's open government laws. Rubico then hacked Yahoo's password recovery feature. In 45 minutes, he had her birth date, and two possible zip codes, and soon after that online research revealed Palin met her spouse, Todd, while they were students at Wasilla High School, in Alaska."
http://www.theregister.co.uk/2008/09/18/palin_email_investigation_continues/
What is the name of my favourite pet, mothers maiden name, etc, etc. Gotta love all those password recovery questions. I frequently put in words that some, including my mother, would consider offensive.
I was extremely upset when some genealogy buff put my full name and birth date on a web page a number of years ago. Along with my parents and siblings information. That page is gone now. And thankfully genealogy software doesn't do that by default any more.
Back in the days of bulletin board systems in the early '90s a friend found that many of the local BBS sysop's used the same password on their own BBS's as well as when logged into other BBS's. Duh! He was happy to see that that didn't work for me.
How many other website's use similar systems? Hopefully they're all having a massive "Oh sh*t" moment. Including the banks.