Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Lessons learned from the Palin (and other) account hijacks

Published: 2008-09-22
Last Updated: 2008-09-22 17:20:23 UTC
by Jim Clausing (Version: 1)
0 comment(s)

While a number of you e-mailed in last week about the account hijacking of Gov. Palin's Yahoo! e-mail account, we didn't comment on it in the diary here because it was pretty well covered in the mainstream press and we didn't have anything of significance to add.  Although, we did have some interesting conversation among the handlers in e-mail and in our jabber channel about obfuscating the answer by, for example, taking the MD5 hash of it and using that.  This morning as I was trying to decide what diaries to write, I did get to thinking about whether there are any lessons to be learned from this and other recent high-profile account hijackings (pdp at GnuCitizen, Alan Shimel, etc.).  Before I really got any thoughts written down, however, I happened across this story on our friend Gary Warner's blog and decided that he covered it well enough, I'd just send you over there.  About the only thing I'd do differently than Gary suggests is I'd MD5 or SHA-1 (or SHA-256) the lies.    Enjoy.

0 comment(s)
Diary Archives