October 9 Tip of the Day:
"Try not to use easily findable information for your security questions. For examle, your mother's maiden name is a matter of public record. Sarah Palin's yahoo email address was "hacked" just because someone figured out her zip code and the answer to "Where did you meet your Husband" (Wasilla High)As Harry Waldron explains in How Sarah Palin's Yahoo email was Hacked:
(This also relates back to the October 1st tip: People on social networking sites like to pass around surveys with questions that reveal a lot of personal information that could be used by identity thieves, there is lots of potential for overlap between social networking surveys and "security questions".)"
Security questions are your MOST IMPORTANT safeguard in any web based facility where a password can be mailed back. If the 3 questions are easy to guess, any unauthorized person could gain entry (e.g., family member, friend, or criminal). When it comes to security questions, it's good to be "less forthcoming" by misspelling or using incorrect answers. As a best practice, ensure that only you know the answers to the password-reset questions.Harry also included the following references in the referenced article:
How Sarah Palin's Yahoo email was Hacked
- http://www.eweek.com/c/a/Security/Sarah-Palin-Hack-an-Example-of-Password-Recovery-Backfire/
- http://www.mtv.com/news/articles/1595343/20080922/story.jhtml
- http://isc.sans.org/diary.html?storyid=5068
- http://www.usnews.com/blogs/paper-trail/2008/09/22/tennessee-student-is-focus-of-palin-e-mail-hack-investigation.html
- http://news.slashdot.org/article.pl?sid=08/09/21/160222
- http://itmanagement.earthweb.com/secu/article.php/3772981/The+Security+Lesson+in+the+Sarah+Palin+Email+Hack.htm
- http://garwarner.blogspot.com/2008/09/governor-palins-email-security.html
No comments:
Post a Comment