Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Sarah Palin’s Yahoo account hijacked, e-mails posted online
ZDNet ^ | 9/17/2008 | Ryan Naraine

Posted on 09/17/2008 11:15:26 AM PDT by Domandred

Mod note: Do no post any screenshots of Governor Palin's Yahoo account on Free Republic.
Thank you.

On the heels of media reports that Republican vice presidential candidate Sarah Palin was using a private Yahoo e-mail account (gov.palin@yahoo.com) to conduct Alaska state business, hackers have broken into the account and posted evidence of the hijack on Wikileaks.

An activist group calling itself ‘anonymous’ claimed responsibility for the compromise and released screenshots, photographs and the e-mail addresses of several people close to Palin, including her husband Todd and assistant Ivy Frye.

(Excerpt) Read more at blogs.zdnet.com ...


TOPICS: Breaking News; Crime/Corruption; News/Current Events; Politics/Elections
KEYWORDS: creeps; democraticslimebags; hacked; hackergate; leftys; leftyscumbags; mccainpalin; palin; palinattacks; palinping; tasteless; wikileaks; yahoo
Navigation: use the links below to view more comments.
first previous 1-20 ... 341-360361-380381-400401-416 last
To: AndyJackson
I doubt that the locks on my door are pickproof. I am, however, 0% at fault when someone picks my lock to enter my house.

How about if you had been told time and time again that the brand of locks you use were of poor quality and could be opened by a good thump?

What percentage of blame would you have then for ignoring the problem?

401 posted on 09/19/2008 11:41:21 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 399 | View Replies]

To: Domandred

Thanks for the education... So why the “wiki”pedia? Is it because of the software they use?


402 posted on 09/19/2008 9:39:31 PM PDT by Libertina (Sarah Palin for VP - not because she is a woman, but for the woman she is!)
[ Post Reply | Private Reply | To 318 | View Replies]

To: Libertina

Yep short for Wiki Encyclopedia. Wikipedia.


403 posted on 09/19/2008 9:47:10 PM PDT by Domandred (McWhathisname / Palin - 2008)
[ Post Reply | Private Reply | To 402 | View Replies]

To: Domandred

I Love to learn! Thanks :)


404 posted on 09/20/2008 11:02:25 AM PDT by Libertina (Sarah Palin for VP - not because she is a woman, but for the woman she is!)
[ Post Reply | Private Reply | To 403 | View Replies]

To: Knitebane

I did not say “no need”. I said “less need”. Or are you going to argue that laws and penalties do not reduce crime / have no deterrent effect?


405 posted on 09/22/2008 10:11:38 PM PDT by Paul R. (Ok, I am ready to meet the devil. What are the details?)
[ Post Reply | Private Reply | To 397 | View Replies]

To: Knitebane

It seems to me that if someone “takes apart something to see how it works”, and that something does not belong to them personally, or they do not have explicit permission to do so, from the owner, then that someone is in the wrong.


406 posted on 09/22/2008 10:19:03 PM PDT by Paul R. (Ok, I am ready to meet the devil. What are the details?)
[ Post Reply | Private Reply | To 396 | View Replies]

To: Paul R.
It seems to me that if someone “takes apart something to see how it works”, and that something does not belong to them personally, or they do not have explicit permission to do so, from the owner, then that someone is in the wrong.

Not necessarily.

For instance, I have several machines in my server rack that run Apache web server. If I find an security problem on one of those and report it, every Apache web server of that same version on the Internet will have the same problem, just now everyone is aware of it.

Also, if a web server is publicly available, sending it commands and looking at the responses is exactly what your web browser does. Your web browser simply formats the responses into what you are used to seeing. What your web browser receives is very different to what you are used to seeing. A hacker will typically examine those raw responses directly rather than letting the web browser format them.

407 posted on 09/23/2008 6:22:46 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 406 | View Replies]

To: Paul R.
I did not say “no need”. I said “less need”. Or are you going to argue that laws and penalties do not reduce crime / have no deterrent effect?

It is not a direct relationship. Are you going to argue that laws and penalties banning alcohol didn't increase violent crime?

Laws and penalties simply provide a method of punishment. If people are willing to risk the penalties or are already criminals they have very little effect especially in areas that are difficult to police effectively.

And U.S. laws and penalties have zero deterrent effect on people in other countries the effect of strong laws against something on the Internet is not especially effective. As a web site on the public Internet is just as reachable from China as it is from Wichita, all you've done is criminalize U.S. activity. This is not necessarily a good thing. For instance:

When the U.S. enacted the ITAR regulations, they categorized strong encryption as a munition and banned its export. The result was that U.S. programmers stopped working on strong encryption. If someone from overseas downloaded your encryption software you could go to jail for 20 years.

For a long time if you wanted strong encryption you had to download it from an overseas system and apply it to your systems here manually.

The result? American's stopped developing encryption technology. The current U.S. encryption standard, AES, was developed outside the U.S.

408 posted on 09/23/2008 6:32:34 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 405 | View Replies]

To: Knitebane

If you are looking into a problem on hardware or software you own, then I have no problem with that. That is exactly what you describe. Ditto if the equipment / software belongs to someone you work for, or a customer, and they have asked you to check it out. Heck, I do THAT sort of thing (though in a much different area of electronics) all the time. If you inform the hardware / software provider that there is a problem, and then they do not respond after several such attempts, then ok: If you feel that you should alert others so that they can take appropriate safeguards, that’s fine too. What I have a problem with is people who try to “break in”, so to speak, where they have not been invited, where they have no ownership, etc.

Now, if you send commands to a web server in order to view what’s on someone’s website, such as in response to an implied invitation, of course that’s ok. Ie., “Come check out our cool products” is essentially the message if someone puts up a web site with their products listed therein. If that website generates so much legitimate traffic that it crashes, well, that’s a good problem to have! (And a better one to solve.) But if someone starts sending that website strings of data that can throw a monkey wrench into the works, INTENDING that result or possible result, uninvited, then that someone is in the wrong. So far as I know, my web browser sends out a lot of “inquiries”, but does not intentionally try to break into other’s accounts uninvited, throw that proverbial monkey wrench into the works just to see sparks fly, etc.

Put another way, it is one thing for someone to come to my door and knock, to request to come in. It’s quite another for them to pick the lock and come in without my permission.

As an aside, I would mention that not so many years ago, in probably the majority of the land area of the U.S., most people found it unnecessary to lock their house or car during the day. Robert Heinlein postulated much the same thing in a future society he described in “The Moon Is A Harsh Mistress.” I think it has to do both with self respect / honor, and with respect for others.


409 posted on 09/23/2008 7:02:33 PM PDT by Paul R. (Ok, I am ready to meet the devil. What are the details?)
[ Post Reply | Private Reply | To 407 | View Replies]

To: Knitebane

Hmmm... That’s an interesting point. Are you postulating that the desire to do harmful hacking (to be specific and not indict all hackers) is comparable to alcohol or drug addiction?

At any rate, IF the vast majority of the populace had been willing to support whatever penalties were necessary to make Prohibition effective, it would have been successful. Certainly there are countries in which this has been done, with general success. Prohibition failed in the U.S. because the vast majority of the U.S. populace was not so inclined.

That’s not to say no one would ever get their hands on an alcoholic beverage, given my “IF”. There are always some cracks. (Oh, BTW, I am not a tee-totaler. I am just commenting on your example. )

Now, in the case of the Internet, you are correct: You’d probably have to get some sort of essentially world-wide treaty going (with real penalties for countries unwilling to go along with it) to crack down on harmful hacking. But, I think this problem will eventually become so big, and cost everyone so much money, that it will come to pass. Once it does, you don’t have to find every offender. You find a few, and administer Saudi Arabian style justice. Even that would not end the problem. But it would lessen it.

Then again... Back in my college days, when I was studying Electrical Engineering, I was too doggone busy to get into such trouble. (The story of my life!) Maybe there is an answer there... ?


410 posted on 09/23/2008 7:49:27 PM PDT by Paul R. (Ok, I am ready to meet the devil. What are the details?)
[ Post Reply | Private Reply | To 408 | View Replies]

To: Paul R.
But if someone starts sending that website strings of data that can throw a monkey wrench into the works, INTENDING that result or possible result, uninvited, then that someone is in the wrong.

Well, that's the problem. Internet protocols are designed for flexibility. What today might be a string of data that horks up a system, tomorrow might be accepted as a new, useful feature.

As such, servers on the Internet are supposed to accept all data sent to them, discard the stuff they don't know what to do with and properly process the rest.

It a web server takes a string of data and does something harmful, that's a bug. There are people that intentionally search for such things. And there are times when such things are found by accident.

Put another way, it is one thing for someone to come to my door and knock, to request to come in. It’s quite another for them to pick the lock and come in without my permission.

Quite true. If someone disables the locks on your house, that person is a criminal. That person should be prosecuted.

However, if you've been told time and time again that there is a bug in your brand of locks, and a good thump will disable them, then you are at fault for not doing something about it. It's not something you should be prosecuted for, and it doesn't negate the fact that the person doing the bumping is a criminal, but expect to be chastised for not taking the vulnerability seriously.

411 posted on 09/24/2008 7:32:41 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 409 | View Replies]

To: Paul R.
Hmmm... That’s an interesting point. Are you postulating that the desire to do harmful hacking (to be specific and not indict all hackers) is comparable to alcohol or drug addiction?

Not at all. The analogy was about the effectiveness of laws to control behavior, not about the behavior itself.

Then again... Back in my college days, when I was studying Electrical Engineering, I was too doggone busy to get into such trouble.

Not really. The people that do the hacking are often professional programmers. Because so much Internet software is made up of layers of software from different sources, testing will often indicate a bug when testing how one layer of software interacts with another.

As an example:

Let's say I have a store on the Internet. I use a piece of software that the web server interacts with. A user connects to the web server and enters data. The web server passes that data to the application that processes the order.

When a new version of the web server software comes out, the manufacturer of the store software tests his application to make sure that it works properly with the new web server.

He finds a bug. Normally, the field where you type your credit card number in expects only numbers. You find that if you put in a string of hex code, it causes the application to crash.

In the previous version of the web server software, the web server properly read in the HTML instructions and filtered out anything that wasn't a number. The new version doesn't.

He found the bug by deliberately sending out-of-scope data to the web server, but the bug could be triggered accidentally by having, say, your cat jump on your keyboard while you were ordering from my site.

One person, a professional, found the bug. So can someone else, sometimes by accident.

And a third party may be looking for a way to crash my server.

All three of these people can find the same bug. You can't assume that just because someone finds an exploit that they intend harm.

For years, conservatives have resisted the idea of the UN being our police. And Internet police force would have much the same mandate. And it would suck.

Rather than that, how about we leave the Internet alone. People that have broken software should fix it, assume there are still more bugs that haven't been found yet and take action accordingly.

Because you are never, even with an Internet Police force, going to be able to stop systems from being exploited. It's too easy to hide, it's too easy to have a plausible answer for doing what you did and it's too much of a burden on regular, everyday Internet users to subject them to layers of UN-style corruption just to catch a few system exploiters. The cure would be worse than the disease.

412 posted on 09/24/2008 7:49:22 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 410 | View Replies]

To: Philly Nomad
You can condemn the thugs, but would you want the idiot who was reckless with $500,000 cash running your business?

Actually, all indications are that the proper analogy is someone who "was reckless with about $5". The hacker himself said that he could find nothing that would be damning to Palin's campaign - that would certainly seem to include any proof that information of a sensitive nature was being sent in the open.

She probably used her Yahoo account for work only in the way that I use mine - I may send the occasional message that says "yeah, I'll make the 10am meeting", but nothing of a confidential nature. 'Speculation', you may claim - but so is just about everything else, and I at least know of firsthand examples at my business that are hardly as reckless as the fearmongering here would suggest.
413 posted on 10/04/2008 8:43:04 PM PDT by beezdotcom
[ Post Reply | Private Reply | To 394 | View Replies]

To: beezdotcom

But here’s the thing, the thug who broke into her account got off. I’ve seen lives ruined by less egregious computer crimes.

My guess is he found some really incriminating stuff but the Cops, & McCain cut him a deal - he keeps his mouth shut - he stays out of prison.


414 posted on 10/06/2008 5:13:23 PM PDT by Philly Nomad
[ Post Reply | Private Reply | To 413 | View Replies]

To: Philly Nomad
My guess is he found some really incriminating stuff but the Cops, & McCain cut him a deal

My guess is that your guess is wrong, for two reasons:

- because he posted his disappointment long before even the hack was widely known, much less before they actually started to finger somebody.
- because my experience with use of Yahoo, Hotmail, Gmail, etc. by business folks tends to show that they use it for only the most mundane sorts of work correspondence. (Actually, the bigger problem tends to be people blabbing in public on cell phones about sensitive stuff without a care about who might be eavesdropping.)

I realize that doesn't fit the template you'd prefer, but that's just what I've seen. Of course, you are free to disgregard everything I say.
415 posted on 10/06/2008 6:15:56 PM PDT by beezdotcom
[ Post Reply | Private Reply | To 414 | View Replies]

To: Philly Nomad
And another reason to doubt a "deal":

Tennessee Man Indicted in Hacking of Palin's E-Mail Account
416 posted on 10/08/2008 8:14:01 AM PDT by beezdotcom
[ Post Reply | Private Reply | To 414 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 341-360361-380381-400401-416 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson