Observatoire الملحظ
Derniers articles آخر ما نشر
Page d'accueil الاستقبال
KHEREDDINE 2015-2016 أين المبادئ
Signaler l'abus: plainte ou information
www.ho-net.net presentation
2011-2012تونس:مسائل راهنة
QUESTIONS URGENTES مسائل عاجلة
Profils de detresse humaine
Vie et société plus saines حياة أفضل و مجتمع أحسن
Opinions آراء
Tunisie: bien etre ou savoir faire?
Tunisie : confiants, ou credules ?
Cafeteria Culturelle منتزه ثقافي
Parole à l'image (1)
Gestion des Catastrophes التصرف في الكوارث
Offres d'assistance ou demandes d'aide
Declaration universelle: Les Textes des droits de l'homme:
Micro-mensonges et tyrannismes pour macro nuisances!
Comment promouvoir les droits de l'homme?
Changements climatiques
Rapports a propos du net et la condition humaine (dh)
Articles jadis masques depuis l'été 12
عربي
Environnement et civilisation
Guide Urgences Santé
ENGLISH
=> About this Site
=> Destruction of natural habitats of wildlife: possible health impacts
=> Scientific advances: Harmful consequences of the lack of application and vulgarisation
=> Environmental threats and neglects
=> Internet breaking news
=> How to format hard drive
=> How to add RAM memory
=> Link to beautiful endangered nature
=> Associative jokes
=> How to boot (start) faster
=> Internet history
=> Vulgarisation
=> Internet security
=> Texts: Human Rights
=> Glossary
=> Add your ad
=> Friend finder
=> Legal statement
=> Annual reports
=> General local and global issues: to what extent it is so acute the need to discuss
=> Precisions about homeless phenomenon
=> Public health warning : hepatitis
=> What is civilization ?
Vulgarisation du web
Mon internet
Annonces tous azimuts!
Impacts sociaux du web
Criminalité
Histoire de l'internet
Actualites internet et computering
Le sens des mots : Glossaire
Le tour du monde
Histoires dans la vie
Soutenez Chatt eljerid: merveilles du monde
Abonnement des mises à jour,Newsletter
Livre d'or
Contact
Search site
Qui suis je
ALMADIAFA Forum
essai
Titre de la nouvelle page
 

Internet security



      INTERNET POUR INTERNET
Home      English      Internet security

Tactic used to access VP candidate's e-mail works on the top three services

September 19, 2008 (Computerworld) Yahoo Mail isn't the only Web-based mail service that could be duped into giving up someone else's account password, the tactic that some have argued was used to break into Gov. Sarah Palin's e-mail earlier this week.

Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question, according to quick tests run by Computerworld.

Computerworld reporters and editors were able to "break" into their own and colleagues' accounts on all three services, then reset passwords armed only with the account's username and the correct response to one of a limited number of common security questions, such as mother's maiden name, the name of a favorite pet or the make of a first car.

Some of the personal information that would provide answers to the security questions may be easily found by searching social networking sites or the Internet, the approach a hacker labeled as "rubico" claimed to have used to dig up the responses necessary to access Palin's account.

Hackers who know the username of an account -- which is often identical to the part of the e-mail address that precedes the "@" symbol -- and correctly type the distorted "CAPTCHA" characters are faced with only a security question before being allowed to change the account password. (CAPTCHA, or "Completely Automated Public Turing Test to Tell Computers and Humans Apart," is the name for the security tool that uses distorted, scrambled characters to stymie automated bots.)

None of the services required that the new password be sent to an alternate e-mail address -- although that was an option for all three -- and instead offered an all-online process.

Adam O'Donnell, director of emerging technologies at message security vendor Cloudmark Inc., said that automated password-reset is the rule in Web-based mail, whether the service is free, like Yahoo, Hotmail and Gmail, or offered as part of the monthly fee by one's Internet service provider.

"ISPs have razor-thin margins, and one call to the help desk to reset a password would wipe out the month's profit on that user," said O'Donnell in an interview yesterday.

At the time, although other security experts were skeptical of the hacker's claim to have accessed Palin's account through a password-reset, O'Donnell had said it sounded "very plausible."

According to rubico, who some have speculated is the 20-year-old son of a Tennessee state legislator, the online research needed to reset Palin's password took just 45 minutes.


 

Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack


 
 
 
 
 
 


 

Aujourd'hui sont déjà 12 visiteurs (78 hits) Ici!
Ce site web a été créé gratuitement avec Ma-page.fr. Tu veux aussi ton propre site web ?
S'inscrire gratuitement