Trend Micro TrendSetter October 2008

A hacker used one of the oldest tricks in the book to breach Sarah Palin's personal Yahoo! account—taking advantage of the password reset feature. If it could happen to a vice presidential candidate, could it happen to you? Absolutely.

The password reset allows you to change your password if you've lost or forgotten it by first answering a question that only you are supposed to know the answer to. But if you pick an identifying question that other people might be able to answer, your password is vulnerable to a reset. The person who requested the reset then has full access to your account—and that's what happened to Sarah Palin. According to news reports, a hacker correctly selected "Where did you meet your future spouse?" from Yahoo's list of identifying questions, and then tested a few permutations of "Wasilla High School" before arriving at "Wasilla high."

You basically have two options to protect yourself from intruders resetting your password. Option one is to select a question with an answer that hackers won't be able to figure out by researching you online, and making sure you don't have too much information about yourself on publicly available sources. It doesn't take too much effort these days for people to locate common identifying data like ZIP code, high school, or your mother's maiden name.

Your second option is to simply give the wrong answer to the identifying question you select. Just because the question is, "What was your high school mascot?" doesn't mean the answer can't be "X40g79."


Trend Micro Consumer Newsletter \| Security Tips, Tricks, and Updates		October 2008
	How Sarah Palin's Email Got Hacked A hacker used one of the oldest tricks in the book to breach Sarah Palin's personal Yahoo! account—taking advantage of the password reset feature. If it could happen to a vice presidential candidate, could it happen to you? Absolutely. The password reset allows you to change your password if you've lost or forgotten it by first answering a question that only you are supposed to know the answer to. But if you pick an identifying question that other people might be able to answer, your password is vulnerable to a reset. The person who requested the reset then has full access to your account—and that's what happened to Sarah Palin. According to news reports, a hacker correctly selected "Where did you meet your future spouse?" from Yahoo's list of identifying questions, and then tested a few permutations of "Wasilla High School" before arriving at "Wasilla high." You basically have two options to protect yourself from intruders resetting your password. Option one is to select a question with an answer that hackers won't be able to figure out by researching you online, and making sure you don't have too much information about yourself on publicly available sources. It doesn't take too much effort these days for people to locate common identifying data like ZIP code, high school, or your mother's maiden name. Your second option is to simply give the wrong answer to the identifying question you select. Just because the question is, "What was your high school mascot?" doesn't mean the answer can't be "X40g79." < Back to main page
		HIPAA privacy regulations get some teeth: Be prepared. McAfee: Brad Pitt fan sites may be bad for your computer 'Password Recovery' Services May Be Hackers for Hire Mythbusters Gagged: Credit Card Companies Kill Episode Exposing RFID Security Flaws Taiwan cracks major hacking ring, data on president stolen

		HouseCall scans your computer for viruses, spyware, and more. TrendProtect rates a web page and helps you avoid any with unwanted content and hidden threats. Trend Micro™ HijackThis™ is a FREE cleanup utility that helps you find and fix unwanted computer settings. Transaction Guard is a FREE software that protects you against spyware while performing sensitive online tasks on a public computer, like Internet banking or other financial transactions.
		www.trendmicro.com
© 2008 by Trend Micro Incorporated. All rights reserved.