Yahoo, Hotmail, Gmail all vulnerable to password-reset hack
How can you prevent a Palin webmail hack from happening to you? The short answer: you can’t.
Yahoo has no immediate plans to overhaul its e-mail security procedures after a hacker last week gained access to Sarah Palin’s private Yahoo Mail account, the company said Monday. Instead, it is reviewing security processes on an industry-wide basis.
Yahoo Mail isn’t the only Web-based mail service that could be duped into giving up someone else’s account password, the tactic that some have argued was used to break into Gov. Sarah Palin’s e-mail earlier this week.
Google Inc.’s Gmail, Microsoft Corp.’s Windows Live Hotmail and Yahoo Inc.’s Mail all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question, according to quick tests run by Computerworld.
Computerworld reporters and editors were able to “break” into their own and colleagues’ accounts on all three services, then reset passwords armed only with the account’s username and the correct response to one of a limited number of common security questions, such as mother’s maiden name, the name of a favorite pet or the make of a first car.
Some of the personal information that would provide answers to the security questions may be easily found by searching social networking sites or the Internet, the approach a hacker labeled as “rubico” claimed to have used to dig up the responses necessary to access Palin’s account.
Hackers who know the username of an account — which is often identical to the part of the e-mail address that precedes the “@” symbol — and correctly type the distorted “CAPTCHA” characters are faced with only a security question before being allowed to change the account password. (CAPTCHA, or “Completely Automated Public Turing Test to Tell Computers and Humans Apart,” is the name for the security tool that uses distorted, scrambled characters to stymie automated bots.)
None of the services required that the new password be sent to an alternate e-mail address — although that was an option for all three — and instead offered an all-online process.
on September 22nd, 2008 at 10:14 pm
i want to hack friends yahoo id
on March 20th, 2009 at 3:37 am
i have forgot my password.and after trying a lot i could not find it, as i have changed it more than 2 times earlier.please suggest me how to recover my password, bcoz that id contains very important files of mine.
on March 23rd, 2009 at 7:33 am
i have forgot my password.and after trying a lot i could not find it, as i have changed it more than 2 times earlier.please suggest me how to recover my password, bcoz that id contains very important files of mine.
plz reply me as soon as possible
on March 23rd, 2009 at 11:43 am
i have forgot my password.and after trying a lot i could not find it, as i have changed it more than 2 times earlier.please suggest me how to recover my password, bcoz that id contains very important files of mine.
plz reply me as soon as possible
on April 13th, 2009 at 8:35 am
yep, totally, it’s so easy to get into someone else’s account by only using their personal information. sometimes people are careless, and put their personal info in many accounts like facebook, myspace, etc. and they choose like the easiest secret question that is so easy to break because they already put it in their facebook account! duh…
on April 14th, 2009 at 9:30 am
The problem with a basic trick like this is whereas it might seem completely obvious and almost inanely so, it gives script kiddies and malicious little brats the world over a way to wreak havoc on each other and innocent people just for the sake of doing so. All one has to do is view the only 3 comments to the post to see the demographic of people who would benefit from using this. What a shame…
on April 27th, 2009 at 1:14 am
It sounds like you’re creating problems yourself by trying to solve this issue instead of looking at why their is a problem in the first place.
on June 10th, 2009 at 10:29 pm
Gmail can’t be hacked. That’s b.s. My computer guy said it isn’t possible. [email protected]
on July 5th, 2009 at 1:42 pm
Ur computer guy is a fucktard obv.
on August 12th, 2009 at 12:55 am
I want hach yahoo ID & yahoo mail please help me.
on August 23rd, 2009 at 2:56 pm
These attractive, interesting posts make me know more about first aids for heart attack, thanks a lot!
on September 18th, 2009 at 7:17 am
Gmail can’t be hacked. That’s b.s. My computer guy said it isn’t possible. [email protected]
on October 17th, 2009 at 1:58 pm
You are an idiot if you post your email and dare other people to try hacking it. Just saying. And my gmail account has been hacked by a friend.
on June 12th, 2010 at 11:28 pm
this is B.S.
on December 9th, 2010 at 1:57 pm
Hi! I think most of the hacking being done is not the actual hacking but infact Social Engineering or Phishing. People fall prey and end up loosing their username/passwords. This can not be termed as hacking. The only way is to educate people to be able to guard themselves against Social Engineering but when people are still using IE6, its a bit difficult to get this going.
on August 10th, 2011 at 2:35 pm
“When I initially heard of John’s gargantuan woodworking lyrics, I wondered if it was all too authentic to be true… Fortunately, my sophistication with John Metz’s Woodworking4People’s home was altogether the opposite. It is ENORMOUS; admirably laid out; cordially spelt; and contains innumerable photos and diagrams.”