October 8, 2008

The Kid Who Broke Into Palin's Yahoo Account

By now I feel everyone remotely interested in the political debate for our next President has heard about the "private e-mail account" Alaskan Gov. Sarah Palin used during her typical work hours. (NOTE: There are actually three accounts, the first two were deleted soon after the media discovered the story.) I've heard speculation that the remaining active account could have been used to conduct official state business, which would put Palin in hot water with prosecutors.

Enter today, when Tennessee media broke the story that the person responsible for the compromised Yahoo account was 20-year-old University of Tennessee student David Kernell -- son of state Rep. Mike Kernell, (D-Memphis). David gained access to Palin's e-mail by tripping the "Forgot Password?" that essentially resets it after asking for a security question. I'm assuming at this point that the question was common knowledge, like a maiden name.

You can, and should, read more in an article from the Knoxville News Sentinel.

Right here is about the moment you'd expect to find a judgement of the perpetrator's actions. After doing this it should become quite clear which political party I align myself to and essentially either enrage or enthrall you.

But, I'm not going to do that.

Instead, I'm going to say that the actions of David Kernell were unforgivable because he did break the law and should be punished accordingly. At the same time, the fact that the potential vice-leader of our great nation was duped by a 20-year-old with too much time on his hands... that to me is also unforgivable. I wouldn't say that my own mother would do any better given the situation, most people who were not born into a world of e-mail and Web sites would probably fall victim to this sort of compromised security. So instead, lets examine the situation for what it is and what it is not...

If all it takes to throw you into attack mode for your party because the perpetrator is obviously democrat and the person at the other end is a Republican, then please move on. There are plenty of other issues to argue about until your blue in the face. This should not be one of them. What happened here is an example of our security flaws coming to the root of a larger problem: How much should people know about the technology they're using?

The answer isn't a simple response but its also not very complicated. If you know how to use the tools you're working with, you can use them to the best of your power to get the job done more effectively. Conversely, someone who does not know how to use the tools given to them is doomed to do a less effective job -- such as a team of IT security staffers who do not permit certain functionality due to possible flaws caused by an ignorant user. And if such an IT staff does not exist, then security will likely be compromised.

I still know people who refuse to download ANYTHING because they think they're might be a virus attached to it. That may be an ultra safe practice when downloading things from unfamiliar sources via the internet but when you know the person sending you the file through a direct connection...there is NO chance of virus.

So really what I'm pointing out in this situation is our ignorance about technology. It's unforgivable and eventually, it's going to bite us in the ass.


No comments: