Palin's email and expert mistakes

VP candidate's status made her a target for hackers, says Mark Gibbs

When a friend from the Czech Republic brought me a bag of dried wild mushrooms he had collected in the woods around his hometown I was excited. I added them to an Alfredo sauce (minus the peas) and served it with linguine — fantastic. The flavour of the mushrooms was insane!

It is rare you get mushrooms with that amount of flavour. I suppose I could go looking for them in the woods around here except for one thing: I'm not stupid. I know nothing about picking wild mushrooms and as making a mistake could result in the last gastronomic experience me and my dining companions would have, it's something I'll happily leave to the experts. Of course, sometimes experts make mistakes.

Consider Yahoo. The company offers a free email service and so one might reasonably expect them to be expert in email. But what does expert mean in this case?

Well, it means it designed a solid email service for average users. For average users the chance of being singled out by bad guys and having your account compromised is very low. Not so for the famous.

Consider the plight of vice presidential candidate Sarah Palin. She had a Yahoo account for her private use and a miscreant, for reasons that appear to concern political activism, managed to get access.

You'll notice that I didn't refer to this account breach as "hacking" for the simple reason that there was no skill involved. All it took to gain entry was to use Yahoo's forgotten password feature and guess the answer to the challenge question, "Where did you meet your husband?"

Figuring out the correct answer wasn't hard seeing Palin's life story is easily found on the internet. Palin, foolishly as it turned out, gave honest answers to all of the challenge questions.

Allow me to digress for a moment and note the insane response with which some of the press and analysts has greeted this event. For example, PC Magazine wrote a piece titled "Why the Palin hack could happen again and again", which implies there was something special about the breach and that it matters in some crucial way. Please! There's nothing special about this event and I think we can pretty much guarantee that exactly the same thing has already happened many times before without anyone caring.

Let's be clear: Given her high profile, Palin was naïve to ever consider using a consumer email service. You'd think that anyone who wanted to ensure their privacy would be more circumspect about which service to use and how to use them, but there you go. She didn't know better because email is not an area she's expert in.

You might think that Yahoo could have thought the challenge question method through and realised there was a potential problem with users providing honest answers that therefore could be guessed or found, but let's be clear, the company is giving away a free service without warranty.

Perhaps Yahoo should advise giving nonsensical answers to the challenge questions (Q: Where did you meet your spouse? A: Green) but it didn't and it isn't in any way at fault for not doing so. So, the bottom line is that it's not Palin's fault any more than it is Yahoo's. It's just one of those things.

Now we come to the reaction of some of the IT world. Network World ran a poll and asked whether "hacking" Palin's email was wrong. A shocking 36% of respondents agreed it was justified given the circumstances.

I find that incredible! How can IT professionals show such an incredible lack of ethics to give a thumbs up to what is a criminal act? You're supposed to understand the issues and be experts! Please tell me your response was just a mistake and that you don't collect mushrooms.

Join the newsletter!

Error: Please check your email address.

Tags emailSecurity IDpalin

Show Comments
[]