Palin's E-Mail Account Hacked, Published on Web Site

phoebeclark

Bad stuff seem to be going to Palin's way more.

"In the latest of a series of invasions into Sarah Palin’s personal life, hackers have broken into the Republican vice presidential candidate’s private e-mail account, and a widely read Web site has published screen grabs from it.
An article Wednesday in Gawker.com posts family photos and snapshots of e-mail exchanges the Alaska governor had with colleagues. Gawker says the-email account has since been shut down, but it will leave the images up on its site for all to see.
“Here are the screenshots of the emails saved before the account went dark, along with the contact list. It’s newsworthy and we will not be taking it down!” the site declares.
Rick Davis, campaign manager for John McCain, released a statement calling the publication a “shocking invasion of the governor’s privacy and a violation of law.”
“The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment,” Davis said.
The Secret Service contacted The Associated Press on Wednesday and asked for copies of the leaked e-mails, which circulated widely on the Internet. The AP did not comply.
The Gawker article boasts about the lengths to which the reporter went to verify the account, saying he or she even called a phone number listed for Palin’s teenage daughter, Bristol, which apparently went to her voicemail. The site also listed dozens of contact e-mails from the account.
Both WIRED and Gawker reported that members claiming to be with a group known as Anonymous took credit for hacking into Palin’s account. Screen grabs were published on other Web sites and then deleted, Gawker reported.
They reportedly came from a Yahoo e-mail account Palin uses — one separate from another private account that was publicized in The Washington Post last week.
One person whose e-mail to Palin apparently was among those disclosed, Amy B. McCorkell, declined to discuss her correspondence. “I do not know anything about it,” McCorkell said. “I’m not giving you any comment.” Wired.com said McCorkell later confirmed that she did send the e-mail to Palin.
Another of the e-mails apparently revealed Wednesday was an exchange in July with Alaska Lt. Gov. Sean Parnell discussing a talk show host who had been critical of Parnell. Parnell declined to discuss the matter.
Gawker complained that Palin has since “deleted” the account, and suggested she was trying to “destroy evidence.”
It wasn’t immediately clear how hackers broke into Palin’s Yahoo! account, but it would have been possible to trick the service into revealing her password knowing personal details about Palin that include her birthdate and ZIP code. A hacker also might have sent a forged e-mail to her account tricking her into revealing her own password.
Palin has faced scrutiny for using her private account to do government business. The Washington Post reported last week that a local Republican activist is trying to get Palin to release more than 1,100 e-mails she withheld from a public records request. The appeal reportedly questions why Palin and her aides shift between public and private e-mail accounts.
A spokeswoman in the governor’s office in Alaska declined to comment Wednesday, referring questions from FOXNews.com to the McCain-Palin campaign.
“Primarily we’re referring people to the campaign because honestly people wouldn’t be asking these questions if she wasn’t a candidate for [vice president],” spokeswoman Kate Morgan said.
The Palin family was subjected to intense scrutiny after she was selected as John McCain’s running mate on Aug. 29. Reporters descended on her home town of Wasilla, Alaska, as the media focused on her unwed teenage daughter’s pregnancy."

Black Swan

From Wired.com article:

Palin has come under fire for using private e-mail accounts to conduct state business. Critics allege that she uses the account to get around public records laws, as the Bush administration has also been charged with doing.


Now why would Sarah Palin want to get around "public records laws" if what she does is ethical as Governor?

Hobbes

Blue_Lagoon wrote: »

Now why would Sarah Palin want to get around "public records laws" if what she does is ethical as Governor?

That's one of those questions where you know the answer?

Actually what is disturbing about this is that any mails sent though yahoo are not secure. If they used the internal mail system the mails would not leave the intranet (unless they also messed that up as well).

is_that_so

This stuff just goes from bad to worse. If she was a Democrat then much of this digging in the dirt would not be happening at all and they'd be carping at conservative sites for digging. It would be much more honest if some of these people just said "I hate Sarah Palin and I'm gonna do my damnedest to see she never gets near the White House".

Sherifu

is_that_so wrote: »

This stuff just goes from bad to worse. If she was a Democrat then much of this digging in the dirt would not be happening at all adn they'd be carping at conservative sites for digging. It would be much more honest if some of these people just said "I hate Sarah Palin and I'm gonna do my damnedest to see she never gets near the White House".

Republicans wouldn't dig up dirt?

is_that_so

Sherifu wrote: »

Republicans wouldn't dig up dirt?

I think I covered that. Not a fan of it from either side and much of it serves no public purpose.

Black Swan

Hobbes wrote: »

Actually what is disturbing about this is that any mails sent though yahoo are not secure. If they used the internal mail system the mails would not leave the intranet (unless they also messed that up as well).

Does this suggest that Governor Sarah Palin is not very tech savvy, or even worse, that she is ignorant of the vulnerabilities of the web as pertains to technology and national security?

seamus

is_that_so wrote: »

This stuff just goes from bad to worse. If she was a Democrat then much of this digging in the dirt would not be happening at all and they'd be carping at conservative sites for digging. It would be much more honest if some of these people just said "I hate Sarah Palin and I'm gonna do my damnedest to see she never gets near the White House".

The republicans have been involved in this kind of stuff for years. It's a pity the democrat's supporters have to stoop to this, but if seeing as the bar had been set so low already...

Blue_Lagoon wrote: »

Does this suggest that Governor Sarah Palin is not very tech savvy, or even worse, that she is ignorant of the vulnerabilities of the web as pertains to technology and national security?

Unless she's going for a position which requires tech-savviness, I wouldn't really hold it against her. For many (if not most) people, the internet is something of a black box, which just "works". Even when the issues are pointed out, many people don't have the knowledge to realise or visualise the potential vulnerabilities of their online activities.

BenjAii

Blue_Lagoon wrote: »

Does this suggest that Governor Sarah Palin is not very tech savvy, or even worse, that she is ignorant of the vulnerabilities of the web as pertains to technology and national security?

Oh no she's an expert; apparently you can see the Internet from Alaska.

Black Swan

seamus wrote: »

Unless she's going for a position which requires tech-savviness, I wouldn't really hold it against her. For many (if not most) people, the internet is something of a black box, which just "works". Even when the issues are pointed out, many people don't have the knowledge to realise or visualise the potential vulnerabilities of their online activities.

All due respect, but this is very disturbing indeed! I'm just an online web user, without the level of technological sophistication that you may have. But as a mere uni student in drama and film, most, if not all my friends and I are aware of how insecure Internet emails are in terms of their vulnerability to run-of-the-mill hackers. We would never put important financial, tax, or other confidential information over Yahoo or hotmail!

I would expect that the governor of one of the 50 states would be well versed in the basics of Internet security, especially as it pertains to confidential transmissions of State of Alaska business, way above us common student users. Furthermore, Sarah Palin is not running for just any office, but the second highest office in the United States of America. For some reason I would expect her to be a lot smarter than to do something like this!

seamus

Blue_Lagoon wrote: »

All due respect, but this is very disturbing indeed! I'm just an online web user, without the level of technological sophistication that you may have. But as a mere uni student in drama and film, most, if not all my friends and I are aware of how insecure Internet emails are in terms of their vulnerability to run-of-the-mill hackers. We would never put important financial, tax, or other confidential information over Yahoo or hotmail!

I would expect that the governor of one of the 50 states would be well versed in the basics of Internet security, especially as it pertains to confidential transmissions of State of Alaska business, way above us common student users. Furthermore, Sarah Palin is not running for just any office, but the second highest office in the United States of America. For some reason I would expect her to be a lot smarter than to do something like this!

My tolerance is probably a function of having to deal with business people for the last five years and see how much of a clue they haven't got and can't seem to grasp.

For the most part, anyone under 30 has grown up with technology. I don't remember a time when home computers haven't existed in one form or another. There's a pretty significant experience gap between those who had an Atari 2600 when they were growing up, and those who still think of the future when they hear the word "microchip".

Without actually finding out whether Palin had been briefed on such security matters, you can't really say it's incredible that she wouldn't know about security. The concept doesn't even enter may people's heads. I'd say it would be more worrying if she had never been briefed on security matters as opposed to just being ignorant of them.

Black Swan

seamus wrote: »

I'd say it would be more worrying if she had never been briefed on security matters as opposed to just being ignorant of them.

An interesting question indeed!

alastair

Hmm - alleged hacker:

David Kernell
son of Democratic state 93rd district senator Mike Kernell (Tennessee)

sink

On a side note Gmail allows you to encrypt your inbox. Find more details in this thread.

http://www.boards.ie/vbulletin/showthread.php?t=2055363357&highlight=gmail

Black Swan

From MSN Slate...
Hacking Sarah Palin
By Farhad Manjoo
Posted Wednesday, Sept. 17, 2008, at 7:31 PM ET

"The Yahoo breach does raise a few questions about Palin's e-mail habits. Why was she using Yahoo?"

"Critics say she was taking a page from Karl Rove, who cooked up the idea of using an off-site e-mail address to confound investigations of his activities in the Bush administration. (In 2007, the White House admitted that Rove and other officials used Republican National Committee addresses for some of their correspondence; as a result, the White House said it couldn't track down a trove of e-mail messages requested by congressional investigators looking into those fishy U.S. attorney firings.)"

"Palin's e-mail policies do show a certain Rovian or perhaps Cheney-esque partiality for secrecy. The New York Times reported Sunday that shortly after she took office, Palin's aides discussed the benefits of using private e-mail accounts, with one assistant noting that messages sent to Palin's BlackBerry "would be confidential and not subject to subpoena."

"Wednesday's hacking episode proves that it's rather boneheaded to put state business on Yahoo. True, all e-mail addresses are vulnerable to hacking. But Yahoo is a big target—lots of people spend a lot of time trying to crack Yahoo accounts."

Hobbes

It appears that Obamas mail got hacked too.

Black Swan

Hobbes wrote: »

It appears that Obamas mail got hacked too.

Methinks that Hobbes has a sense of humour!:D

Ludo

Hobbes wrote: »

It appears that Obamas mail got hacked too.

:D

Pocono Joe

Funny how we can completely ignore such trival things like "STOLEN", and son of Tennessee State Rep. Mike Kernell (Democrat). Oh, the hypocrisy of it all!

alastair

Pocono Joe wrote: »

Funny how we can completely ignore such trival things like "STOLEN", and son of Tennessee State Rep. Mike Kernell (Democrat). Oh, the hypocrisy of it all!

If by ignore, you mean highlight, then yes - very funny.

Hobbes

Pocono Joe wrote: »

Funny how we can completely ignore such trival things like "STOLEN", and son of Tennessee State Rep. Mike Kernell (Democrat). Oh, the hypocrisy of it all!

No ones ignoring that. I am sure he will get his free trip to gitmo to find out about the terrorist group known as anonymous. Of course it is alleged at this time, but then innocent until proven guilty is so 1999.

Still doesn't distract from the fact she used a yahoo account to conduct government business.

Black Swan

Hobbes wrote: »

Still doesn't distract from the fact she used a yahoo account to conduct government business.

Well, no one in the Palin camp wants to address this, because it's embarrassing indeed.

Obama hoax: Now Hobbes, you would not put that hoax screen capture up just so the McCain-Palin true believers would get all excited as if it was real and not a fake? I just love the one called "Obamanable Snowman!":D;)

Jack Sheehan

I wish the title of the article was:
Palin hit by Big Truck of Internet.
or:
Palin falls down series of tubes.

GuanYin

can we have a source for the "suspected" hacker infor?

Jack Sheehan, those comments aren't very helpful to debate. Consider yoruself warned.

Jack Sheehan

GuanYin wrote: »

can we have a source for the "suspected" hacker infor?

Jack Sheehan, those comments aren't very helpful to debate. Consider yoruself warned.

Apologies.

Back on topic, The hackers were from 4Chan, that anonymous group. It was first posted on www.wikileaks.org but was later removed (I think). It was also removed from 4Chan.

Black Swan

GuanYin wrote: »

can we have a source for the "suspected" hacker infor?

On 2 April 2008 Michael Horowitz reporting for CNET News claimed that the Obama hack was an April Fools spoof. See link

Overheal

Aside from the partisanship which is wearing thin, why is Anonymous going after Palin? Isnt Scientology their M.O.?

She's not exactly the SecDef but using yahoo? come on. You'd think the Federal Gov't would insist on its own internal mail system. It wouldn't exactly cost thousands of dollars to implement or anything.

Black Swan

Overheal wrote: »

She's not exactly the SecDef but using yahoo? come on. You'd think the Federal Gov't would insist on its own internal mail system. It wouldn't exactly cost thousands of dollars to implement or anything.

Well, the Feds do have their own Intranet that is secure against most hackers, and it is available for use by Gov Sarah Palin if she wishes to use it. So why did she not use it?

She may want to maintain separation between Fed and State, and as Governor and chief executive of a state, this may have been her choice? Many state governments have their own secure Intranets, as do many corporations, and these are by far more secure than the very public Yahoo.

So this keeps us coming back to the same question over and over again, which critics of Palin have jumped upon with reasons that do not put her in the best light in terms of her intelligence, or being something less than web security conscious. The only defense I have heard from her Republican campaign advocates is that her privacy was violated, which may be true, but does not explain why she would not use a more secure method of transmitting state government emails over very public Yahoo.

So to restate some of the major questions in this thread:

• Why did Governor Sarah Palin use the very public and insecure Yahoo to transmit Alaska state government communications?
  
• Why has candidate Palin (or the Republican Party) failed to explain why Alaska state government emails were transmitted by Palin as Governor over relatively insecure Yahoo?
  
• What does this say about her as a candidate for the second highest office in a nation that is said to be computer and technologically more advanced than most of the 200 or so nations of the world?

Please answer these questions objectively, without political slur, or spin, because they are important to those not already committed to voting either Democrat or Republican.

Victor

seamus wrote: »

Without actually finding out whether Palin had been briefed on such security matters, you can't really say it's incredible that she wouldn't know about security. The concept doesn't even enter may people's heads. I'd say it would be more worrying if she had never been briefed on security matters as opposed to just being ignorant of them.

Deer Sarah,

wot r ur nukular codes?

W.

Jack Sheehan

Overheal wrote: »

Aside from the partisanship which is wearing thin, why is Anonymous going after Palin? Isnt Scientology their M.O.?

She's not exactly the SecDef but using yahoo? come on. You'd think the Federal Gov't would insist on its own internal mail system. It wouldn't exactly cost thousands of dollars to implement or anything.

Well being blunt, for the ****s and giggles? These aren't exactly al queda here, they're a bunch of bored blokes who happen to be very good at hacking things. Sarah Palin was just a random target.

Overheal

that brings up the other issue of computer literacy, which really equates to security literacy. I only hope they are given primers on computer security. When el pres doesnt know what a firewall is, that puts a wrinkle in my brow.

Manic Moran

It wouldn't exactly cost thousands of dollars to implement or anything.

As a user of the Federal Government's email system (actually, two of them, one DHS and the other Dept Army), I don't blame anyone for using public systems like Yahoo, GMail and so on. The words 'user friendly' do not come to mind. There's a well-known need to balance security with functionality. The Feds have gone too far one way.

NTM

Ludo

Manic Moran wrote: »

As a user of the Federal Government's email system (actually, two of them, one DHS and the other Dept Army), I don't blame anyone for using public systems like Yahoo, GMail and so on. The words 'user friendly' do not come to mind. There's a well-known need to balance security with functionality. The Feds have gone too far one way.

NTM

And I assume if you used GMail for government business you would be fired immediately....at least I would hope so.

Black Swan

Manic Moran wrote: »

As a user of the Federal Government's email system (actually, two of them, one DHS and the other Dept Army), I don't blame anyone for using public systems like Yahoo, GMail and so on. The words 'user friendly' do not come to mind. There's a well-known need to balance security with functionality. The Feds have gone too far one way.

Surely you jest? Do you really expect governors to transact official state government business over insecure Yahoo? You don't even have to be at the level of a script kiddy to crack Yahoo. There are free programmes on the web for cracking Yahoo. All you have to do is Google to find them.

Furthermore, Sarah Palin did not have to use the Fed Intranet or sacrifice security for user-friendly convenience. Why not do like most states and use a state Intranet? You can customize it to your needs without leaving yourself wide open to script kiddy crackers on Yahoo.

Surely Manic Moran you are not suggesting that all the 50 States transact a lot of official online government communications using Yahoo, just because it's more user-friendly? Do you?

leninbenjamin

Manic Moran wrote: »

The Feds have gone too far one way.

with more than good reason.

Manic Moran

Blue_Lagoon wrote: »

Surely Manic Moran you are not suggesting that all the 50 States transact a lot of official online government communications using Yahoo, just because it's more user-friendly? Do you?

I'm not suggesting that they should, I'm suggesting that many do.

I work IT in a DHS field office. I see first-hand as both a user and a tech what the security requirements put down from higher do. If it makes life too difficult, people are going to simply say 'to hell with them' and move onto something easier. For the most basic example, the DHS system I'm on requires that one changes one's password every 45 days, it must combine upper, lower case, numbers and a 'special character', and be ten characters long. It also cannot share more than two letters in sequence together with any of the ten previous passwords. And so on. You've got to admit, the passwords are secure and all but unhackable. Result? I walk around the office, look under keyboards or behind monitor filters, and there are lots of little post-its with passwords written on them. Similarly, I have better luck reaching my squadron commander using his Yahoo account and not his US Army account.

Basically, the most secure system in the world is also going to be the most unproductive.

NTM

Hobbes

Manic Moran wrote: »

I work IT in a DHS field office. I see first-hand as both a user and a tech what the security requirements put down from higher do. If it makes life too difficult, people are going to simply say 'to hell with them' and move onto something easier.

I don't know about the DHS, but if I was to conduct customer/employee confidential information via gmail or yahoo mail I would be fired. Even if I thought it was easier. We can't even post mails not in English into an online translator.

Result? I walk around the office, look under keyboards or behind monitor filters, and there are lots of little post-its with passwords written on them.

Again in work. If anyone was discovered do this they get fired after the third time.

Heck if I even leave a blank CD on my desk it is the same as leaving passwords out. The auditors don't check the CD contents, they just treat it as potentially having confidential data on it and report you up.

Just because someone breaks IT guidelines isn't an excuse to let them off. You reprimand then fire them if they continue.

Basically, the most secure system in the world is also going to be the most unproductive.

Not true at all.

sink

Manic Moran wrote: »

I work IT in a DHS field office. I see first-hand as both a user and a tech what the security requirements put down from higher do. If it makes life too difficult, people are going to simply say 'to hell with them' and move onto something easier. For the most basic example, the DHS system I'm on requires that one changes one's password every 45 days, it must combine upper, lower case, numbers and a 'special character', and be ten characters long. It also cannot share more than two letters in sequence together with any of the ten previous passwords. And so on. You've got to admit, the passwords are secure and all but unhackable. Result? I walk around the office, look under keyboards or behind monitor filters, and there are lots of little post-its with passwords written on them. Similarly, I have better luck reaching my squadron commander using his Yahoo account and not his US Army account.

Where I used to work we had to do similar. I just saved the password on my mobile and no one would ever find out.

norbert64

Bill is gonna be pi**ed.
http://blog.wired.com/27bstroke6/2008/09/bill-oreilly-ha.html

Overheal

norbert64 wrote: »

Bill is gonna be pi**ed.
http://blog.wired.com/27bstroke6/2008/09/bill-oreilly-ha.html

I'd rather have him shot but this will do.

norbert64

lol, this may well come to pass yet.
http://boards.ie/vbulletin/showpost.php?p=57302807&postcount=1

Manic Moran

Hobbes wrote: »

INot true at all.

But it is. The industry magazines routinely have articles discussing the competing requirements and the two schools of thought. The problem with high IT security policies is that they are created in what is effectively a dream world where everyone remembers their password, nobody ever needs to change the time on their computer clock, and people always have access to a department computer on the physical department network. In theory, the most secure system will work at all times. But there's an old IT saw about never underestimating the stupidity of users. As a result, different organisations have created different compromises. If it all worked as you say, then all organisations would have exactly the same level of security, but they don't. DHS won't even let one use a cordless mouse, citing security concerns. (I had more than a few loud complaints when that dictat came out. At least not too many people had purchased Bluetooth headsets).

NTM

GuanYin

Manic Moran wrote: »

I'm not suggesting that they should, I'm suggesting that many do.

I work IT in a DHS field office. I see first-hand as both a user and a tech what the security requirements put down from higher do. If it makes life too difficult, people are going to simply say 'to hell with them' and move onto something easier. For the most basic example, the DHS system I'm on requires that one changes one's password every 45 days, it must combine upper, lower case, numbers and a 'special character', and be ten characters long. It also cannot share more than two letters in sequence together with any of the ten previous passwords. And so on. You've got to admit, the passwords are secure and all but unhackable. Result? I walk around the office, look under keyboards or behind monitor filters, and there are lots of little post-its with passwords written on them. Similarly, I have better luck reaching my squadron commander using his Yahoo account and not his US Army account.

Basically, the most secure system in the world is also going to be the most unproductive.

NTM

Excuse me? I work for the state and record patient information on an hourly basis. I have almost exactly the same password stringency as you do. I cope fine as does everyone else subject to MIPSA and HIPAA (every health professional in the US).

If I were to start passing medical information around on my gmail account, I would have my medical licence revoked, that would be without my account being hacked and were my account hacked I would probably face federal prosecution along with however many personal suits.

I'm about as tech saavy as a brick and if *I* can manage, anyone can.

There is absolutely NO excuse for not using secure e-mail when the job requires it, no matter how inconvenient you may think it is.

Manic Moran

The password thing was just one example from my organisation of a problem with is endemic throughout the IT industry and is a topic of great debate. Just google "security vs ease of use" and see how many hits you get. One of the hits on page 1 puts it rather well.

If something is not easy to use, then people will work out ways around it, thus obviating the security. Consider that the most secure computer is one that is disconnected from a network, turned off, and physically isolated from anybody and anything. Not very easy to use it though. The easiest computer to use is one with no passwords, no accounts, and anybody can do anything they like to it - not very secure. The goal of security is to find some place in the middle, such that the users don't have to work around your security in order to be able to actually use the damn thing.

This article from the Wall Street Journal caused a small furore in the IT world.
http://online.wsj.com/public/article_print/SB118539543272477927.html Entitled "Ten things your IT Department won't tell you"

And often it's just easier to accomplish certain tasks using consumer technology than using the sometimes clunky office technology our company gives us -- compare Gmail with a corporate email account.

There's only one problem with what we're doing: Our employers sometimes don't like it. Partly, they want us to work while we're at work. And partly, they're afraid that what we're doing compromises the company's computer network -- putting the company at risk in a host of ways. So they've asked their information-technology departments to block us from bringing our home to work.

End of story? Not so fast. To find out whether it's possible to get around the IT departments, we asked Web experts for some advice. Specifically, we asked them to find the top 10 secrets our IT departments don't want us to know

Now, that list is small fry, but it's further evidence that the problem exists.

Currently the National Guard is going bats*&t over HSPD-12. A simple directive, requiring amongst other things that government agencies to use ID cards with chips in them, to be used for anything from logging onto computer networks to signing officer evaluation reports or requisitions. It's a good directive, when it is operational. Soon to be used for pay purposes as well, so everyone had better have a card that works, and every unit had better have a reader that works. There's a problem, however.

The Powers in the DA have started their implementation. All is working just peachy in the Pentagon. It's working well enough at any Army, Air Force or Coast Guard base I've had call to go to (I've had no need to go Navy). The problem is that they just haven't considered the unique issues posed by the half-million part-timers that form the Guard. We have to do a lot of our work at home, on our own PCs. Many people are hours away from the nearest military base to even get their CACards configured. Nobody has as yet told me how my troops are going to get paid, which is no small issue.

Whilst not entirely on point (I do have another story which is, and it resulted in my receiving a General Officer's Letter of Reprimand for going around the IT rules, and a top-rate on my annual evaluation for completing my mission in time as a result), it does pose one example of how just because something in IT seems to work and be a good idea for some people, it is not the case for all.

In any case, none of the above negates my initial contention that many people do work around IT security regardless of how much they shouldn't, and the trick with IT (and software designers) is to create a secure system which is usable enough that there is a near homogenous compliance rate.

NTM

GuanYin

The trick is to ensure that the people who have the important jobs are smart enough to know that yahoo isn't a safe place to store your information.

Palin obviously isn't that smart. That is worrying.

Black Swan

GuanYin wrote: »

The trick is to ensure that the people who have the important jobs are smart enough to know that yahoo isn't a safe place to store your information.

Palin obviously isn't that smart. That is worrying.

Indeed! Did Governor Sarah Palin really believe that her two Yahoo account addresses were secure to conduct State of Alaska official business, much less personal, when she used her title and name in both Yahoo addresses?

gov.palin@yahoo.com
gov.sarah@yahoo.com

These were the two cracked addresses (now removed) that led to all this questioning of her competence. Furthermore, her family related passwords for these accounts were simple to crack based upon public knowledge of her on Google.

Hobbes

Manic Moran wrote: »

But it is. The industry magazines routinely have articles discussing the competing requirements and the two schools of thought.

Maybe so, but I work in a company that has strict IT policies regarding passwords and how we conduct our business/IP law and we get work done fine.

It has never stopped me or my teams I have been on from conducting our work. I do know some of the more stricter rules has come because of issues that you cite where people thought it was no big deal.

We aren't talking about rocket science here. You put an IT guidelines in place. Those that are potentially security risks you reprimand or fire people for breaking them. Stupidity or laziness is not an excuse.

Manic Moran

Those that are potentially security risks you reprimand or fire people for breaking them

I'm telling you, you can't make that sort of generalisation. Case in point:

In 2007, the Federal Government suffered a couple of embarassing cases of data loss in short sequence. One was a Dept. Vet Affairs laptop, the other was an external hard drive from someone else. Millions of items of personal data. As a result, our department clamped down hard on any sort of unencrypted external storage. They even issued out, free of charge, encrypted USB flash drives. Great. Everyone in the offices had a wonderful, secure, working system.

The problem was that all the security equipment at the airports (The X-ray machines, bomb detectors, that sort of thing), being non-windows-running stand-alone machines were interfaced with by either Iomega zip drives, or unencrypted USB Flash drives. By IT security policy, and data loss is indeed a serious issue to be concerned about, such devices could no longer be used. Strict adherence to the policy would doubtless hugely reduce the chances of data loss.

Obviously, people notify up their chains that a problem exists. As they hem and haw about it (over no short period of time), imagine you're the chap in charge of running security at JFK. You have your own problems to deal with, and IT security is directly impinging you your ability to deal with them. You can either adhere to the IT security policies, or you can carry out your own security mandate of finding bombs. As far as I know, every single airport in the country implemented the same decision.

Now, this is a slightly different issue from choosing to conduct much of your business over Yahoo (And certainly about having a family-based password), but is presented as an argument in slightly greater extrmis that the security/functionality problem is one which IT departments routinely try to balance, else the IT rules will be broken. A good IT team will try to integrate the user base into the implementation plan. Simply issueing a dictat saying "Do this, don't do this, or else" without understanding the end user's perspective will result in a lack of understanding from the users, and higher non-compliance rates.

NTM

Otacon

Manic Moran wrote: »

I'm telling you, you can't make that sort of generalisation. Case in point:

In 2007, the Federal Government suffered a couple of embarassing cases of data loss in short sequence. One was a Dept. Vet Affairs laptop, the other was an external hard drive from someone else. Millions of items of personal data. As a result, our department clamped down hard on any sort of unencrypted external storage. They even issued out, free of charge, encrypted USB flash drives. Great. Everyone in the offices had a wonderful, secure, working system.

The problem was that all the security equipment at the airports (The X-ray machines, bomb detectors, that sort of thing), being non-windows-running stand-alone machines were interfaced with by either Iomega zip drives, or unencrypted USB Flash drives. By IT security policy, and data loss is indeed a serious issue to be concerned about, such devices could no longer be used. Strict adherence to the policy would doubtless hugely reduce the chances of data loss.

Obviously, people notify up their chains that a problem exists. As they hem and haw about it (over no short period of time), imagine you're the chap in charge of running security at JFK. You have your own problems to deal with, and IT security is directly impinging you your ability to deal with them. You can either adhere to the IT security policies, or you can carry out your own security mandate of finding bombs. As far as I know, every single airport in the country implemented the same decision.

Now, this is a slightly different issue from choosing to conduct much of your business over Yahoo, but is presented as an argument in slightly greater extrmis that the security/functionality problem is one which IT departments routinely try to balance, else the IT rules will be broken. A good IT team will try to integrate the user base into the implementation plan. Simply issueing a dictat saying "Do this, don't do this, or else" without understanding the end user's perspective will result in a lack of understanding from the users, and higher non-compliance rates.

NTM

Palin used a personal e-mail account to conduct government business. Why is this not the end of the discussion?

Hobbes

Otacon wrote: »

Palin used a personal e-mail account to conduct government business. Why is this not the end of the discussion?

exactly. It doesn't matter how many examples of stupidity that are given in not obeying security, if they break security guidelines they should be reprimanded or fired.

Bottle_of_Smoke

Pity none of this will matter to the near absoloute majority of republican voters