Wired has a description (warning: language) up about how the guy hacked into Palin’s email account at Yahoo. I am not sure that hack is the right word since this was more of an exercise in social engineering and search engines. What bothers me most about this article is how it describes the “hacker.” Some poor kid in his dorm room at college has enough foresight to get behind a proxy (even if it is just one). Not only that, but his own description of his activities demonstrates forethought.

The hacker said that he read all of the e-mails in the Palin account and found “nothing incriminating, nothing that would derail her campaign as I had hoped. All I saw was personal stuff, some clerical stuff from when she was governor…. And pictures of her family.”

His story is of someone who was more worried that he would get caught than worried that he was doing something wrong. This is someone who is morally stunted and needs crash remedial training before he ends up in jail for a crime that may actually hurt someone. He will probably end up with some jail time for this, or at least some community service, because the only thing he really did was to violate someone’s privacy. I am assuming that he didn’t make copies of the data or post that data on the Internet and that someone subsequent did that. His second stupid move was posting the password on a forum which instead of making him seem more anonymous is just going to increase the charges against him and the interest of the authorities to catch him.

He tried to derail her campaign. That’s should be wrong no matter what your political viewpoint is.

Here to ask why has a post about this with some good tips. I have another few -

• Use a different password for every website. Here’s how I do it: I use Roboform to generate and save passwords. Most passwords are 12 characters or more and randomly generated. There are relatively few passwords that I need while away from my computer, so it isn’t a problem. For those I use something with slightly lower number of random characters and numbers, but it is still complex.
• Change your birth date and other personal information slightly when registering on sites. Most sites that ask for your birthday just want to know that you are over 13 or 18 or whatnot. This means you will have to remember your fake birthday just in case you need to reset your password. Here’s a tip: Use the birthday of someone you know.
• Randomize security questions and answers. I back up my passwords in many different places, all encrypted, so I’m not going to lose them. When a website allows me to randomize questions and answers I use my random character generator within Roboform to generate the answers and then save them in a notecard. The name of your first pet can be a4lzioE0lPJY, and the name of your high school was 58PiZgotJD1A.
• Watch your account for strange activity. Google has a newish feature that shows where login activity has or is occurring and allows you to sign out sessions if you accidentally left your GMail account active on another computer, for example. I use Fastmail which has had the loging feature for a long time. Most banks and places where privacy is important will also display your last logged in time and IP. If they don’t, ask them to start.
• Change your password if you have the slightest doubt that something is going wrong. With Roboform this is easy, and I can sync up my USB Roboform2Go and backups quickly enough.