Palin E-Mail Hack Underlines Webmail Vulnerabilities...

The recent attack that invaded Governor Sarah Palin’s e-mail account and her privacy drew attention to public web-based e-mail systems’ inherent vulnerabilities, due to the relatively simple way in which Gov. Palin’s account was broken into.

The attacker, who goes by the handle Rubico on blogs and forums, and who is suspected of being a 20-year-old student from Tennessee, has posted on 4chan.org forums an account of how he gained access to Sarah Palin’s yahoo account using the Yahoo password recovery form and publicly available information.

Now, Gov. Palin is a public person, therefore it is easier to obtain personal information about her using sites such as Wikipedia. But even if your personal history is not a matter of general attention, public records or social networking websites, like Facebook for instance, make it relatively easy for someone to obtain enough information to give the correct answers to “security questions” asked by the password recovery systems of public websites.

Alternatives to these relatively easy to guess questions are using secondary e-mail addresses to send one’s password to, or simply lying about your details in the account details. Most web users are conditioned to tell the truth in such forms, and will do so without a second thought, possibly jeopardizing their privacy.

Even though no saucy details were unearthed by Gov. Palin’s e-mail hack, the act embarrassingly proves the point of those who criticized the vice-presidential candidate for using a public e-mail address to conduct state-business: they’re simply not secure enough right now.

The public scandal – it always seems to take one for any overdue change to happen – will most likely prompt web-mail companies to re-think the way they handle security. But until then, if you think your privacy is safe when using them, think again.