jr conlin's ink stained banana

Ok, let's clear the air a bit about the recent email account hackery.

First off, go read the note that talks about how her account was "hacked". i'm willing to believe that it is indeed a note from the person who did it because it's exactly what i would have done, provided i was willing to have several battalions of heavily armed federal agents drop by in the dead of night.

Because people are idiots, Yahoo! offers a way to change your password provided you give some personal information. Because people are idiots, many elements of that information usually can be found online by doing a fairly minimal search (say, by checking someone's myspace page, or blog where they're happy to divulge all sorts of bits of info about themself). This is called "social engineering" and is as old as digital security.

In fact, the best technique is to create a "fake online profile" you use consistently when you register for various sites. You may not have been born on April 5, 1967 in Schenectady, attended Patricia Hurst High or the first car you drove was a 1977 DeLorean, but there's no reason your fakey online persona you use everywhere can't. Obviously, this technique doesn't work for sites that you REALLY want to protect like bank and financial institutions, because they pull that info and turn it over to federal agencies, and they just don't cotton to your fabrications. Still for all the other craptastic sites out there demanding your personal data, go for it.

Heck, go grab a copy of TrueCrypt, install it and create a file called "FakeMe.txt" where you log all that fakey crap, just so that you've got a copy of it somewhere. Everytime you're asked for some new bit of personal info you need to make up, copy it to the FakeMe.txt file. (Obviously, don't store that online anywhere.) What about those accounts you've already set up that use your real info? Well, two choices: 1) change them where you can. 2) stop using them for anything important.

Your personal info is your other password. Treat it as such. This goes ^100 for celebrities or anyone who might one day be a celebrity (in otherwords, you).

Now, do i approve of anyone's email being read by unsolicited and unauthorized parties? Hell no. i don't care who they are or what their reported intent is. i don't care if it's some idiot who does some googling on Yahoo, or if it's the NSA. Do i care that there's no incriminating information in the opened account? Can't see how it would matter since it was obtained illegally and therefore inadmissible in any court. (Way to go dude!) Do i blame Ms. Palin or think she's stupid for the level of security she had? No. Naive, perhaps, but chances are you're probably in that category too, so you've got some sympathy for her.

Granted, i want the people running the "free" world (or whatever we happen to be in this country), to be FAR smarter than me. i don't want to drink beer at a barbeque with them because i want them on the job thinking about things like farm pricing, economic impacts of changes in the tariffs for steel imports, and proper incentives for increasing science and math skills in our schools. i would deeply prefer that they had either folks on hand to advise them against doing stuff like having a publicly crackable email account and that they would listen to said advisers after balancing the sort of threat such things present, but in the run-up to election, i'm willing to not put my head between my knees and try to control the panic of realizing she could well be the person in absolute control of our military forces and the individual responsible for selecting the heads of most of the main bureaucracies of our government just for that. No, that sort of reaction comes from other reasons that need some "fixin'".

Now if anyone needs me, i'll be over in the corner in a fetal position.