The FBI over the weekend executed a search on the apartment of a University of Tennessee student suspected in the hacking of Republican vice presidential candidate Governor Sarah Palin's Yahoo e-mail account.

While that was going on, other hackers broke into the personal site of Fox News commentator Bill O'Reilly, who had been carrying on for several days in anger over the hacks, and posted subscriber information to the WikiLeaks Web site.

A spokesperson for the Department of Justice confirmed to InternetNews.com that "Investigatory activities related to the inquiry took place in Knoxville late Saturday night or early Sunday morning." Last week, Tennessee state legislator Mike Kernell, a Democratic representative from Memphis, said his son David was a suspect in the investigation.

"I had nothing to do with it, I had no knowledge or anything," Rep. Kernell told the Associated Press. "I was not a party to anything of this nature at all. I wasn't in on this … and I wouldn't know how to do anything like that."

WBIR.com, the Web site for the NBC affiliate in Knoxville, said the younger Kernell and some friends fled the apartment when the FBI agents arrived, and the agents spent about two hours in the apartment. Several of Kernell's roommates have been subpoenaed to testify before a grand jury this week in Chatanooga, according to WBIR.

More details have emerged on how "Rubico," the person who took credit for the hack on the image board 4chan, was traced to Kernell. Normally when one posts to 4chan, they do so anonymously and there is no evidence of their identity. Rubico posted under his handle, and there was a link in his name to the e-mail address "rubico10@yahoo.com."

It took one Google search, the same way Rubico compromised Gov. Palin's account in the first place, to connect it to Kernell.

How much liability?

LATEST NEWS

Bing Brings Twitter Into the Mix
CSC Teams With Microsoft on Cloud Services
FCC Gets to Work on Mapping Out Broadband Plan
Linux Vendors Head to the Cloud in Search of Cash
China Paper Says Green Dam Only 'Matter of Time'

Rubico reset the password on Gov. Palin's account by using the forgotten password feature and answering a simple personal question, where she met her husband Todd. He got that answer through a Google search on the once-obscure Alaskan governor suddenly thrust into the global spotlight when Sen. John McCain chose her to be his vice presidential running mate last month.

So far, every security expert InternetNews.com has spoken with regarding the issue has said that personal questions make for lousy security.

"There's no question that passwords that can be researched is a technology that's about 20 years old now and needs to be eliminated," said Dmitri Alperovitch, principal research scientist at Secure Computing's TrustedSource Labs. "It's pretty shocking how easy it is to hijack an account about a public official because there is so much information about them out there."

Added Randy Abrams, director of technical education with antivirus vendor ESET Software, "Not a significant amount of thought went into the reset, but they also know their customer base doesn't want to be hassled with a lot of security, so they try to make it easy for the users, which makes it easy for the hackers as well."

The two offered a number of potential solutions that could be better than simply answering a personal question, like your mother's maiden name, such as: letting the user pick their own types of questions instead of picking from a narrow list; making you call from your home phone line to reset the password; requiring more than just one question, avoiding questions with public information; sending the answers via SMS message to a mobile phone; or two-factor authentication.

They also stressed that Yahoo Mail is a free service, so you get what you pay for, and don't expect Yahoo to break the bank on security, either. "They are providing a free service, so there is a question of how much security can you expect for something you don't pay for," said Alperovitch. "You can't expect Yahoo to spend millions for a free e-mail service."

"This is an example of the risks of cloud computing," said Abrams. "You're keeping your data on someone else's computer. You don't control it, you don't control security around it. If you keep your data on [Google's] GMail or Yahoo Mail, it's vulnerable to being hacked 24/7."

Next Page: O'Reilly stirs a response

Go to page: 1  2  Next