Thursday, September 18, 2008

Hack to the Future

Someone hacked into Sarah Palin's Yahoo mail account. It may not have been the smartest thing in the world for anyone to conduct state business on an outside, public mail service but it's still a reprehensible deed to rummage around in someone else's mailbox.

Apparently, the hacker got in because Governor Palin's account had "security questions" that were very easy for a stranger to guess with a little research. This does not surprise me.

Back in the days before we were all happily Internetting, some of us communicated via things called Computer Bulletin Boards, linked in via lethargic dial-up phone modem connections. At the time, it all seemed so futuristic and amazing that flying cars were the inevitable next step. Now, when I write about BBSystems, as we called them, it feels like I'm telling young whippersnappers about how I used to have to handcrank the family automobile machine to get it started.

I operated a couple of Computer Bulletin Boards and the software was very unsophisticated. Most of it made all private correspondence visible to the guy in my position, the System Operator. I had to actively try not to read everyone's mail and caution people that it was not impossible I'd get a glimpse of that which they wished no third party to see. When a new member signed up for the board, I had to approve his admission...and the computer screen on which I did this showed me the password he'd selected to use on my system. That might seem like no big deal but most people used the same password on every computer system. Some of them were even using their ATM Personal Identification Numbers or some other code to which I should not have had access.

As far as I know, this is no longer the case with the message boards and private groups we join on the Internet. But back then, the potential for mischief and larceny was immense.

It was also pretty simple to guess someone's password. We had a lot of comic book writers on my first BBS and about a third of them selected as their password, the name of a character with which they were associated. My pal Steve Gerber, creator of Howard the Duck, used HOWARD as his password until he learned better. Penn Gillette of Penn 'n' Teller fame (or at least, someone claiming to be Penn) signed in with a password that I could have guessed if given five tries.

But the big, easy one was DRAGON. Of the first hundred professional writers who signed onto my first BBS, around a dozen used DRAGON as their password. I don't know how you figure the odds on that or why that word came to so many minds. Only one of them was involved with the Dungeons & Dragons cartoon series.

Once, a member phoned me up and said, "I've lost my password. Can you look it up and see what it is?" I asked, without looking anything up, "Might it have been DRAGON?" They said, "Yeah, that's it. Thanks." Later, on a Bulletin Board for folks who operated Bulletin Boards, someone compiled a list of obvious, overused passwords. DRAGON was number one, followed closely by SWORDFISH, DROWSSAP, the person's own name backwards and various cusswords. One person who operated a Muppet fan site announced that if he didn't stop them, 90% of his users would have KERMIT, FOZZIE, GONZO or some other popular Muppet name as their password.

When people hear today that an account or website has been "hacked," they imagine that some person with vast technical expertise has exploited a wormhole in the system and found some terribly complicated but effective method to get in. That does happen but an awful lot of "hacking" simply occurs because someone used an obvious password...or used it in too many places.

So protect your passwords and don't use anything that's even remotely associated with you. (For that matter, don't use a real name or word. Make up something that isn't in the dictionary and insert a couple of numbers into it.) And if your password anywhere is DRAGON, for God's sake, change it. This means you, Sarah.

• Posted at 1:18 PM · LINK

Thursday Morning

In a speech today, John McCain said he would fire Christopher Cox, the chairman of the Securities and Exchange Commission. Cox, he said, had kept in place a series of "trading rules that let speculators and hedge funds turn our markets into a casino."

A more honest way of putting it would have been: "Cox kept in place all the idiot deregulation laws and policies recommended or written by my chief economic advisor, Phil Gramm."

• Posted at 10:41 AM · LINK

Today's Video Link

This is a thirteen minute segment from yesterday's episode of Hardball with Chris Matthews. If you're waiting for members of the press to "grow a pair," you might enjoy seeing one of those all-too-rare occasions when Matthews acts like a newsman. It usually only happens when an interviewee uses a historical reference without knowing what it means and/or evades the question of whether he stands by what he's said or done. The tap dancer in this case is Rep. Eric Cantor, a Republican from Virginia who commits the latter sin. He doesn't want to respond as to whether or not he still supports a man named George W. Bush.

A general rule of thumb in politics: When someone says, "This is no time for finger-pointing," it's because they know and don't like where that finger will point.

• Posted at 12:04 AM · LINK

Recommended Reading

According to Nicholas D. Kristof, the C.E.O. of Lehman Brothers (you know, the financial institution that just tanked) earned a nice piece of change. Between 1993 and 2007, it was around half a billion dollars.

This brings us back to that approximate quote I put up from Akio Morita, co-founder of Sony. He said — this is not verbatim but close — "The thing that will eventually doom much of American business is that your executives pay no price for failure. You can become CEO of a corporation, do everything wrong, drive your company into the ground and then retire and buy several mansions with the money they will pay you for doing this."

It's one of those situations that will probably never change. It's like the wartime scams depicted in Catch 22: Everyone knew it was crooked but nobody stopped it because anyone in a position to stop it was making money off it.

• Posted at 12:02 AM · LINK