New and noteworthy in messaging security for 10/2/08
Widgets & RSS FeedsHuge System for Web Surveillance Discovered in China: The New York Times’ John Markoff writes about a recent report by an activist human rights group, Citizen Lab, that details large scale surveillance of text messages sent by customers of Skype/Ebay’s Chinese joint venture TOM-Skype. Citizen Lab members were able to access the logged messages as the servers hosting them were improperly secured.
Palin E-Mail Hacker Says It Was Easy | Threat Level from Wired.com: Kim Zetter from Wired’s Threat Level blog collected details about how a student in Tennessee was able was able to change Vice Presidential candidate Sarah Palin’s email password and then access her account and thus gain access to her messages.
The Problem with Every Implementation of a “Forgot Your Password?” Feature I’ve Seen Online: Dare Obasanjo has a brief overview of the weaknesses many online service providers with regard to password resets. The student who accessed Sarah Palin’s email used Yahoo’s password reset mechanism to to change the password and then log in.
