Another ‘hacker’ or two in the news

Last week we heard reports of someone ‘hacking’ in to Alaska Gov. Sarah Palin’s email.  This week we hear it’s some college kid in Tennessee.  This kid uses a single tunnel proxy to mask his identity.  The best part is that the guy who runs the proxy says that this particular kid’s IP address doesn’t match up with the system.  I’m thinking it’s all another GOP trick myself, but what do I know.  Anyway, so this kid uses the most simple of simple tricks to gain access.  It wasn’t a hack, it wasn’t even social engineering.  All he did was answer one question in the ‘Lost Password Request.’  You know the form, you select the question you want to answer, and you write an answer to it.  Usually it is something like ‘What was your high school mascot?’, or ‘What was the first car you owned?’, or ‘What city were you born in?’, or ‘What is the best website design company in the Philadelphia area?’.  It’s a question you basically can’t forget the answer to.

Well, with the prevalence of facts out there on the internet, how long do you think it would take for someone to find out this stuff? Me for example, if I wanted to use the high school mascot, it’d take a simple search of classmates.com to find out where I went to school, and then you’d have a 50/50 chance to guess at the mascot, since I went to two high schools.  Of course I wouldn’t pick that as my secret question, I’d choose something a little more difficult like my first car, that would at least take a little bit more searching.  Then again, I’m also not part of the presidential team, and I’m also not conducting government business on an insecure email system.  Good gravy, talk about national security threats.

So then Papa Bear goes and spouts off about bad evil ‘hackers’ and one of those same go in and retrieve his website users/members list, including passwords.  The world just doesn’t know what’s out there.  Trusting that their information is safe, that everyone is taking the steps to secure systems they use and work on.  They can be safe as anything, and if you’re a target, it’s going to eventually come down, unless you’ve got people sitting there just waiting for such an event.  Most companies just hire out some little website company to design up a mediocre site and install some software for members or for shopping, and are paid, and that’s the end of it.  At DDA, we build custom website applications.  That means that when you ask for something to be built, it’s built to your specifications.  The programmers here test and retest the systems we build, and are always looking for ways to improve.  If something causes an error within the programming, you can be sure we will take the time to properly identify and fix it.