From our fellow spam-haters at NMRC:
From: Simple Nomad (thegnome[at]nmrc.org) To: Gregg Branham (greggb@nFrontSecurity.com) Date: Fri, 19 Sep 2008 08:45:53 -0500 Subject: Re: Palin's email read by hacker using her 'popcorn' password Parts/Attachments: 1 Shown ~77 lines Text 2 196 bytes Application, "This is a digitally signed message part" ---------------------------------------- Seriously? You are sending me this? Nice spam, asshole. I run a hacker site, for all you know I was the one that hacked Sarah Palin's email. You are an ambulance-chasing bastard. I was cracking passwords before there was a world wide web, so your email to me is hilarious. Do your research before you spam people. I *will* pass on your email to a large number of professional friends with the advice to avoid your company and its spamming-like tactics. Rot in hell, SN On Fri, 2008-09-19 at 01:29 -0400, Gregg Branham wrote: : Hello Simple , : : We are not in the habit of sending emails outside of product upgrades and releases. : However, we know that many of you need to make a case to your CIO for a better : password policy and for the adoption of our password filtering product. Here is your chance. : : At 8 PM this evening the Associated Press released details about how the email of US Republican vice presidential candidate Sandra Palin was compromised. : : ----------------------------------------------------- : Sandra Palin's email accessed by hacker using her password : ----------------------------------------------------- : Yes. That is correct. Even more interesting is how the hacker got her password. : No fancy rainbow tables or password crackers. No dumpster diving. Using Yahoo's : badly designed password system the hacker simply used some of Palin's personal : information (zip code, birthday and high school) to get Yahoo to GIVE AWAY the : password. That is so nice of them. They did not even bother resetting it to : something new. So then both Palin and the hacker could enjoy reading her emails! : Even if Yahoo did not have such a poorly designed self-service password retrieval : system, Palin was using the password of "popcorn" for her Yahoo account. With our : nFront Password Filter product we distribute a 27,000 word dictionary of common : (i.e. dumb) passwords. You will notice "popcorn" is included! : : You can read the full story of the email hack here on MSNBC: : http://www.msnbc.msn.com/id/26781334/ : ----------------------------------------------------- : Mistakes of the Yahoo password system : ----------------------------------------------------- : - The system should reset forgotten passwords to something new and not simply retrieve the : existing password. This is not rocket science but rather passwords 101. : - The system should not allow password retrieval with such simple questions: a zip code, : a birthday and a high school. How hard would it be for you to get that : information for any of your co-workers or your manager? : ----------------------------------------------------- : What is nFront Password Filter? : ----------------------------------------------------- : nFront Password Filter (NPF) prevents the use of weak and easily hacked passwords : for Windows Active Directory users. NPF allows you to implement and enforce : multiple, granular password policies for different groups of AD users. NPF : contains many robust and innovative password policy rules to make your network : more secure. : : Learn more: : - www.nfrontsecurity.com/products/nfront-password-filter/ : : : ----------------------------------------------------------------- : If you feel that you have received this email in error, : please click the link below to be removed from our list. : http://nFrontSecurity.com/usub.php?userID=thegnome@NMRC.ORG&emailUID=31049115 : ----------------------------------------------------------------- : Altus Network Solutions, Inc. : DBA nFront Security : 4920 Atlanta Highway : Suite 313 : Alpharetta, GA 30004-2921 : USA : 404-348-4678