Don't be the next Sarah Palin (security victim, not VP candidate)

It looks like the Sarah Palin Yahoo mailbox attack mentioned by Ryan Naraine and Chris Wysopal is real. Assuming that you are a high-value target, let's talk briefly about how you can prevent this from happening:Connect to your mailbox only from computers you trust.

It looks like the Sarah Palin Yahoo mailbox attack mentioned by Ryan Naraine and Chris Wysopal is real. Assuming that you are a high-value target, let's talk briefly about how you can prevent this from happening:

  • Connect to your mailbox only from computers you trust.
  • Use complex, difficult to guess passwords.
  • As Chris Eng pointed out, you should carefully scrutinize the password reset policy used by the webmail system.
  • Fetch your mail to your local system via IMAP and delete the messages from the server.

If you must use a webmail system and you want to be extra careful about web-based attacks, noted security expert Dino Dai Zovi suggested the following:

  • Use separate web browser applications (either Internet Explorer, Safari, Firefox, Opera, or Chrome) for your critical accounts and your general web surfing.

Stay tuned.