General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsLessons learned from the Podesta email hack
Lessons learned from the Podesta email hack
ROCCO MAGLIO 12/30/2016
Rocco Maglio, Certified Information Systems Security Professional, CISSP, has over 20 years in the field of software engineering.
The hacking of Clinton Campaign Chairman John Podestas email provided a lesson for us all. It was an amazingly simple phishing email that caused his password to be revealed. An email was sent to Podestas gmail account saying someone had used his password to login to his account from the Ukraine and he should change his password. It included a link to change the password.
The link to change the password used a url shortening service bit.ly. This by itself is not a complete giveaway. The url shortening takes a long url and reduces it to a much shorter url in this case it was (Removed so no one clicks on it.) . When the shortened url is clicked on it redirects to the longer url.
IT Technician Charles Delavan told The New York Times that the hack was partially his fault. He used the word legitimate instead of illegitimate in referring to the the emails by mistake and mentioned that it was probably a good idea in any case to change the password. He included a link to change the email since he did not trust the link in the email.
The staff member clicked the link in the phishing email not the one added by Delavan when they went to change the password thus providing the phisherman with the the password to Podestas emails. He also instructed that they should enable two-factor authentication. If this had been done, the password would not let the phisherman in...
Read more:
https://hernandosun.com/podesta_email_20161230
frazzled
(18,402 posts)Add the hot broth slowly and in small quantities to the pot when making risotto.
It was a shocker, which may have impacted the election in ways we'll never be able to substantiate.
Blue Shoes
(220 posts)I'm glad the media spent so much attention on this issue, so people can enjoy proper rice dishes.
AngryAmish
(25,704 posts)Rissoto does not need to be constantly stirred. They sure as.hell don't in restaurants.
Initech
(100,079 posts)And no we shouldn't move forward until all involved are arrested and incarcerated.
marylandblue
(12,344 posts)If the technician hadn't typed "legitimate" instead of "illegitimate," could it have changed the outcome of the election?
Truth321
(93 posts)LisaL
(44,973 posts)He claims he meant to write an illegitimate instead of legitimate (these two words have an opposite meaning, so how careless can one be if that actually is the case?). Yet he also told Podesta to change password (and his actual instructions don't say change password "just in case."
kudzu22
(1,273 posts)when he discovers what "inflammable" means.
libtodeath
(2,888 posts)A typo then a different link sent but some other person clicked the wrong one?