but you can't fix stupid. As long as stupid people click links in emails and enter their logon information, attacks are inevitable.

Often, sadly, you can't teach stupid people anything either.

Seriously, it was absolutely stupid that he used an email link to change his password. It is not tough to independently find the correct link if you have any reason to think there was a genuine reason to change your password.

However, in the wake of ALL of the Podesta emails put out to harm HRC, you would think that anyone not clued in before would have seen that as a very graphic example of how bad not thinking and clicking could be.

However, I bet this is not real, but a sting by someone to show the risk in that legislature. If this were a real hack I doubt you would be given a page in Russian to alert you that you just screwed up!

The problem is that many people don't think much at all. Phishing is one of the most common ways for people to access systems. It takes only a short time to create a fake login page or change of password page that looks just like a corporate or government one. Then, you host it and send an email with a link to it.

While most people know about phishing and won't bite, there is still a small percentage of people who will see your well-worded email warning them to check something or change their password and click your link. Most of those won't even look to see where the link goes. And that applies to even high-level people in organizations. In fact, they're often the most vulnerable, because they have little actual knowledge of how to use computers.

How do you know those people's email addresses so you can go phishing? Well, they're on the contact page of company and government agency websites and elsewhere. If you can get a login from someone who has administrator level access, you're in and can do tremendous damage.

Brute force hacking or breaking logon information is rarely needed. If you try hard enough with a phishing scheme, you'll probably find someone who will give up their login name and password freely.

jebus people. access the site from your own bookmark, or through the google if you must. dont use their links.

not like anyone here doesnt get that, but there are a lot of people out there who have a tenuous grasp on technology, but use it anyway.

While clicking on links is one way to get in trouble, there are many ways to attack where you do not need to take any obvious action. Simply reading an apparently normal email is all that it takes. Or on some systems, previewing the email.

I have posted about this a lot over the years here. Some are in my old DU journal.

I don't know about that state's system but any government computer I have ever had to use required a password update/change every 60 days (or something like that because I have to do it at least twice every season) but it NEVER shows up in an email message, it comes up as a little poo-up that takes me to the login and password change page in a secure system.

But those are federal computers and not in a state system.

Just one possibility, of course...but the Russians can't be happy about his very open opposition to their hacking.

all the repuke's computers are zombies, will they think twice about Russian hacking? Nah, probably not. Could easily have been a 400 pound dude in his mom's basement in New Jersey (who just happened to have a Russian IP address and spoke perfect Russian).

National Security Advisor.

THe neat thing is that there is no longer any vetting of anyone. No ethics, no security, nothing.

Does anybody else remember how Cheney got named as dumb-ass's VP? He was in charge of vetting everyone else - when they "failed", he named himself.

Only problem I see is that tRump will be jealous of the kid's heft - The Rump can barely crack a 300# on the scales.

Trump is too dumb to b charged with treason when this is all over, but a bunch of his pals and manipulators will not deserve to get off so lightly.

hacking DNC emails. All that other hacking was just to prove they could do it.