Send Anonymous Email | Stealth Internet Rotating Header Image

Uncategorized

Iowa Prison to Grant Email Privileges to Inmates

The inmates of Mitchellville State Women’s Prison are in for a treat. Iowa’s Department of Corrections recently launched a project that allows them to correspond with their friends and family via email. No, they will not be given Macbooks or BlackBerry devices. The new project only allows the inmates to receive email messages, not send them.

Receiving email messages

Because a set of computer work stations with highly secured software is yet to be installed in the correctional facility, the email privilege given to the inmates will only be one-way. Although they have to deal with the fact that they can only receive and not send any email messages to their friends and loved ones for now, the inmates in Mitchellville may be granted additional email privileges in the future. After all, the creative team from Advanced Technologies Group of West Des Moines is currently working on a new system that will allow the inmates to not only receive and read but compose and send emails as well.

If the new system fails to develop, the Iowa-based firm already has an alternative method in mind. According to chief executive officer Atul Gupta, the inmates may just write their messages on bar-coded papers that will be scanned before they are forwarded to their respective recipients via email.

Screening incoming messages

To ensure that each email is in compliance with the security requirements of the correctional, the prison officials will screen all incoming messages via a computer. After checking the content of the emails, the prison officials will then print a copy of each email and deliver them personally to the inmates. The Mitchellville inmates, therefore, will only read their email messages from a printout and not a computer.

Why the Palin Hack Could Happen Again and Again

How can you prevent a Palin webmail hack from happening to you? The short answer: you can’t.

 

Yahoo has no immediate plans to overhaul its e-mail security procedures after a hacker last week gained access to Sarah Palin’s private Yahoo Mail account, the company said Monday. Instead, it is reviewing security processes on an industry-wide basis.

 

Google’s Gmail and Microsoft’s Hotmail also have existing processes in place to enable password recovery. But those too can be exploited by a hacker patient enough to sniff through personal data that might already be available online.

 

Yahoo, however, is being forced to reconsider its own security practices.

 

“While federal law and our privacy policy prevent us from commenting about specific user accounts, Yahoo takes security and privacy seriously and we are continually working on improvements to our account security processes,” according to a spokeswoman. “We’re also participating in industry-wide discussions on how to better protect users.”

 

A hacker gained access to the Republican vice presidential hopeful’s gov.palin@yahoo.com account last week after successfully navigating Yahoo’s password recovery feature. That process required the hacker to enter Palin’s login name, date of birth, ZIP code, and to answer the question, “Where did you meet your spouse?”

 

Palin, who currently serves as governor of Alaska, is now widely known to be a lifetime resident of Wasilla, Alaska, so the ZIP code was easily deciphered. A quick Google search revealed her date of birth, and any of the approximately 40 million people listened to her GOP convention acceptance speech were informed that she met her husband in high school. An amateur who fiddled with the wording a bit – “Wasilla high” being the correct response – had access within minutes.

 

Yahoo is trying to strike a balance between providing a secure user experience while also ensuring a process for accessing lost account information, according to a source familiar with the situation. The company last week issued a memo to users on how to create more secure passwords, though the Palin hacker did not know her password.

 

Naturally, a typical user’s personal Webmail accounts are not going to generate as much hacker interest as Palin’s account, but security remains a concern. What is your best option?

 

When signing up for Yahoo, the company asks for standard personal information – name, gender, date of birth, country, and ZIP code – and then asks users to answer one of nine possible secret questions: where the user met his or her spouse; the first school the user attended; his or her childhood hero, favorite pastime, favorite sports team, father’s middle name, or high school mascot; the name of the user’s first car or bike; or the name of the user’s pet.

 

Once you select one of these questions, however, you cannot change it. You can also not change your date of birth. Had Palin recovered her own account, hackers could have just as easily gained re-entry given that they had the answer to her secret question. Yahoo does allow users to change their gender and/or location, so switching her ZIP code to a random city might have done the trick.

 

Microsoft’s Hotmail has a similar set-up situation, asking for personal information, and the answer to one of six secret questions: the user’s mother’s birthplace, the user’s best childhood friend, the name of the user’s first pet, the user’s favorite teacher, favorite historical person, or the occupation of the user’s grandfather.

 

Unlike Yahoo, Hotmail users can change their secret question once they set up their account. This might have helped Palin if she’d acted fast, but it also means that if the hacker had successfully accessed a Hotmail account, the hacker could have changed the secret question immediately and locked the proper owner out of the account indefinitely.

 

Microsoft also has no immediate plans to change its Hotmail security processes, according to a spokeswoman.

 

“Microsoft is always working to strengthen the security of its products and services and is committed to helping consumers have a safe, secure and positive online experience,” she said. “We know our customers’ needs are constantly evolving based on changes in the security landscape and we are always working to meet these new threats and to help protect our customers from them.”

 

Gmail might have the most secure password recovery process at this point, but it is a potentially lengthy process.

 

Gmail also requires personally identifiable information, but lets users either create their own question or answer one of four Google-selected questions: primary frequent flyer number, library card number, first phone number, or first teacher’s name.

 

If a user forgets his or her password, Google will send password reset information to the secondary e-mail address a user provided when signing up. But if the user lost the password to that account, no longer had access to it, or did not provide a second e-mail address, Google requires a waiting period of five days before resetting the password.

 

“To prevent someone from trying to break into an account you’re actively using, the security question is only used for account recovery after an account has been idle for five days,” according to Google. “The Gmail team cannot waive the five day requirement or access your password under any circumstances.”

 

The FBI and Secret Service are now investigating the Palin hack. Authorities reportedly searched the home of a 20-year-old University of Tennessee student over the weekend, but no arrests have been made. The hacker could face felony charges for violating the Computer Fraud and Abuse Act, but could also avoid prosecution thanks to a Department of Justice loophole, according to the Electronic Frontier Foundation.

 

Palin and the now erased Yahoo account have also made headlines over allegations that the governor used her personal account for state business.