IT Security News and Opinion
Friday May 24th 2013
Auto Discovery Webinar

Mitt Romney’s Email Security Lapse is Astonishing

This week’s report from Gawker that Mitt Romney’s email account was hacked shows a surprising lapse of security judgement on the part of the US Presidential nominee for using Hotmail as his personal email – if this is indeed what happened.

Given that Mr Romney’s background has been in equity capital and allied financial markets – where he would have used highly secure email technology due to financial and regulatory requirements – the use of Hotmail is something of a jaw dropper.

Having said this, email accounts like Hotmail are free and easy to set up, so it may be that this was a disposable address created by one of his staffers, or even a supporter. However, if this is the case, then Internet security awareness in this day and age should have encouraged whoever set up the account to enter unique password recovery questions into the system, rather than relying on default settings

The reality, however, is that a Hotmail account is never going to be secure enough for a high profile Presidential candidate or a member of his team, and is therefore unlikely to be his sole account. Even if this email address did genuinely belong to Mr Romney, it’s unlikely that his confidential campaign plans would be found on it. For others who may be contemplating similar exploits, it’s worth noting that it will be relatively easy for law enforcement officials to trace back the password recovery access session and prosecute the perpetrator under US wiretapping laws.

Whatever the reason for this security faux pas, Mr Romney and his campaign team need to bring their understanding of email security dramatically up to speed, especially against the backdrop of the `Hackerazzi’ hack of last year, where celebrities’ free email accounts were compromised using publicly available information.

Next month is the 16th anniversary of the introduction of Hotmail and we all know that the security threat landscape has changed significantly since 1996. I would argue against the use of Hotmail and its fellow Webmail services for all but the most benign of uses – such as a back-up personal-email-only facility.

What are your thoughts on Webmail services like Hotmail? Comment below. You can also follow my company on Twitter: @liebsoft or connect with me via LinkedIn.

FacebookTwitterLinkedInDeliciousTechnorati FavoritesDiggBlogger PostGoogle ReaderShare
Post Published: 07 June 2012
Author: Philip Lieberman
Found in section: Latest IT News, Online Privacy, Security Events

Tags: , , ,

Previous Topic:
Next Topic:

Leave a Reply


7 − = three

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed
Visit the Lieberman Software Website

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security Cloud Computing Cloud Security CSO cyber-attacks cyber attack Cyber Security data breach Data Breaches Datacenter Security Data Security default password disaster recovery enterprise security Governance Risk and Compliance hacktivism Identity Management insider threat Insider Threats Internet security IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats online privacy Password Security PCI-DSS Compliance privileged account credentials privileged account management privileged accounts Privileged Identities privileged identity management regulatory compliance RSA Securing Legacy Applications Security Management SIEM smart card smartphone security stolen credit card Stuxnet