Hacker News new | past | comments | ask | show | jobs | submit login

PolitiFact: "completely unbiased" goalpost mover. His password was an iteration of 'password' - e.g. no real difference.



Um, his win8 login password being a variation of password at some point doesn't automatically imply that his gmail password was "password".

I thought it was widely accepted that Podesta was the victim of a spearphishing attack (coupled with bad advice from IT), rather than just "hacked" via password-guessing.


A few points:

* Yes, lots of evidence says that Podesta did give his password to a hacker the spear phishing email you mention. The email dump cuts off soon after this event, the phishing bit.ly link was visited then according to the stats page, and we can see the phishing email here: https://wikileaks.org/podesta-emails/emailid/34899

* This appears to be a quote of someone speaking, I think it's pretty reasonable not to pronounce the @. All common variations on password are equally vulnerable to password guessing programs. There's a rule to use l33t speak in JTR and many other common programs.

* You can make a GMail account with the password p@ssword, something else they don't mention, choosing instead to go with a literal interpretation.

* It doesn't seem to mention that he also lost his phone in a DC cab, which is another possible source of leaks.

* They never appear consider whether or not the person who gave the emails to Wikileaks told them Podesta's password, they just say there's no evidence for them to verify, other than Gmail rejecting a password of 'password' (but not p@ssword), after which they rate that claim as false.


I don't disagree with any of those points. I simply disagree with the leap to the conclusion by several posters that because Podesta used "p@ssw0rd" in one place (based on the context, I'd guess that was presumably the initial password as set by some staffer), he definitely reused that same password for a different account.

I will also agree that the Politifact article's conclusion is hasty, and their selection of evidence is questionable at points (such as gmail account creation).


I think that's a fair assessment.


> His password was an iteration of 'password'

What the email indicated was that someone temporarily set a Windows 8 password to a variant of password.

What the email did not indicate that his gmail account itself used a variant of password as the password. It is disingenuous to conflate the two and claim his email password was password as Assange did in numerous interviews.


His Gmail password was probably runner4567, at least his icloud password was and he emailed it. Also not changed when that email leaked.

Just stop with the nonsense that his email password was "p@ssword", as the truth is just as stupid.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: