Hacker News new | past | comments | ask | show | jobs | submit login

Um, his win8 login password being a variation of password at some point doesn't automatically imply that his gmail password was "password".

I thought it was widely accepted that Podesta was the victim of a spearphishing attack (coupled with bad advice from IT), rather than just "hacked" via password-guessing.

A few points:

* Yes, lots of evidence says that Podesta did give his password to a hacker the spear phishing email you mention. The email dump cuts off soon after this event, the phishing bit.ly link was visited then according to the stats page, and we can see the phishing email here: https://wikileaks.org/podesta-emails/emailid/34899

* This appears to be a quote of someone speaking, I think it's pretty reasonable not to pronounce the @. All common variations on password are equally vulnerable to password guessing programs. There's a rule to use l33t speak in JTR and many other common programs.

* You can make a GMail account with the password p@ssword, something else they don't mention, choosing instead to go with a literal interpretation.

* It doesn't seem to mention that he also lost his phone in a DC cab, which is another possible source of leaks.

* They never appear consider whether or not the person who gave the emails to Wikileaks told them Podesta's password, they just say there's no evidence for them to verify, other than Gmail rejecting a password of 'password' (but not p@ssword), after which they rate that claim as false.

I don't disagree with any of those points. I simply disagree with the leap to the conclusion by several posters that because Podesta used "p@ssw0rd" in one place (based on the context, I'd guess that was presumably the initial password as set by some staffer), he definitely reused that same password for a different account.

I will also agree that the Politifact article's conclusion is hasty, and their selection of evidence is questionable at points (such as gmail account creation).

I think that's a fair assessment.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact