Other Webmail Services Share Password Reset Flaw

Yahoo Mail isn’t the only Web-based mail service that could be duped into giving up someone else’s account password, the tactic that some have argued was used to break into Governor Sarah Palin’s e-mail earlier this week. Google’s Gmail, Microsoft’s Windows Live Hotmail and Yahoo’s Mail all rely on automated password reset mechanisms that can be abused by knowing a username associated with an account and an Computerworld reporters and editors were able to break into their own and colleagues’ accounts on all three services, then reset passwords armed only with the account’s username and the correct response to one of a limited number of common security questions, such as mother’s maiden name, the name of a favorite pet or the make of a first car