Feeds

Woman charged with stealing nude pics of baseball star

...from Playboy Bunny's email account

SANS - Survey on application security programs

A Minnesota woman has been charged with stealing racy photos of Cleveland Indians centerfielder Grady Sizemore from the email account of his Playboy bunny girlfriend.

The 15-photo set, which Sizemore shot himself with his cellphone, were posted to the internet about a year ago, although most have since been removed, following take-down demands. In some, the baseball star is clothed, while others show him au naturel, mostly as he stands in front of a bathroom mirror. One of the pics shows him holding a Playboy picture of his girlfriend Brittany Binger, who was the magazine's playmate of the month in June 2007.

The Star Tribune of Minneapolis reports that 19-year-old Leah M. Ayers has been charged with two counts of unauthorized computer access in connection with the theft. The paper cited court documents that said her laptop was used to view Binger's Facebook, Twitter, and MySpace accounts and that personal information from those sites may have bee used to change Binger's password and access her account in August 2009.

Binger complained to the Los Angeles County Sheriff's Department, which served search warrants on Yahoo to trace the email hacker's IP address to Ayer's parents, who live in the Minneapolis suburb of Apple Valley.

It's the latest episode to demonstrate the insecurity of password-reset features offered by Yahoo, and so many other online services, which allow users to reset passwords based on the answers to questions such as what high school did you attend? That folly is only compounded by clueless users who make hackers' jobs easier by posting the answers to Facebook and other social networks.

The technique was used by Sarah Palin email hacker David Kernell, who on Friday was sentenced to 366 days in custody. It was also used by several accused and convicted “sextortionists” who used password-reset features to steal racy photos of girls and woman.

Yahoo's password reset feature now defaults to sending a temporary password to a user's cell phone. That may or may not be a more secure alternative, depending on how many people get hold of a user's cellphone on a regular basis.

Ayers is summoned to appear in court on November 29. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.