Dang Bro you were trying? If you need the bread that bad I will just send it to you, lol.  Interesting because I am not locked out . Let this ride for a little because we in security need to see if someone can. So far no results and its actually very easy.

LOL, greedy bastards!  Hey being a hacker is like being a wealthy Doctor. You know, a person with lost of "patients", Ha Ha! 

If I put on my "groucho glasese" http://www.fakecrap.com/products/groucho_glasses.html and go to a free wifi spot , change my mac address and set up a new email account on yahoo, see if you can find me! I have made so many death threats to Don already, lol.  Just kidding !!!!!!!

But really, you have to know the difference if you are into security.

Ok try this account:  Kvntu10@yahoo.com. I set this up with some easy possibilities for people to crack to make it more interesting.

LOL! Good job as far as social engineering goes Jimbob. I had actually thought of a figure like that but changed it at the last second because it was too obvious. Very good!   

Kris and I are are talking about how to make this equal. I am currently  trying to make this fair. I am thinking I will make it  2 levels on this. Hey I want you to crack this. If you can you will be safe as as far as who you are, I swear to god!   CRACK ME BRO!  We need to know! That's  it. 

I am serious and I will pay the amount of money I disclosed in that email! We have thousands of viewers here.  If you can hack my email with any of those tools I will gladly pay you the amount I mentioned plus 10% of all my contracts in the next 2 years.  Please believe me that's not bad money and way better than Vegas!  I even put a wimpy password on it , lol!

Awesome graphics as far as websites goes. Okay, if you can hack this simple email with one of those tools I will pay the money I disclosed in this email at knvtu1055@yahoo.com.  Lets test it.

LOL, yes you should do that.

Its true that in the past Yahoo and a number of others were subject to some interesting vulnerabilities including some simple SQL attacks, things have now changed.  I dont know why but hacking email accounts has always been the target for every newbie in hacking.  They see it as such a juicy target. Because of this, so much misinformation gets spread around to take advantage of this. Every hacker forum or IRC channel is filled with requests about teaching how to hack emails. Usually I think they just want to freak out their friends.  I am so jaded with it that if anyone comes to a forum now and asks how to hack emails I automatically have a question mark. Although it is a legitimate question because we do need to be concerned if such a thing is possible.  In a pentest hacking emails is almost never allowed in my experience, but if it is it can be a bonus.  In reality hacking email is best done with social engineering, keylogging and capturing sessions.  If you see a link on your favorite forum that sells a book about the  untold methods of hacking emails or a special program, just laugh and save your money! 

Nope. I love urban myths.

Sorry, but it cant be done with the methods you mentioned.

That’s a good site that Kris mentioned and a lot of people I know use it. Of course the only 100% proof way of protecting yourself is not installing period, but that’s not really practical for most end users.   If you have a program that you are questioning, there are 3 ways that I like to implement as far as a security check.  First, is to run it through several AVs.  Second is if I can inspect the source code and if the program is small enough you can have some success in decompiling it.  The final is to install it on your isolated lab machine that’s has common apps like office installed and monitor it from another box inside the network. Its important to monitor it from another box not just look at it from inside the box, (think outside the box, lol) because rootkits can fool the host OS but not a separate machine on the network. You should do both actually and tripwire still has value here as far as an inside the box.   Did a port open up suddenly, etc… Now even this is not 100% perfect because a program can be coded to open on a certain event or even a future date, so hopefully inspecting the code helps to reveal this.  Of course this process is cumbersome, but what the payoff is for us is when we do catch something and it’s well done. Being able to monitor and dissect it can pay off in dividends in the end.

Yes, well stated Apollo.

I have a bomb installed in my laptop and if someone turns it on and doesn't punch in the correct code within 8 seconds they are history. Screw the idea of recovering it and prosecuting.

The reality is if you lose your laptop its gone. Even if you did have a way to trace it to some IP, what do you do next?  Get a court order for the ISP to give up the info? Run to the FBI about your $600 laptop?  I am sure the local police will be just so excited to jump on this one. I am not saying you couldn't pursue it, with enough time and money I am sure you could. There better be some really important data on it to make it worth your while.

The reality is the best thing you can do is make sure you back up, encrypt, cover with insurance and a little prayer never hurts!

As far as free email accounts are concerned, If you follow good password rules along with false password reset information you will be fine in most cases. Your main concern then will be keyloggers. Never check your email from a public computer, say for instance like one in a hotel lobby Someone I know just did and there was a keylogger installed that captured his email password which in turn allowed whoever it was to transfer a large amount of money from his Etrade account.  Your second concern would be checking your email from a free wifi hotspots where you might encounter fake login pages or session captures. Session captures with tools like ferret, etc...work ok in lab situations but are tricky  to do in the real world, at least in my experience and are still rare so I am not as worried about those at this time. However I am sure in time it will improve and become more popular.  I guess if we really want to get paranoid, we can worry about sniffers being placed at the ISP , which is not a bad reason to to encrypt actually.

I am sure everyone has read this about Sarah Palin on the Errata security site:
The "hacker" saw the e-mail address "gov.sarah@yahoo.com" appear in a Washington Post story about the Governor. He tried the password recovery tool and found the question. He googled for information about the answer. After a few tries like "high school" he finally got the right one, "Wasilla high".

 If you feel inclined to use a free email service, use Gmail. For instance while Yahoo will give up your secret question to anybody who asks for it, Gmail will only give out your secret question after 5 days of inactivity on the account. Not a huge security advantage but still little things can add up to frustrate some attackers.