Clear security failings in Yahoo! password breach

Powered by SC Magazine
 

Leaving passwords in readable text is negligent.

The dumping of nearly half a million Yahoo! Voice clear text credentials paints a bleak picture of password security.

If the dump is legitimate -- and there's a chance the anti-security hackers posted old or cobbled together records -- it's a bad look for Yahoo!

According to some of the security folk now pouring over the records, the hackers from d33ds.co used run-of-the-mill SQL Injection to pinch the credentials from a smaller server.

That's enough to make many shrug their shoulders given injection is a mainstay of OWASP's Top 10.

But few companies could be forgiven for storing so many records in such an exposed format as clear text.

Encryption technologies are standard security fare, and by now, all passwords entrusted to an organisation worth its salt should be, well, salted.

An organisation accepts a lot of responsibility when it asks for users to signup. Not least because password reuse is common, and will remain so for a long time.

Users will also sign up using corporate email domains that may be sensitive, placing their organisations at a hightened risk.

Just look at those in the Yahoo! dump: There were 1870 *.edu domains, 93 *.gov and 81 pertaining to*.mil.

Local victims include a police prosecutor, a state treasury bureaucrat, an ambo and a decent representation of members from Australia's education system.

All are potential candy for social engineers.

Hacktivists have long demonstrated that its time for security benchmarks to be lifted. Anyone can be breached, but with decent encryption, everyone can minimise the impact.

Copyright © SC Magazine, Australia


Clear security failings in Yahoo! password breach
 
 
 
Top Stories
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
Sydney Trains chief thinks beyond Opal
Plots app to help you find a seat on the train.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  13%
 
Denial of service attacks
  8%
 
Insider threats
  12%
TOTAL VOTES: 396

Vote