Clear security failings in Yahoo! password breach

Powered by SC Magazine
 

Leaving passwords in readable text is negligent.

The dumping of nearly half a million Yahoo! Voice clear text credentials paints a bleak picture of password security.

If the dump is legitimate -- and there's a chance the anti-security hackers posted old or cobbled together records -- it's a bad look for Yahoo!

According to some of the security folk now pouring over the records, the hackers from d33ds.co used run-of-the-mill SQL Injection to pinch the credentials from a smaller server.

That's enough to make many shrug their shoulders given injection is a mainstay of OWASP's Top 10.

But few companies could be forgiven for storing so many records in such an exposed format as clear text.

Encryption technologies are standard security fare, and by now, all passwords entrusted to an organisation worth its salt should be, well, salted.

An organisation accepts a lot of responsibility when it asks for users to signup. Not least because password reuse is common, and will remain so for a long time.

Users will also sign up using corporate email domains that may be sensitive, placing their organisations at a hightened risk.

Just look at those in the Yahoo! dump: There were 1870 *.edu domains, 93 *.gov and 81 pertaining to*.mil.

Local victims include a police prosecutor, a state treasury bureaucrat, an ambo and a decent representation of members from Australia's education system.

All are potential candy for social engineers.

Hacktivists have long demonstrated that its time for security benchmarks to be lifted. Anyone can be breached, but with decent encryption, everyone can minimise the impact.

Copyright © SC Magazine, Australia


Clear security failings in Yahoo! password breach
 
 
 
Top Stories
Inside the stalemate on Australia's piracy code
Still not registered almost five months on.
 
IT staff outline deep anger in Macquarie Uni survey
‘Morale at lowest point in a decade’.
 
Cost blowout to push NBN past $41bn budget
But government funding cap to remain.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
New Windows 10 users, are you upgrading from...




   |   View results
Windows 8
  46%
 
Windows 7
  44%
 
Windows XP
  5%
 
Another operating system
  3%
 
Windows Vista
  2%
TOTAL VOTES: 715

Vote