Hasta La Gadget!

While it’s true that Yahoo’s recent security breach, in which a group of hackers used an SQL injection attack to walk off with 450,000 Yahoo Contributor Network passwords, could have been prevented with better security on Yahoo’s part (the company stored the passwords in plain text), it’s also forcing us to come to a rather shocking realization. Apparently, people are still making very dumb decisions when it comes to choosing a password. We should all know by now that the strongest passwords are ones that include a combination of upper and lowercase letters, numbers, and symbols, but is seems no one told that to a number of Yahoo users.

According to CNET, 2,200 of the passwords stolen were simply just “123456″ while another 780 were – you guessed it – “password.” Okay, so maybe 2,980 miserable passwords out of a pool of 450,000 isn’t all that much, but still, there really shouldn’t be anyone using “123456″ or “password” as the most important part of their login credentials in this day and age. When it comes down to it, we’re not sure if we should laugh at the silliness of all of this or cry because of how depressing it is.

Part of the problem here is that Yahoo did not require stronger passwords for the Yahoo Contributor Network, instead accepting any password the end user wanted to roll with. CNET says that Yahoo requires stronger passwords for most of its other sites, so it why it didn’t implement the same policy on the Yahoo Contributor Network is beyond us. This just goes to show that some people prefer convenience over security (at least when it comes to picking a password), so maybe it’s time to finally implement a stronger password policy and force people to pick one that isn’t so obvious?

[via CNET]

Yahoo security breach shows terrible password decisions is written by Eric Abent & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Online account security breaches are seemingly commonplace these days — just ask LinkedIn or Sony — and now we can add Yahoo’s name to the list of hacking victims. The company’s confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren’t just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

In response, Yahoo’s saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Filed under: Internet

Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  TechCrunch, New York Times  | Email this | Comments

Early this morning it was revealed by a group of hackers, and now confirmed by Yahoo, that they’d busted past Yahoo’s security forces and posted the passwords for 400,000 user accounts online. This posting was accompanied by a note that warned Yahoo and similar sites to re-think their security measures. Meanwhile Yahoo has stated that they are investigating the matter and that, of course, they encourage everyone in their network to change their passwords immediately and frequently thereafter to retain privacy for all of their accounts.

The first note to be pushed today was made by the group of hackers responsible for the incident, this note telling Yahoo that they do not mean to cause the organization any harm, but that they wish Yahoo to take action in the form of much higher security measures in the future. This note read thusly:

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” – Anon

Not to be mistaken for the hacker collective known as “Anonymous”, this initiative simply did not sign their name anywhere in the document. According to the BBC, Yahoo has sent a message out to them to confirm the situation and their actions in short:

“We are currently investigating the claims of a compromise of Yahoo! user IDs. [We encourage users to] change their passwords on a regular basis.” – Yahoo Spokesperson

This would be a great opportunity for everyone out there reading this post to head to your many varied accounts and change your passwords from something silly like “password123″ to something a bit more challenging like “donot8pickthis9!” That way you’ll be a bit more secure and wont be dumped like the 400k users today were overnight.

Yahoo confirms 400k account hacks is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Hacking collective D33Ds Company has posted login details for more than 453,000 user accounts that it claims to have retrieved in plaintext from an unconfirmed service on Yahoo. More »

The CEO of Hulu, Jason Kilar, was no doubt flattered when he found out that Yahoo was keen on having him take over the vacated CEO spot that opened up when its previous chief was ousted as having lied on his resume. But apparently Kilar has no interest in joining that shipwreck when he’s currently the top dog at one of the most buzzworthy Internet companied today.

VentureBeat quoted a “Hulu spokesperson” as saying, “As has been reported, Jason Kilar has been a focus of the Yahoo CEO search committee. He has graciously declined to be considered.” Prior to joining Hulu, Kilar worked at Amazon for a decade. He moved up the ranks until eventually becoming to senior vice president of Worldwide Application Software. In other words, he knows his stuff.

The current CEO at Yahoo, acting as interim chief, is the company’s global media head Ross Levinsohn. The company had of course also been considering him as the new permanent CEO. And even with Kilar’s name in the running, sources were saying that Levinsohn was looking to be Yahoo’s top choice. So it looks like it will be a nice turn of events for Levinsohn.

[via VentureBeat]

Hulu CEO Jason Kilar not interested in being Yahoo CEO is written by Mark Raby & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.