Options
Unidentified Yahoo service database compromised
chaser7783
Member Posts: 154
in Off-Topic
Sad big companies still store this kind of info in plaintext.
Link: Hackers expose 453,000 credentials allegedly taken from Yahoo service | Ars Technica
Link: Hackers expose 453,000 credentials allegedly taken from Yahoo service | Ars Technica
Comments
-
Options
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
What year is this? 2001?
When your Dr. says that a high salt diet is unhealthy he does not mean for your passwords and that's not the kind of injection that cures diseases either... Unsalted passwords and unparameterized SQL...
COME ON DEVELOPERS! WTH? -
Optionschaser7783
Member Posts: 154
What bothers me so far is the action they have taken after the fact:"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
Security through obscurity at it's best.[FONT=Arial, sans-serif]
[/FONT] -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
The article actually did not mention anything done by Yahoo as an attempt to correct the issue. That was a comment from the Hackers as to why they did not release more details. It is about as upstanding as you can get in their world.
-
Options
mattlee09
Member Posts: 205
I wonder how many potential CEO applicants just reconsidered (as if the decision wasn't hard enough before). RUN FOR THE HILLS! -
Options
demonfurbie
Member Posts: 1,819
wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
Options
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
Wow, plaintext - Simply amazing. I wonder how much of that information also doubles as peoples Facebook login credentials. SMH. -
Options
chrisone
Member Posts: 2,278 ■■■■■■■■■□
good mine isnt in there lol
i changed it anyway as soon as i read what happened.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
Options
madisonmiller
Banned Posts: 7 ■□□□□□□□□□
"The hacking technique preys on poorly secured Web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information." -
Options
Sett
Member Posts: 187
This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.Non-native English speaker -
Options
Devilry
Member Posts: 668
It always startles me how these huge companies can be so behind the times. I do understand and know why, it's because it takes SO much bureaucratic nonsense just to get an RFC done. Bet the guy who had that request in his possession and ignores it for... a decade? feels stupid now. Not to mention techs who are overwhelmed with loads of work and cannot even think about improvements. -
Options
SteveLord
Member Posts: 1,717
This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.
Over 350 used a variant of the infamous "password" or "iloveyou"WGU B.S.IT - 9/1/2015 >>> ??? -
Options
Roguetadhg
Member Posts: 2,489 ■■■■■■■■□□
There's not a doubt in my mind that a lot of these passwords are linked to other areas.
There's a few people with good ideas for passwords though.In order to succeed, your desire for success should be greater than your fear of failure.
TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams -
Optionspetedude
Member Posts: 1,510
I wonder how much of that information also doubles as peoples Facebook login credentials.
What hackers are undoubtedly hoping for. Good thing I don't use Yahoo anything much anymore.Even if you're on the right track, you'll get run over if you just sit there.
--Will Rogers -
OptionsRobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
My Yahoo account was not in there...
My favorite password so far is mypassword or maybe happyday. -
Options
rsutton
Member Posts: 1,029 ■■■■■□□□□□
I almost feel sorry for Yahoo's new(ish) CEO, this will not help the doubts that consumers are having... -
Optionschaser7783
Member Posts: 154
Looks like Nvidia was hit also, but at least they hashed passwords:
NVIDIA -
Optionshumdingy02
Member Posts: 35 ■■□□□□□□□□
Interesting thread. It's good to see that I'm not the only one who searched for himself, then browsed some of the password choices. Lots of easy ones, lots of complex ones - looks none of them were secure in the end though.WGU - BS, IT Security (starting Feb 1st, 2012)
Remaining: LUT1,QBT1,DFV1,BOV1,HHT1,QLT1,RIT1,IWC1,IWT1,DJV1,KET1,TPV1,MGC1,CVV1,CJV1,KFT1,CNV1,SBT1,RGT1
Completed: WFV1,CLC1,INT1,CUV1,CQV1,BNC1,GAC1
Transferred: AGC1,BBC1,LAE1,AXV1,CPV1,INC1,CSV1,COV1,CTV1,DHV1,BVC1 -
OptionsJinverar
Member Posts: 95 ■■■□□□□□□□
It;s definatly more user names and passwords than just yahoo. I see Gmail, Hotmail, and Shaw.ca. I have to add the following to the top 10.
oolala - Try doing a search for that password and see what you find.Jinverar, TSS -
Optionschaser7783
Member Posts: 154
Update on the Yahoo compromise:
https://www.computerworld.com/s/article/9229136/Yahoo_fixes_password_pilfering_bug_explains_who_s_at_risk
