Security master: 'Nobody has confidence in Yahoo as of now'
Yippee does not ensure genuine security, does not keep a programmer from achieving the information of 1 billion clients.
Experts have attacked Yahoo's weak security after revealing it was hacked in 2013, just months after it was revealed in 2014.
The hack has seen the potential theft of login details, personal details and any confidential or sensitive information contained in the email. Yahoo offers as well as other services.
"Yahoo is a bit drunk," said Bruce Schneier, a security analyst and one of the world's most respected security experts. They do not care about privacy and are now very clear. I will have trouble trusting Yahoo in the future. "
Yahoo does not just stop the violation, it also does not detect the violation when it occurs in 2013, only recognizes the intrusion and theft of data after being notified by a third party. That makes the user unknowingly infringed for at least three years, easily identifiable theft among many other potential criminal uses of their personal data and passwords.
John Madelin, CEO of RelianceACSN and former vice president of Verizon Data Protection Investigation Report, said: "We think the previous violations of 500 million user accounts were huge, But 1 billion is a monument. "
"All data stolen, including email, passwords, and security questions, creates a powerful package for determining behavior," said Tyler Moffitt, a senior threat research analyst at Webroot. stealing. The primary email account has links to other online login information, and the average user may have duplicate passwords for more than one account. "
Moffitt lost little comfort from Yahoo's efforts to secure user accounts. "These accounts have been hijacked for years, and the absolute number of them has meant they have been a major source of identity theft. No one should have faith in Yahoo at this time. "
Do not stop the violation is only one aspect of Yahoo's failure. With the absolute number of user accounts and the amount of data each account holds, data security is very important. Unfortunately, Yahoo disregarded the safety of user data that has led to the use of outdated security techniques.
For example, Yahoo stored user passwords using a hash algorithm called MD5, which was first published in 1992 but has a weakness which means that it has been discounted as an effective method for Data security since the mid-2000s.
Jonathan Care, research director for Gartner analysts, said: "MD5 hash vulnerability is a" collision attack "that means an attacker can find a string that will deal with the same hash. like password hash. MD5 is strongly opposed and this leads to the implementation of software development security measures in Yahoo or its vendors. "
The latest data disclosure from Yahoo - after an attack on 500 million user accounts from 2014 - was revealed in September - drawing a picture of a company that is aging, creaking, loses everything. And with the acquisition of Verizon by looming on the horizon, a failure on this scale will undoubtedly affect the deal in the least cost.
"If Verizon is looking for a bill of $ bill of $ 4.8bn agreed upon [as a result of the last breach], then two size breaches will shave off," Madelin said. $ 2 billion.
The complete list of hacks and data breaches revealed this year points to a disturbing trend. Hackers no longer target corporate networks to achieve, instead of going after sensitive data hidden in the plain scene in personal information and correspondence.
Kevin Cunningham, president and founder of the company at SailPoint, said: "Think about all the sensitive files that may be hidden in these alleged Yahoo email accounts: financial reports or newspapers. financial statements, personal healthcare data, even bank or credit card information. .
Cunningham says these properties, especially those with weak security but data warehouses, are likely to emerge by 2017.
Experts have attacked Yahoo's weak security after revealing it was hacked in 2013, just months after it was revealed in 2014.
The hack has seen the potential theft of login details, personal details and any confidential or sensitive information contained in the email. Yahoo offers as well as other services.
"Yahoo is a bit drunk," said Bruce Schneier, a security analyst and one of the world's most respected security experts. They do not care about privacy and are now very clear. I will have trouble trusting Yahoo in the future. "
Yahoo does not just stop the violation, it also does not detect the violation when it occurs in 2013, only recognizes the intrusion and theft of data after being notified by a third party. That makes the user unknowingly infringed for at least three years, easily identifiable theft among many other potential criminal uses of their personal data and passwords.
John Madelin, CEO of RelianceACSN and former vice president of Verizon Data Protection Investigation Report, said: "We think the previous violations of 500 million user accounts were huge, But 1 billion is a monument. "
"All data stolen, including email, passwords, and security questions, creates a powerful package for determining behavior," said Tyler Moffitt, a senior threat research analyst at Webroot. stealing. The primary email account has links to other online login information, and the average user may have duplicate passwords for more than one account. "
Moffitt lost little comfort from Yahoo's efforts to secure user accounts. "These accounts have been hijacked for years, and the absolute number of them has meant they have been a major source of identity theft. No one should have faith in Yahoo at this time. "
Do not stop the violation is only one aspect of Yahoo's failure. With the absolute number of user accounts and the amount of data each account holds, data security is very important. Unfortunately, Yahoo disregarded the safety of user data that has led to the use of outdated security techniques.
For example, Yahoo stored user passwords using a hash algorithm called MD5, which was first published in 1992 but has a weakness which means that it has been discounted as an effective method for Data security since the mid-2000s.
Jonathan Care, research director for Gartner analysts, said: "MD5 hash vulnerability is a" collision attack "that means an attacker can find a string that will deal with the same hash. like password hash. MD5 is strongly opposed and this leads to the implementation of software development security measures in Yahoo or its vendors. "
The latest data disclosure from Yahoo - after an attack on 500 million user accounts from 2014 - was revealed in September - drawing a picture of a company that is aging, creaking, loses everything. And with the acquisition of Verizon by looming on the horizon, a failure on this scale will undoubtedly affect the deal in the least cost.
"If Verizon is looking for a bill of $ bill of $ 4.8bn agreed upon [as a result of the last breach], then two size breaches will shave off," Madelin said. $ 2 billion.
The complete list of hacks and data breaches revealed this year points to a disturbing trend. Hackers no longer target corporate networks to achieve, instead of going after sensitive data hidden in the plain scene in personal information and correspondence.
Kevin Cunningham, president and founder of the company at SailPoint, said: "Think about all the sensitive files that may be hidden in these alleged Yahoo email accounts: financial reports or newspapers. financial statements, personal healthcare data, even bank or credit card information. .
Cunningham says these properties, especially those with weak security but data warehouses, are likely to emerge by 2017.
Nhận xét
Đăng nhận xét