450,000 email addresses and plain-text passwords in circulation

There are a lot of things wrong with this picture. While to those in the security industry it seems almost comical after all the high profile breaches over the past couple of years, major players in the digital market still are falling victim to SQL injections. The second there really is no reason for clear text for web facing applications either in 2012... Though I guess if your entire infrastructure is run by a potato you would not want anything producing too much processing power either.

 

Basically if these threats going to keep on Rising
two years and we wont have an internet

 

Yahoo hack shows, again, too many people use '123456' and 'password'

Article

Yahoo fixes password-pilfering bug, explains who's at risk

Article

 

This is discouraging.

I agree that changing your email passwords on a regular schedule is good practice.

BUT as the blog posters say what's the point, if ISP's security is so weak that they store user email addy's and passwords in open text and then allow a hacker in.

Appolgies don't cut it.

 

perhaps they are now using 2ROT13 encryption? Double the encryption. Double the security.

 

Perhaps?

Anyway, this is shuting the barn door after the horse has run away.

These security steps should have been in place all along!

 

Or ROT26

 

Good implementations would be 2ROT13, 4ROT13, 6ROT13 or 2048ROT13. Going off how AES and DES work using more rounds and are considered strong, it can thus be assumed that more rounds of encryption bring more security.
So if they are using such implementations I think they are doing security correctly and we the user have nothing more to worry about.

 

We are talking / posting past each other. My point is all these security procedures should have been in place PRIOR to 450,000 email addys were leaked.

Do you disagree with this? I only ask because you keep saying all is well when clearly it wasn't.

 

2ROT13 is a term used to refer utter useless security (in this case is equivalent of nothing), same as any even number ROT13 variant, we were jesting !

 

Yahoo! closes security hole that led to huge password breach

Related Post

 

Sorry I was being cynical. ROT13 is also known as the old "caesar cipher" where the key is the movement of a letter 13 spaces. It offers no security and I was throwing it out there as a real thing being implemented as how carelessly they handled the security for yahoo voice.

All variations I mentioned were in jest and do not exist, well other than an april fools prank maybe.

 

Right! Well you guys sure fooled me! No damage done.

 

According to Wikipedia's article on ROT13:

BTW, thanks for teaching us about ROT13. Interesting stuff.

 

And it wasn't april 1st? Interesting, well to their credit at least it wasnt 2ROT13 or as Nick mentioned ROT26.

(As applying ROT13 to an already ROT13-encrypted text restores the original plaintext..aka Yahoo Voice)