450,000 email addresses and plain-text passwords in circulation

Discussion in 'privacy problems' started by ronjor, Jul 12, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://techcrunch.com/2012/07/12/ya...f-you-were-impacted-non-yahoo-accounts-apply/
     
  3. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    There are a lot of things wrong with this picture. While to those in the security industry it seems almost comical after all the high profile breaches over the past couple of years, major players in the digital market still are falling victim to SQL injections. The second there really is no reason for clear text for web facing applications either in 2012... Though I guess if your entire infrastructure is run by a potato you would not want anything producing too much processing power either.
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Basically if these threats going to keep on Rising
    two years and we wont have an internet :)
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Yahoo hack shows, again, too many people use '123456' and 'password'
    Article

    Yahoo fixes password-pilfering bug, explains who's at risk
    Article
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This is discouraging.

    I agree that changing your email passwords on a regular schedule is good practice.

    BUT as the blog posters say what's the point, if ISP's security is so weak that they store user email addy's and passwords in open text and then allow a hacker in.

    Appolgies don't cut it. :mad:
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    perhaps they are now using 2ROT13 encryption? Double the encryption. Double the security.
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Perhaps?

    Anyway, this is shuting the barn door after the horse has run away.

    These security steps should have been in place all along!
     
  10. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    :D

    Or ROT26 ;)
     
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Good implementations would be 2ROT13, 4ROT13, 6ROT13 or 2048ROT13. Going off how AES and DES work using more rounds and are considered strong, it can thus be assumed that more rounds of encryption bring more security.
    So if they are using such implementations I think they are doing security correctly and we the user have nothing more to worry about.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    We are talking / posting past each other. My point is all these security procedures should have been in place PRIOR to 450,000 email addys were leaked.

    Do you disagree with this? I only ask because you keep saying all is well when clearly it wasn't.
     
  13. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    2ROT13 is a term used to refer utter useless security (in this case is equivalent of nothing), same as any even number ROT13 variant, we were jesting !
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Yahoo! closes security hole that led to huge password breach
    Related Post
     
  15. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Sorry I was being cynical. ROT13 is also known as the old "caesar cipher" where the key is the movement of a letter 13 spaces. It offers no security and I was throwing it out there as a real thing being implemented as how carelessly they handled the security for yahoo voice.

    All variations I mentioned were in jest and do not exist, well other than an april fools prank maybe.
     
  16. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Right! Well you guys sure fooled me! No damage done.:D
     
  17. Judge Dee

    Judge Dee Guest

    According to Wikipedia's article on ROT13:
    :rolleyes:
    BTW, thanks for teaching us about ROT13. Interesting stuff.
     
  18. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    And it wasn't april 1st? Interesting, well to their credit at least it wasnt 2ROT13 or as Nick mentioned ROT26. ;)

    (As applying ROT13 to an already ROT13-encrypted text restores the original plaintext..aka Yahoo Voice):D
     
Loading...
Thread Status:
Not open for further replies.