Steve Smith talks about Yahoo's database breach, bad data security policies, and the sale to 3 or more groups on the Dark Web.
Episode #7-16 released on December 17, 2016
Yahoo is back in the news again, as the again disclose a hack of their database of over a billion accounts, and the Internet giant goes wild with ways to protect your accounts from being hacked, while, only now, requiring users to change their passwords. It is only recently that this Internet giant, Yahoo, started implementing 2FA methods, and the entire thing is putting a strain on their sale to Verizon, but why?
First, regardless of how you look at it, it took Yahoo 3 years to disclose the breach, which is slow by any metric. Any details or methodology to protect yourself now, is now, for all intents and purposes, too late to apply. Anything said at this point is the same as explaining to a dead person hit by a car, how not to be hit by a car, which the entire time, the driver hit them while they stood on the sidewalk, if you think about it.
Second, regardless of how Yahoo spins this, they were the ones hacked, and that hack affects you. If you have, for the past 3 or more years used proper password methodologies to protect your other accounts, the only account that was affected, was your Yahoo account, and other connected assets like Flickr. Since, the only thing you can do now, is protect your Yahoo account by changing your password, security questions and answers, and enabling two-factor authentication, you may want to consider shutting down your account unless you absolutely need it still.
Third, Yahoo's data policies regarding user accounts. We, the people, need to know starting now, how Yahoo intends to prevent, out right, any future breaches, or protect data in case it is stolen. It is not always possible to prevent hacks that result in the database being stolen, whether it was an external, or internal hack, but protecting the data in the database, must be paramount. This means, total, absolute, user data encryption must be enforced for the greater good. We aren't running a web-site in 1995, we are in a different time altogether. Encryption is so important these days, that even the way things are encrypted is something people should know.
Fourth, because of the lack of vision of Yahoo, the database, which was stolen years ago, was bought a minimum of 3 times for $300K USD, by two prominent spammers, and one who may have been connected to espionage tactics.
Which brings me to my last point, Yahoo, programmer to programmers, encryption of user data, especially today, is possible, even with currently stored data. If I can spend months, by myself, coding a new engine for brand new sites, and even mechanisms to convert old databases into fully encrypted accounts, what is your excuse? Especially, with all the talent you have currently employed that could achieve all that in a fraction of the time.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net
Feel free to ask more questions, comment on the content, share other possible solutions, and suggestions. An account is required, please register, or login to leave your comment. Thank you for your input.
Playing yet again as Talion, infused with the spirit of the Elf Lord Celebrimbor, you continue you quest against Sauron with a new ring forged, free of his corruption. You start the story seeking out Shelob, a Spider Queen who has recently kidnapped Elf Lord Celebrimbor, and you must make a heavy sacrifice in order to return in to your body. From then on you must fight against the hordes of Orcs commanded by Sauron to free Mordor, starting with the city Minas Ithil, where the Palantir is located. The Palantir is a valuable tool that would allow anyone to see what they would like to see, making it a great tool in winning the war over the entirety of Middle-earth. Your task, prevent Sauron by gaining the upper hand, or everything is lost.
Published on November 12th, 2017