Steve Smith talks about Yahoo's database breach, bad data security policies, and the sale to 3 or more groups on the Dark Web.
Episode #7-16 released on December 17, 2016
Yahoo is back in the news again, as the again disclose a hack of their database of over a billion accounts, and the Internet giant goes wild with ways to protect your accounts from being hacked, while, only now, requiring users to change their passwords. It is only recently that this Internet giant, Yahoo, started implementing 2FA methods, and the entire thing is putting a strain on their sale to Verizon, but why?
First, regardless of how you look at it, it took Yahoo 3 years to disclose the breach, which is slow by any metric. Any details or methodology to protect yourself now, is now, for all intents and purposes, too late to apply. Anything said at this point is the same as explaining to a dead person hit by a car, how not to be hit by a car, which the entire time, the driver hit them while they stood on the sidewalk, if you think about it.
Second, regardless of how Yahoo spins this, they were the ones hacked, and that hack affects you. If you have, for the past 3 or more years used proper password methodologies to protect your other accounts, the only account that was affected, was your Yahoo account, and other connected assets like Flickr. Since, the only thing you can do now, is protect your Yahoo account by changing your password, security questions and answers, and enabling two-factor authentication, you may want to consider shutting down your account unless you absolutely need it still.
Third, Yahoo's data policies regarding user accounts. We, the people, need to know starting now, how Yahoo intends to prevent, out right, any future breaches, or protect data in case it is stolen. It is not always possible to prevent hacks that result in the database being stolen, whether it was an external, or internal hack, but protecting the data in the database, must be paramount. This means, total, absolute, user data encryption must be enforced for the greater good. We aren't running a web-site in 1995, we are in a different time altogether. Encryption is so important these days, that even the way things are encrypted is something people should know.
Fourth, because of the lack of vision of Yahoo, the database, which was stolen years ago, was bought a minimum of 3 times for $300K USD, by two prominent spammers, and one who may have been connected to espionage tactics.
Which brings me to my last point, Yahoo, programmer to programmers, encryption of user data, especially today, is possible, even with currently stored data. If I can spend months, by myself, coding a new engine for brand new sites, and even mechanisms to convert old databases into fully encrypted accounts, what is your excuse? Especially, with all the talent you have currently employed that could achieve all that in a fraction of the time.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net
Feel free to ask more questions, comment on the content, share other possible solutions, and suggestions. An account is required, please register, or login to leave your comment. Thank you for your input.
DmC: Devil May Cry, is an action packed hack and slash game featuring Dante, a nymphilm, a child of demon and angel, who uses his powers and weapons to defeat enemies in the treacherous limbo. His weapons in his sword called Rebellion, and his guns Ebony and Ivory. Dante, also, has an Angel and Devil mode. In Angel mode, Rebellion becomes Osiris, a speedy scythe. In Devil mode, Rebellion becomes Arbiter, a slow devastating axe.
Published on October 7th, 2017