Comments on: Hackers take Yahoo: 453,000 login credentials nabbed http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html Brain candy for Happy Mutants Thu, 23 May 2013 20:17:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: robuluz http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1476051 robuluz Fri, 13 Jul 2012 03:51:00 +0000 http://boingboing.net/?p=170749#comment-1476051 I was with you right up until you stopped talking about what a good joke it was. I was with you right up until you stopped talking about what a good joke it was.

]]> By: Cowicide http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1475259 Cowicide Thu, 12 Jul 2012 17:47:00 +0000 http://boingboing.net/?p=170749#comment-1475259 Thank goodness for <a href="https://agilebits.com/onepassword" rel="nofollow">1Password</a>.  I just have to know one ridiculously complex password for that to keep track of all my other passwords. Stuff like this happening is why I don't like the idea of keeping all my credentials in one place "in the cloud" with some multi-service thing. One services fails then many others may go down with it. Thank goodness for 1Password.  I just have to know one ridiculously complex password for that to keep track of all my other passwords. Stuff like this happening is why I don’t like the idea of keeping all my credentials in one place “in the cloud” with some multi-service thing. One services fails then many others may go down with it.

]]> By: Cowicide http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1475257 Cowicide Thu, 12 Jul 2012 17:44:00 +0000 http://boingboing.net/?p=170749#comment-1475257 It still might not be "that" bad... FTA:<blockquote>only about 5 percent of the exposed credentials were still valid on Yahoo</blockquote> According to Yahoo in that article, at least. It still might not be “that” bad…

FTA:

only about 5 percent of the exposed credentials were still valid on Yahoo

According to Yahoo in that article, at least.

]]> By: dragonfrog http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1475209 dragonfrog Thu, 12 Jul 2012 16:51:00 +0000 http://boingboing.net/?p=170749#comment-1475209  Probably but not guaranteed - has anyone seen the password dump?  How strong are the passwords?  It could be that the passwords they posted as plaintext are simply those that were weak enough to rapidly crack the hashes.  Probably but not guaranteed – has anyone seen the password dump?  How strong are the passwords?  It could be that the passwords they posted as plaintext are simply those that were weak enough to rapidly crack the hashes.

]]> By: teapot http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1475153 teapot Thu, 12 Jul 2012 15:40:00 +0000 http://boingboing.net/?p=170749#comment-1475153 lol their announcement page is down because of the traffic volume. Lucky there's always BT. *opening* *checking* OK I don't think there's a lot for users to worry about as (I believe) these are only email/PW combinations to use the Yahoo Voice whatever-it-is, NOT login details for email inboxes themselves. All of the email/PW combos I tried didn't work (except one on Yahoo that said I hadn't signed into my email in a while). The only users at risk are ones that actually USE Yahoo mail.... plus users who use the same PW across several accounts which means they're asking for it anyway :) There's a few US military emails in there... let's see how effective they are at creating strong passwords. First 15 on the list: maestero, emanuel, pat727rod850, portal55, a@rron76 , pokemon, soccerba11, annieruth60, 153125, daniela, employment, monkey23, armani1, 12snooks34, ljm*8702 Conclusion: mostly terrible bcsizemo: I believe a majority of attack still use SQL injection. Wordpress installations was getting screwed over a few months ago. lol their announcement page is down because of the traffic volume. Lucky there’s always BT.

*opening*

*checking*

OK I don’t think there’s a lot for users to worry about as (I believe) these are only email/PW combinations to use the Yahoo Voice whatever-it-is, NOT login details for email inboxes themselves. All of the email/PW combos I tried didn’t work (except one on Yahoo that said I hadn’t signed into my email in a while). The only users at risk are ones that actually USE Yahoo mail…. plus users who use the same PW across several accounts which means they’re asking for it anyway :)

There’s a few US military emails in there… let’s see how effective they are at creating strong passwords. First 15 on the list: maestero, emanuel, pat727rod850, portal55, a@rron76 , pokemon, soccerba11, annieruth60, 153125, daniela, employment, monkey23, armani1, 12snooks34, ljm*8702
Conclusion: mostly terrible

bcsizemo: I believe a majority of attack still use SQL injection. WordPress installations was getting screwed over a few months ago.

]]> By: bcsizemo http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1475001 bcsizemo Thu, 12 Jul 2012 12:18:00 +0000 http://boingboing.net/?p=170749#comment-1475001 Like someone posted on Ars a lot of these email accounts aren't just limited to Yahoo.  But that makes me wonder if they are just linked to the Yahoo account, just like you can link other email accounts into GMail.  The plaintext part bothers me, but I'm more concerned with an SQL injection attack...I though those kinds of things died out years ago.  (Perhaps Ars was simplifying it all for the readers?) Like someone posted on Ars a lot of these email accounts aren’t just limited to Yahoo.  But that makes me wonder if they are just linked to the Yahoo account, just like you can link other email accounts into GMail.  The plaintext part bothers me, but I’m more concerned with an SQL injection attack…I though those kinds of things died out years ago.  (Perhaps Ars was simplifying it all for the readers?)

]]> By: traalfaz http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474994 traalfaz Thu, 12 Jul 2012 11:56:00 +0000 http://boingboing.net/?p=170749#comment-1474994 The fact that they posted plaintext passwords means that Yahoo had plaintext passwords on file.  This, in turn, means that Yahoo has no idea what they're doing when it comes to security.  You do NOT store plaintext passwords. Incompetence at Yahoo is really no surprise though. The fact that they posted plaintext passwords means that Yahoo had plaintext passwords on file.  This, in turn, means that Yahoo has no idea what they’re doing when it comes to security.  You do NOT store plaintext passwords.
Incompetence at Yahoo is really no surprise though.

]]> By: penguinchris http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474913 penguinchris Thu, 12 Jul 2012 09:18:00 +0000 http://boingboing.net/?p=170749#comment-1474913 It's a good joke, but Flickr accounts require a Yahoo account so even a lot of tech-savvy people have Yahoo accounts they regularly use... including e.g. Cory Doctorow who posts photos to his account regularly (and myself). But if it was Yahoo Voice that was compromised as petsounds reports below, well, I have no idea what Yahoo Voice is or who its users are but the crossover with Flickr users is probably pretty small :) It’s a good joke, but Flickr accounts require a Yahoo account so even a lot of tech-savvy people have Yahoo accounts they regularly use… including e.g. Cory Doctorow who posts photos to his account regularly (and myself).

But if it was Yahoo Voice that was compromised as petsounds reports below, well, I have no idea what Yahoo Voice is or who its users are but the crossover with Flickr users is probably pretty small :)

]]> By: Marc Mielke http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474866 Marc Mielke Thu, 12 Jul 2012 06:52:00 +0000 http://boingboing.net/?p=170749#comment-1474866 Hey! They still have decent p0rn groups...or so I've heard....from some totally not-me people! Hey! They still have decent p0rn groups…or so I’ve heard….from some totally not-me people!

]]> By: petsounds http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474850 petsounds Thu, 12 Jul 2012 05:47:00 +0000 http://boingboing.net/?p=170749#comment-1474850 Kevin Mitnick is saying on Twitter that the service compromised was Yahoo Voice. Kevin Mitnick is saying on Twitter that the service compromised was Yahoo Voice.

]]> By: robuluz http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474847 robuluz Thu, 12 Jul 2012 05:38:00 +0000 http://boingboing.net/?p=170749#comment-1474847 <blockquote>To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts.</blockquote>Luckily, none of the accounts had been used since 1998.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts.

Luckily, none of the accounts had been used since 1998.

]]> By: workin http://boingboing.net/2012/07/11/hackers-take-yahoo-453000-lo.html#comment-1474844 workin Thu, 12 Jul 2012 05:30:00 +0000 http://boingboing.net/?p=170749#comment-1474844 Hmm, mom recently passed and took her password with. Tried getting in, nope, maybe they d33ds got it for me-seems the D co didn't secure there own stuff because they got all their own info posted by another's SQL attack - circlejerk Hmm, mom recently passed and took her password with. Tried getting in, nope, maybe they d33ds got it for me-seems the D co didn’t secure there own stuff because they got all their own info posted by another’s SQL attack – circlejerk

]]>