About this Blog:
A daily digest of IT blogs from Richi Jennings—he curates the best bits of the best blogs, finest forums, and weirdest websites, so you don't have to. Catch the key commentary from around the Web every morning.
Yahoo! Voices hack reveals 453,492 passwords, claims D33Ds Company
Yahoo! Voices (née Associated Content) has been hacked by a group calling itself D33Ds Company. The perps claim to have lifted almost half a million login credentials using a SQL-injection attack. In IT Blogwatch, bloggers change their Yahoo! (NASDAQ:YHOO) passwords, just in case.
By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The Queen's royal sausages...
Dave Kennedy broke the story:
[But his website was crushed by the load -Ed.]
So let's turn to Dan Goodin, at his new home:
The [passwords] posted on a public website by a hacking collective [who] said it penetrated the Yahoo subdomain using...a union-based SQL injection.
...
To support their claim, the hackers posted what they said were the plaintext credentials for 453,492...accounts.
And Andy Greenberg raids the wayback machine:
Do you Yahoo? Then you may want to change your account’s password.
...
D33Ds Company claimed...that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites...“We hope that the parties responsible...will take this as a wake-up call. ... There have been many [Yahoo!] security holes...that have caused far greater damage than [this]. ... The subdomain and vulnerable parameters have not been posted to avoid further damage.”
In case you missed it, John "John" Koetsier repeats the advice advice:
...the affected service is... Yahoo Voices, the user-generated content service. ... Which means that if you’ve ever contributed content to Yahoo Voices or Associated Content...change your passwords.
...
[This is probably] case of hackers finding an old user account backup...[but] many people do not use unique usernames or passwords for different sites...[so] change your passwords!
Meanwhile, the Open Security Foundation notes this fascinating fact:
20 passwords have "squirrel" in them!
And Finally...
The Queen's royal sausages
[don't watch while eating!]
Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's also the main author of Computerworld's The Long View and IT Blogwatch -- for which he has won ASBPE and Neal awards. A cross-functional IT geek since 1985, Richi also publishes a full profile and disclosure of his industry affiliations.
- TAGS:hack, SQL Injection, Yahoo, Yahoo Voices, Yahoo!, YHOO
- TOPICS:Application Security, Cloud Computing, Cybercrime and Hacking, Data Security, Databases, Internet, Malware and Vulnerabilities, Privacy, Security, Web Apps
CIO of the future: Innovator or ERP baby sitter?Browse Computerworld Blogs
All Bloggers
Free Insider Guide- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
White Papers
- Case Study: Hospital Turns to Email Archiving Solution to Ensure Regulatory Compliances
- Read this case study to learn how a cloud-based email archiving solution enabled the hospital to meet government mandates and helps avoid thousands...
- Case Study: In-the-Cloud Email Service Replaces Three Point Products
- Read this case study for more information on a comprehensive in-the-cloud email service to help replace three point products.
- Case Study: Simplifying the Transition to Exchange 2010 with Email Management Solutions
- Read this case study to learn how a cloud-based email management solution greatly simplified the company's transition to Exchange 2010.
Webcasts
- Live Webcast
Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider - Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider
- Live Webcast
On-Demand Webcast: 7 Reasons to Choose VoIP - Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA... - Live Webcast
Unified Communications 101 - Learn more!
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
Sponsored Links
- Finally, a tablet that thinks the way you work. Intel®-based tablets
- Improve your ROI by the power of three with HP Converged Storage.
- Splunk - Machine data goes in, business insight comes out. Learn more.
- Focus on business, not infrastructure with VblockTM Systems from VCE
- Platform without Boundaries - Extend your Datacenter
- What's your Integration Strategy? View Gartner Predicts 2013: Application Integration.
- MIT Sloan: cutting-edge short courses for busy executives
- AirWatch - Leader in the Gartner Magic Quadrant Report for MDM. Download Now
- Connect to the Cloud faster with Comcast Business
- MIT Sloan: cutting-edge short courses for busy executives
- Imagine a future shaped by simplicity. See it at HP Discover 2013. Register Now.
- Join the Peer-Driven Community For All Things Mobility
- openBench Labs: How Diskeeper 12 Keeps the Latest Windows OS Running Like New
- Redefine Mobility Mgmt at Enterprise Mobile Hub
- Download Microsoft's latest Data Protection Management tool
- Not All QSAs Are Created Equal: What You Should Know Before You Buy
- The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability
- The AMD Virtual Experience Virtual Trade Show
- "The Definitive Guide to Security Management" Chapter 1: Introduction to Security Management
- How big is your 'phishing attack surface'? Find out now. A new free service!
- Intel ProLiant -Double compute density to tackle bigger workloads with HP ProLiant servers. Learn more
- Cervalis-S.S.A.E. 16 data centers keep critical IT applications running.
- Jumpstart business transformation with VCE solutions for SAP
- Check out Gartner Predicts 2013: Application Integration
- Rugged and reliable Panasonic Toughbook® mobile computers.
- New CIO Playbook helps you commit to SLAs with confidence.
- Transform enterprise IT with ServiceNow. See how easy IT can be.
- DEMO Velocity: Create branded interactive live events & training.
- See how Royal Caribbean is unlocking intelligence w/ Windows Embedded.
- BlackBerry for business. Built to keep your business moving.
- IDC Report: Managing the I/O Explosion Without Extra Hardware
- Top Ten Myths About Recovering Deleted Files
- Online Master of Science in Information Systems at Northwestern University
- ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.
- Leverage Your Cisco infrastructure for Superior Application Performance
- Learn about the AMD Virtual Experience
- "The Definitive Guide to Security Management" Chapter 1: Introduction to Security Management
- Introducing: Project Icebreaker
Resource Center
- About Us
- Advertise
- Contacts
- Editorial Calendar
- Subscribe to Computerworld Magazine
- Help Desk
- Newsletters
- Careers at IDG
- Privacy Policy
- Reprints
- Site Map
- Ad Choices
The IDG Network:
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.