Help
Post your comments for Hackers Publish Over 450,000 Emails and Passwords Allegedly Stolen From Yahoo here
Page 1 of 1
Hackers Publish Over 450,000 Emails And Passwords Allegedly Stolen From Yahoo
#2
jquigley2zu5s 
- Newbie
-
- Group: New Member
- Posts: 1
- Joined: 12-July 12
Posted 12 July 2012 - 08:08 AM
So how does one find out if his/her id is among those released by this "nice helpful" hacker
#3
LisaSmithsonigerlyteman
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 09-May 12
Posted 12 July 2012 - 08:42 AM
Where there's a will there's a way.
#4
WaltThiessen
- Newbie
-
- Group: New Member
- Posts: 3
- Joined: 25-January 12
Posted 13 July 2012 - 05:21 AM
Dear D33Ds,
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
#5
BalakrishnanGurumurti
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 13-July 12
Posted 13 July 2012 - 05:24 AM
indeed it is a good story that way PC World really helps!
#6
BalakrishnanGurumurti
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 13-July 12
Posted 13 July 2012 - 05:25 AM
indeed it is a good story that way PC World really helps!
#7
mrb186
- Full Member
-
- Group: Members
- Posts: 94
- Joined: 07-April 09
Posted 13 July 2012 - 06:09 AM
I wonder if this is a similar situation where you go to one of these websites and they 'allow' you to sign in with your Google or Yahoo or MSN username and password. I never do that. Just doesn't seem good to me.
#8
AlexisFrank
- Newbie
-
- Group: New Member
- Posts: 6
- Joined: 13-July 12
Posted 13 July 2012 - 07:17 AM
WaltThiessen, on 13 July 2012 - 05:21 AM, said:
Dear D33Ds,
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
That's a nice sentiment, however, it's not how it always works. Do you think that the company would simply listen to a bunch of hackers because of a perceived vulnerability? It's happened many times; hackers inform companies that they have serious security flaws, and the companies ignore them and don't give a damn. So the only way for the company to actually notice such a flaw would be for the hackers to actually attack the company with hard evidence. For example, do you know that before the Sony PlayStation attack, Sony didn't even have a security chief? Can you believe that such an international corporation would not even have a chief of security? Do you think that people did not complain to Sony about that? I think that they did, but the only reason that they actually hired a security chief was in response to the attacks. Sometimes, embarrassing a company publicly is the only way to force them to upgrade their security.
#9
GaryWachs9vzo
- Newbie
-
- Group: New Member
- Posts: 5
- Joined: 28-May 11
Posted 13 July 2012 - 07:30 AM
jquigley2zu5s, on 12 July 2012 - 08:08 AM, said:
So how does one find out if his/her id is among those released by this "nice helpful" hacker
They don't say. Just change your password and fuggedaboutit.
#10
ml888
- Newbie
-
- Group: New Member
- Posts: 1
- Joined: 13-July 12
Posted 13 July 2012 - 07:42 AM
AlexisFrank, on 13 July 2012 - 07:17 AM, said:
WaltThiessen, on 13 July 2012 - 05:21 AM, said:
Dear D33Ds,
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
That's a nice sentiment, however, it's not how it always works. Do you think that the company would simply listen to a bunch of hackers because of a perceived vulnerability? It's happened many times; hackers inform companies that they have serious security flaws, and the companies ignore them and don't give a damn. So the only way for the company to actually notice such a flaw would be for the hackers to actually attack the company with hard evidence. For example, do you know that before the Sony PlayStation attack, Sony didn't even have a security chief? Can you believe that such an international corporation would not even have a chief of security? Do you think that people did not complain to Sony about that? I think that they did, but the only reason that they actually hired a security chief was in response to the attacks. Sometimes, embarrassing a company publicly is the only way to force them to upgrade their security.
#11
CopyCatCopy
- Newbie
-
- Group: Members
- Posts: 7
- Joined: 19-November 09
Posted 13 July 2012 - 07:47 AM
AlexisFrank, on 13 July 2012 - 07:17 AM, said:
WaltThiessen, on 13 July 2012 - 05:21 AM, said:
Dear D33Ds,
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
That's a nice sentiment, however, it's not how it always works. Do you think that the company would simply listen to a bunch of hackers because of a perceived vulnerability? It's happened many times; hackers inform companies that they have serious security flaws, and the companies ignore them and don't give a damn. So the only way for the company to actually notice such a flaw would be for the hackers to actually attack the company with hard evidence. For example, do you know that before the Sony PlayStation attack, Sony didn't even have a security chief? Can you believe that such an international corporation would not even have a chief of security? Do you think that people did not complain to Sony about that? I think that they did, but the only reason that they actually hired a security chief was in response to the attacks. Sometimes, embarrassing a company publicly is the only way to force them to upgrade their security.
took the words out of my mouth.. people must understand that security through obscurity does not work and actually hurts by by the false sense it gives. passwords and clear text?.. are you kidding me? they did not even bother to hash them? basically any employee or contractors that had access to this database has access to your passwords. really really bad !
#12
IsabellaJohannson
- Newbie
-
- Group: New Member
- Posts: 1
- Joined: 13-July 12
Posted 13 July 2012 - 08:00 AM
#13
jj49382
- Newbie
-
- Group: New Member
- Posts: 1
- Joined: 13-July 12
Posted 13 July 2012 - 08:41 AM
@AlexisFrank that still doesn't make breaking in the right thing to do!
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
#14
FernandoJuliao
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 13-July 12
Posted 13 July 2012 - 11:11 AM
Not only Yahoo's security sucks but they are also violating customers privacy because they are keeping unencrypted user passwords. I knew this already since my email business password was hacked and my account was used to send spam. If they had stored the passwords in an encrypted way it would have been really hard for the hackers to "guess" my password because I follow all the recommendations for strong passwords.
#15
FernandoJuliao
- Newbie
-
- Group: New Member
- Posts: 2
- Joined: 13-July 12
Posted 13 July 2012 - 11:13 AM
Not only Yahoo's security sucks but they are also violating customers privacy because they are keeping unencrypted user passwords. I knew this already since my email business password was hacked and my account was used to send spam. If they had stored the passwords in an encrypted way it would have been really hard for the hackers to "guess" my password because I follow all the recommendations for strong passwords.
#17
AlexisFrank
- Newbie
-
- Group: New Member
- Posts: 6
- Joined: 13-July 12
Posted 13 July 2012 - 08:00 PM
jj49382, on 13 July 2012 - 08:41 AM, said:
@AlexisFrank that still doesn't make breaking in the right thing to do!
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
PCWorld recently published this article about exactly how ridiculous the security of its email system was.
Here it is:
http://www.pcworld.c...like_yahoo.html
If you read it, you'll see exactly how pathetic Yahoo's system was. You make an analogy that the hackers are doing something of the likes of trying to break into a house with a closed door and windows. However, that's not an entirely fair analogy. Rather, as another user puts it, crosswordbob, he says that "They're pretty much on par with being burgled because pulling the door to when you leave is too much effort." To hackers, the idiocy and carelessness of Yahoo's system can be likened to not even closing their front door. In other words, they were pretty much asking to be hacked. We can only be thankful to the hackers that there were no ill intentions towards the hack; they published the information to force Yahoo to react and repair their vulnerabilities. If they truly wanted to profit off of this, no one would have known about the hack until people lost their information.
#18
crosswordbob
- Veteran
-
- Group: Members
- Posts: 5,031
- Joined: 25-June 10
Posted 13 July 2012 - 08:20 PM
AlexisFrank, on 13 July 2012 - 08:00 PM, said:
jj49382, on 13 July 2012 - 08:41 AM, said:
@AlexisFrank that still doesn't make breaking in the right thing to do!
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
So you are telling me I can continually walk around your house pushing on windows and doors. If I find one open I can take all your stuff out and put it in the street and that would be ok because you are an idiot for leaving an opening.
PCWorld recently published this article about exactly how ridiculous the security of its email system was.
Here it is:
http://www.pcworld.c...like_yahoo.html
If you read it, you'll see exactly how pathetic Yahoo's system was. You make an analogy that the hackers are doing something of the likes of trying to break into a house with a closed door and windows. However, that's not an entirely fair analogy. Rather, as another user puts it, crosswordbob, he says that "They're pretty much on par with being burgled because pulling the door to when you leave is too much effort." To hackers, the idiocy and carelessness of Yahoo's system can be likened to not even closing their front door. In other words, they were pretty much asking to be hacked. We can only be thankful to the hackers that there were no ill intentions towards the hack; they published the information to force Yahoo to react and repair their vulnerabilities. If they truly wanted to profit off of this, no one would have known about the hack until people lost their information.
Firstly, thanks for the mention, but I should point out that as much disgust as I have for the lack of basic security principles at major companies, I do not under any circumstances condone public dissemination of user data, even as a proof of concept. I recall a horrendous case in which a company was using SQL statements straight from a GET parameter in the URL. The nice folks that discovered this were ignored when they pointed out the vulnerability, but when they sent the company's staff address list to the webmaster (i.e. not to a public location), the issue was sorted quickly. The point? There are ways and means of embarrassing companies into fixing their insecurities that don't involve putting real users at risk. The folks who published this stuff were more concened with self-aggrandising than with altruism.
If I dispute one single point in a post, that should not be taken as an indication that I agree/disagree with any other point made by that poster or anyone else in the thread. Or anywhere else. Ever.
#19
ronin7752
- Senior Member
-
- Group: Members
- Posts: 935
- Joined: 21-February 09
Posted 16 July 2012 - 11:23 AM
WaltThiessen, on 13 July 2012 - 05:21 AM, said:
Dear D33Ds,
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
The approach you took actually makes matters worse.
If you want to bring an exploit to the attention of a website like Yahoo, the ethical thing to do would be to contact them directly with the information.
All embarrassing people publicly does is to make them angry at you, rather than at Yahoo.
If you are really trying to help, do it the right way. Don't encourage the public to despise you because of your methods for exposing people.
1.) Reporting any networking problem to Yahoo is a monumental task, and almost always a waste of time. (I know because I've tried.)
2.) The problem is that far too many Yahoo users are blindly faithful. Sometimes, in order to make things better, you just have to yank people's heads out of the sand, even though they will hate you for it. Yahoo is one of the worst services on the Internet. Their mailboxes have been hacked 10 times more often than any other host (in my past experience). They have a horrible track record for personal privacy and security. They shouldn't even be in business.
90% of being smart is knowing what you're dumb at.
Share this topic:
Page 1 of 1