Three Steps To Avoid Getting Hacked Like Yahoo
Posted 13 July 2012 - 03:58 PM
Expecting poor companies to do these things isn't practiceal.
Before making comments like this, do your research.
Yahoo certainly isn't poorer than the average individual. And I don't think you know how much it costs to encrypt a password. $0.
Posted 13 July 2012 - 06:25 PM
It is like to remove the walls in your house but just small problem, some people can get to the bedroom where your wife is sleeping. Now, you need to stay at home 24x7 to monitor who is around.
With main frames we used to have layers and channels of access. A system programmer or a DBA had a different access channel. A user had access to an application but never to the infrastructure.
Posted 13 July 2012 - 07:00 PM
Posted 13 July 2012 - 09:29 PM
I don't know what they use for their servers (Windows Server maybe?), but I have had other negative experiences with Yahoo along these lines and they deny the problem is theirs. Yahoo needs to step up and take responsibility when there is a hacking problem.
Posted 14 July 2012 - 06:50 AM
A configured Postfix system to block Yahoo.com and reduce the amount of spam from others is all it takes.
Subset of /etc/postfix/main.cf:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, warn_if_reject, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_invalid_hostname, reject_rbl_client relays.ordb.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, permit header_checks = regexp:/etc/postfix/header_checks
/\.ru$/ DISCARD /\.cn$/ DISCARD /\.ch$/ DISCARD /\.dk$/ DISCARD /\.nl$/ DISCARD /\.cz$/ DISCARD /\.info$/ DISCARD /\.biz$/ DISCARD /\.au$/ DISCARD
/DRUGS_ERECTILE/ DISCARD /DRUGS_ERECTILE_?/ DISCARD if !/^From:.*@graysonpeddie.com/ /^To:.*recipients*/ REJECT Please specify at least one address you are sending to. endif /^From:.*@yahoo.com/ DISCARD
Along with Postfix, I use Amavis, ClamAV (with clamav-clanfresh), and SpamAssassin. I have Zarafa Community Edition running with less privileges for the file system and database access. Above all, I am using strong password which will take 35 or more centuries to crack.
When it comes to creating my own website, I'll do everything to prevent character escaping/delimiting.
Well, at least I don't have any friends in Yahoo Messenger. I barely use it except when it comes to making relay calls (i711, Purple Relay, Sprint IP Relay, etc.) due to my hearing impairment.