Yahoo Hacked – 1.0B Accounts Exposed

Dude… The Fat Lady is SO singing over at Yahoo…

yahoo exposed

  1. There are a few things that come to mind here:
  2. If I were Marissa Mayer, I would crawl under a rock and hide. Like… forever.
  3. If I were Verizon, I would run, not walk, so fast and so far away from the purchase of Yahoo, and I would NEVER look back (or second guess that decision)
  4. If I were a Yahoo user, I would set fire to my account and use the mail account that my ISP gave me. At this point a comcast.net mail account can’t be seen as a bad thing…

To be honest, this is beyond pathetic.

I’ve heard it mentioned that the security breach in question is the result of a separate, earlier attack that occurred in 2013, at least six to twelve months before the attack in 2014 that exposed 500 million accounts to hackers. I’ve heard that security analysts at Yahoo brought their concerns to the management team and the analysis was effectively ignored.

In a statement, Yahoo said they weren’t able to identify the intrusion associated with the breach. Hackers may have stolen names, email addresses, telephone numbers, MD5 hashed passwords, dates of birth, and in some cases, both encrypted and unencrypted security questions and answers.

The company has further admitted that hackers may have accessed all of this information due to a theft of source code, enabling them to manufacture a way in without requiring a password. Apparently, they were able to forge a cookie that allowed them to retrieve credentials that were stored locally. While Yahoo has invalidated the security questions and their answers as well as the forged cookies, the damage has already been done.

The thing that really irks me the most here, is that this was a bigger breach than the one that was reported in 2014; AND it occurred BEFORE the breach that got so much publicity. This hack is twice as big and in my opinion twice as damning. Verizon was already “evaluating” its purchase of Yahoo. If I were them, I’d evaluate myself right out of the deal. The assets aren’t worth the risk.

Yahoo has been severely criticized by six different US senators for taking two years to publicize the September 2014 breach that lost them 500,000 accounts. This latest breach occurred a full year or so before that, and its being revealed AFTER the 2014 breach.

At this point, Yahoo knows basically NOTHING. They have no idea who may have perpetrated the attack, which nation may have sponsored the hackers or the full extent of the information that has been compromised. As a result, Yahoo’s stock took a 2.5% hit in afterhours trading on 2016-12-14. At this point, I can see the value of the stock dropping more as Verizon “evaluates” their purchase plans.

As I said, Yahoo is over. Marissa Mayer is done as a CEO, despite the amount of promise she showed during the early part of her tenue with the company. Verizon should do themselves a favor and target other web content and properties . I think their money would be better spent on assets that weren’t compromised.

If I were a Yahoo user, I’d shut my account down, get a secure password manager, and change passwords and security question answers on all my financial accounts… and that’s just for starters. Yahoo has been around since the early 1990’s. A lot of users have a great deal invested in them, and all of that metadata may be compromised at this point. Better safe than sorry for ALL involved (including investors, Yahoo management and Verizon, as well as users)…

Are you a Yahoo user? Are you still using your Yahoo account? Are you concerned about this breach? What, if anything, have you done to protect yourself and your account information? Why don’t you meet me in the Discussion area below and give me your thoughts on the breach and on Yahoo itself as well as what you’re doing to make yourself safe.

Related Posts:

Manage your Windows PC with GEGeek Tech Toolkit

Manage your Windows PC with this collection of technical apps and utilities.

GGTK-09

Windows is a great operating system that is riddled with opportunities for improvement. Historically, this is a great way of saying that the OS has serious issues. Its also a great way of saying that it needs help. Which is one of the reasons why utility suites like GEGeek Tech Toolkit is something that nearly every somewhat technical Windows user needs. If you have a Windows PC, you really need to do yourself a favor and check it out.

GEGeek Tech Toolkit is a complete collection of over 300 Portable freeware, tech related programs. All of them are all accessible from a single Menu Launcher Utility. The utility suite resides on a USB or flash drive, providing the user the ability to update the programs with little to no intervention. This insures that the apps are completely portable.

The app is a system tray tool that gives you access to its cache of tools and utilities. You run the toolkit main executable, and it puts everything on the flash drive at your disposal within a couple of clicks. It has apps like WinRAR, Chrome and Firefox, as well as malware removal and disk recovery tools. The apps are part of the download and included with the suite. Everything runs off the flash drive.

I’m actually afraid to run any of the utilities in this suite, but I was finally able to get the software to download and correctly decompress. It took me five timeDs to do it, but I finally got it to work.

Getting the software to download, however, was difficult. It would not download to my Mac either via OS X or Windows 7 via Parallels. The download kept getting corrupted just at the end. I was finally able to download the software on my Surface Pro, but after decompressing the downloaded file, Windows Defender identified at least 7 components as hacker software/malware.

Finally, the product website is a huge mess. There’s SO much information screaming at you when you visit the product’s website that its very difficult to process it all and make sense of it. Even I got lost in it; and I know my way around software and websites. Its in need of a serious overhaul as well.

While everything in this utility suite runs, I’m not entirely certain I can recommend the application to general users. Use this one at your own risk.

Download

Related Posts:

The Enigma Protector

The Enigma Protector is powerful tool that was designed for complex protection of program modules. Program modules include following types of objects:

  • Windows 32 and 64 bits Portable Executable files (*.exe);
  • Windows Screen saver files (*.scr);
  • Dynamic Link Libraries (*.dll);
  • ActiveX control files (*.ocx);
  • .NET executables (*.exe).

When we say “protection” we mean realization of two major ideas. First one is integration of “try before you buy” conception support system into the program module. Second one is protection of machine code of program module from analysis and cracking. As can be seen, the protection is realized in different, but nevertheless greatly interrelated aspects, which are protection of developer economic interests and technical protection of the program product.

download The Enigma Protector

The Enigma Protector has advanced scheme of registration keys generation:

  • Comfortable interface for creating and verifying of registration keys. You do not need to search any safe decisions how to generate registration keys for customers. The Enigma Protector helps you to create keys with very safe algorithm like RSA up to 4096-bits key length!
  • Special Enigma API. Enigma API is the set of special functions to make communication between protected program module and the Enigma loader. It gives access to full information about registration keys, current trial parameters and so on.
  • Hardware locking of registration keys. This perfect feature helps you to generate registration keys for particular computer only! The registration key generated with the hardware lock function enabled will works only on one PC you have chose.
  • Time limited registration keys. If you need to limit time of usage of registered version of module, just create time limited registration key!
  • Registration dialog designer. Allows to customize registration dialog that is shown at the module startup!

The Enigma Protector includes few unique tools for managing of licenses:

  • License Manager serves for storing of licenses generated for the registered users. Once you generate a registration key you can simply add this information into internal database. License Manager provides you to create/edit licenses and customers records.
  • Mailer serves for automatically generate and send emails to the users that are stored in the database. For any software developer is the common thing to send notification emails to the registered users (for example, if the newest version of the software has been realized or new registration scheme has been implemented), Mailer provides you very simple way automatically generate and send emails.

The Enigma Protector has wide range of features to limit time of module usage:

  • Executions, days, date, time limitations. The main conception of shareware is “try before you buy”. The customer should see how the application works and what features it has. Let’s show these features but do not forget to limit usage time to increase motivation to buy application.
  • System clock control. This feature is used to control system clock reversing. It helps you to avoid not honest customers.

The Enigma Protector has a lot of features to make your software resistant to cracking:

  • Anti-debugger tricks. Debuggers are the special tools that allow to reverse source machine codes of executed module. All reverse engineers use these tool to understand how your module works or how the protection of module works. Using of this feature helps to avoid simultaneous execution of protected module with debug tools.
  • Control sum checking. Control sum is a special data which helps to understand is the data region modified or not. Every crack (e.g. removing of protection) needs to modify some of machine code region, The Enigma Protector is able to check is the sources modified and if it is then make alert. The Enigma Protector checks not only machine codes of protected module but the own sources too!
  • Set startup password. Sometimes you need to limit count of users which are using protected module to particular group. Using of startup password feature is the most safe decision.
  • External files checkup. Allows to check version and (or) attributes and (or) hash (checksum) and or date of external files.
  • Processes checkup. Allows to set a list of dangerous tools that could not simultaneously work with protected module (this feature can help to do not execute protected module if sceencaptures tools, or any monitors or debuggers are running).
  • Virtualization tools checkup. Allows to stop execution if the protected module is running under Virtual Machine like VMWare, Virtual PC or etc.
  • Here are also checkups of Installed services and Windows version.
  • Additional features. They checks up number of simultaneous executed copies of protected module, file name of module, disk type on which module is executed.
  • Hard modifications of import table of executable. Nobody will know what import libraries uses your module.

The Enigma Protector has features to help programmer to add beautiful things into existing module without writing any additional sources strings:

  • Splash screen. Adds splash screen to module startup. Choose your own picture to show it while module is starting.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook