Department of Justice plans to crack down on counterfeits sold online

These days, people are resorting to the internet for most of their shopping. Who can blame them; the experience is far more convenient, and often cheaper, than going to traditional brick-and-mortar retail stores. One of the problems with this, howe...

Yahoo confirms server breach, over 400k accounts compromised

Yahoo confirms server breach, over 400k accounts compromised

Online account security breaches are seemingly commonplace these days -- just ask LinkedIn or Sony -- and now we can add Yahoo's name to the list of hacking victims. The company's confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren't just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

In response, Yahoo's saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Filed under:

Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceTechCrunch, New York Times  | Email this | Comments

Google’s Vulnerability Program ups the ante for helpful hackers

Google's Vulnerability Program ups the ante for helpful hackers

This is not your ordinary rewards program, it's Google's way of paying it forward... to hackers. After celebrating the one year anniversary of its unique initiative this past November -- in which the coding-inclined are compensated for exposing critical flaws across its suite of web services -- the folks over at Mountain View have updated the program's policies with a bigger chunk of cash. Previously, the search giant had set a max payout of $3,133.7 for any discovered vulnerabilities (a bizarre sum, we know), but that cap has now seen an increase up to $20,000 depending on the severity of the reported bug. For a company with billion dollar coffers, the move appears to be none other than a good faith investment in the security research community. But if you lean a bit closer to the paranoiac line, it could also be viewed as a countermeasure to other, higher-paying firms with less than honorable intentions. Whether your rose-colored glasses are on or off, it's still nice work if you can get paid for it. And who knows? You might even make it to the Security Hall of Fame.

Google's Vulnerability Program ups the ante for helpful hackers originally appeared on Engadget on Tue, 24 Apr 2012 18:33:00 EDT. Please see our terms for use of feeds.

Permalink SlashGear, Forbes  |  sourceGoogle Online Security Blog  | Email this | Comments