Yahoo !: Re-hacking 32 million accounts at risk - TechnoTron



Posted by: TechnoTron 03/03/2017



Vuelven a hackear a Yahoo!: 32 millones de cuentas en peligro

"In 2013 and 2014, the company compromised 1.5 billion user accounts. Despite the danger, a new vulnerability has allowed the Yahoo! hacking and other 32 million accounts."





Thirty-two million, that's the number shuffled this time by the security report released by the National Securities and Exchange Commission (SEC) of the United States. Research has revealed that user accounts have been compromised by a so-called cookie-forging attack that allows hackers to access accounts without having to provide user or password. This new security breach only exacerbates a tense situation on the part of the company. Yahoo! has already suffered two massive bugs that have compromised the accounts of 1.5 billion people in the last three years. The National Securities Market Commission has accused several board members of failing their obligations to users by not understanding or assessing previous security breaches.

Cookie-forging attack






"In the past November and December 2016, we announced that external forensic experts were investigating the creation of forged cookies that could allow an attacker to access user accounts without a password. , We believe that unauthorized "third parties" have accessed the company's proprietary code to learn how to design such cookies.Forensics have identified approximately 32 million user accounts for those who believe that fake cookies were used to hack them between 2015 and 2016 We believe that part of this activity is related to the same "actor" responsible for the security incident of 2014. The false cookies have already been invalidated by the company so that user accounts can not be used and endangered again " .



As explained in the report, in Yahoo! hacking has been used a sophisticated technique called cookie-forging attack in which have been used cookies, or small pieces of information stored to "cheat" the website. Cookies are stored for the convenience of the user. For example, they allow access to a site after some time has passed without having to re-identify us. They also help us recover data without having to re-enter it. In this attack, the alleged hackers have used such pieces of information to violate the user's security in a way that the Yahoo! website believed was actually before a user who had previously entered to view his account. This possibility has been discussed for some time, when several experts pointed out the potential danger of cookies for security.



For us to understand, when we are browsing we usually accept the cookies of the sites we visit. Its main functions are to take control of the users, to collect information about their browsing habits and to store information to expedite the procedures. The general purpose of cookies is usually to create a more comfortable browsing environment. So when we first identify to a Yahoo! account we do not need to re-do it as we navigate the page unless we consciously leave. The piece of information that keeps our identification (or the order that tells the page that we have already identified) is the cookie. The hacking of cookies false uses stolen cookies (something relatively simple) and injection of cookies to deceive the server by telling him that the hacker was actually identified, so he does not ask for the user's password, being able to access all the Private account information or even modify it without problems.



And there are already three




This incident has been widely denounced by the SEC due to the previous attacks of 2013 and 2014 that violated the account of more than 1,500 million users. Most critical is that on previous occasions, cookies also played an important role in hacking.



"An independent committee has found that these failures in communication, management, research and internal information have contributed to the lack of understanding and management of the situation as of the 2014 incident."



 With these words, the committee accuses the executives of not having taken the appropriate letters in the matter despite having already lived the previous security breaches. And all this after the company's statement to be aware and have taken the appropriate measures after the attack of 2014. Marissa Mayer, current CEO of Yahoo!, has stated in a message from his own Tumblr that he is aware of the seriousness Of the matter and that, despite having tried to put measures to remedy the potential problem, it will take responsibility for the judgment. This means that the CEO will reject part of their profits this year and will distribute it among the workers of Yahoo!. Meanwhile, the SEC has requested evidence to prove the legitimacy of the decision to withhold information from investors, with the harsh consequences this might have for the company. 

Comments

Post a Comment

Popular posts from this blog

Twitter: change your profile image by default, the end of snake eggs - "TechnoTron"

Image
Twitter: change your profile image by default TWITTER, TRENDS, SOCIAL NETWORKS, INTERNET, TECHNOLOGY The image of an egg that was assigned to new comers to the social network became synonymous with accounts created for the purpose of attacking others from anonymity. After having been replaced as the solution to the problem is still far. Since 2010, the default image that appeared in the new profiles of Twitter was a white egg, accompanied by a different background for each account. An entry of the blog you write responsible for the layout of the page, explains how the people who use the network to attack other users motivated change that image and the process that led to the gray silhouette that now replaces it. The idea behind the image that represents the rookies in the social network was simple: eggs were a temporary measure until the users choose an image that would be identified. It is positioning that after leaving the eggs, the users were as birds that fed
Keep reading

WhatsApp: discover if you are spied on when using WhatsApp Web

Image
Index : Prologue 1.- WhatsApp Web, a tool that is too quiet 2.- How to protect your account from WhatsApp so no one can spy on web Prologue " WhatsApp Web goes well to use the messaging on the computer, but it is easy to spy on another person if you are logged in the browser with your mobile phone. Avoid this. "   The messaging application for excellence not only drag behind itself a huge popularity, a huge amount of controversy. Security, partnerships with Facebook... And a large number of users they see violating your privacy for couples, friends, family... that try to spy on their conversations. Spy on WhatsApp is one of the most common. And it is because it is in this application where we turned over our side more intimate. The worst thing is that it is quite easy to gain access to the conversations of another person with WhatApp Web . The company added few months ago a notification when you use the session in another part, but can be overlook
Keep reading

Windows 10: with Ubuntu Bash Console how to use it - TechnoTron

Image
Posted by: TechnoTron 2/28/2017 Source:     Xataka                                                                                                                                                     In April 2016 Microsoft had announced one of the great new features of Windows 10: the possibility of using a Linux console natively in this operating system thanks to the collaboration of Canonical, the company responsible for the development of Ubuntu. That option is available thanks to the arrival of the compilation 14316 of Windows 10, in which apart from other news we can start using the bash console of Ubuntu directly in Windows 10. If you are Windows Insiders and you are inside the ring of quick updates, You can now apply that update and enjoy that console easily. This has been our experience in taking advantage of this feature.
Read more