热门关键词:鸭脖娱乐  
当前位置:首页 > 企业新闻
【鸭脖娱乐】雅虎向黑客送上厚礼 数据泄露事件影响到10亿多用户
2021-03-01 [84159]
本文摘要:哦,雅虎,where do I start?

哦,雅虎,where do I start?we used to be good together back in 2004。天啊,雅虎,该在哪里思考呢?2004年,我们在一起的时候,很多时候都很幸福。

鸭脖娱乐

But now I'm angry and disappointed。但是现在我又生气又沮丧。And it's not me,it's Yahoo。

问题不是我,而是雅虎。the data breach the company disclosed last week,affecting more than 1bn users,Dates back to 2013-a year earlier than the breach of 500m雅虎上周公布的数据泄露事件影响了10亿以上的用户,可以追溯到2013年,与今年9月报告的5亿账户泄露相比,Whether you use Yahoo or not,disabuse yourself immediately of any notion that this breach is like The lass其影响更糟,影响范围打破了该公司。and it ' s not just about the number of people affected。

在某种程度上,有多少人不受影响是个问题。this time Yahoo is saying outright that all affected user passwords were stored in a manner that makes your average cyber security BOD go nuts at the m .这次,雅虎做出了直接反应,允许所有不影响用户的密码存储方式对网络安全有更深了解的人对世界进行可怕的飞跃。

(威廉莎士比亚,Northern Exposure(美国电视剧),网络安全!Experts!砰!雅虎!Management!For!Using!老!克里普托!Ran a headline in the register,an industry rag,mocking the internet company ' s corporate punctuation。业界小报《The Register》的标题是安全专家批评雅虎管理层,这里的感叹号嘲弄了雅虎这家互联网公司的徽标。To understand the frustration,Imagine that a password database is like a bike in an area prone to high levels of bike theft-a university town要理解人们的挫折感,请访问It matters how securely your bike is stored and also how much It ' s rendered unrideable with locks。

最重要的是自行车存放得有多安全,锁不能盗用自行车的程度。as Yahoo ' s password bike is known to have been stolen(again),it ' s the additional locks and how strong they are that now matter In password用密码的术语来说,密码强度更容易完全恢复到公司保存的不可用hashed废弃版本中输入的纯文本格式(例如hansolo81)密码。

A Hashed Version Would Look Something Like : 57 DDF 57 A 98 DC 88 C 64327 Fe 6bb 5B 9358。生活数据看起来像57 DDF 57 A 98 DC 88 C 64327 Fe 6BB 5B 9358。if the the thieves can recover Han solo 81,they can ride it into your bank account,Paypal-or anywhere else you used this password or predicts如果小偷能够做到,那么他们可以顺藤摸瓜,转移到银行账户、PayPal或用于此密码或此密码的可预测突变形式(例如,Hansolo81、han$olo81或hansolo82)。so you ' d think Yahoo would deploy chunky chain locks like those that cycle couriers use。

所以雅虎不认为它会像骑自行车的租车使用的那样被用于坚固的链锁。But,actually,it Looks as if the company instead tied a ribbon between the front wheel and the frame。但是从本质上看,该公司似乎把前轮和框架用丝带绑在一起。

In the jargon,They used a method involving a function called MD5-the same poor choice made by adultery website Ashley Madison for some of its问那些技术爱好者他们对MD5的看法,这样做意味着失职。答案是没有借口的。这个方法在20年前被反驳了。

By the time of the 2014 breach,Yahoo had nearly finished a wildly overdue upgrade to its locks,switching to bcrypt If well implemented如果实施得当,小偷将无法伪造雅虎的密码自行车。Getting from 57 DDDF 57A 98 DC 88 C 64327 Fe 6 BB 5 B 9358 to Hansolo 81 Would be Very Unlikely。57 DDF 57A 98 DC 88 C 64327 Fe 6 BB 5 B 9358将完全恢复到Han solo 81,So,while that breach endangered users, It was a less epic fail than the more recently reported compromise It ' s worth being clear about the conse quences of Yahoo ' s incredibly poor security 这是给对我们的理解越来越大的蓄意黑客的慷慨礼物。Also,Yahoo can force password resets only on its own service。

另外,雅虎不能强制用户在自己的网站上重设密码。there is nothing Yahoo can do to make people change identical or similar passwords used on other sites。用户不能更改其他站点使用的部分或类似密码。Further more,as with the last breach,the company hasn ' t disclosed how many security questions and answers were badly stored They state on他们只是声明这个数据可以加密或不加密 how many people can remember whether or not they once had a Yahoo account,let alone what security information they used,and whether they used不用说他们使用的安全信息,以及他们在其他账户上使用了多少信息。

where else did you use your mother ' s maiden name,first pet,favourite colour,school or teacher?你在哪里用过妈妈的娘家姓、第一只宠物的名字、最喜欢的颜色、学校或老师的名字?the conse quences of organisations ' poor security decisions will come back to hauntus。公司糟糕的安全要求的结果会让我们回到后遗症。I only hope Yahoo marks the worst,if not the last。

我只希望雅虎如果不是最后一个,会显示最坏的安全做法。


本文关键词:鸭脖娱乐

本文来源:鸭脖娱乐-www.agentlillian.com