Diplo Internet Governance Community

Stay networked. Get informed. Broadcast your projects.

Today we all woke up to another bitter truth of another public big figure of the Internet being hacked into and details of users' credential posted on websites. The hacking into yahoo described as a union-based SQL injection that managed to exploit 450K users' credentials joins the rest that had happened, the ones we were trying to forget like the linkedin incident.

The credentials of 'Username' and 'password' exposed on the  website by a hacking group calling themselves d33d indicated that more people used weak passwords including 'password123' which are easy to crack even by some one doing the first try. This shows a sign of weakness on the side of service users on the Internet.

Another link shows that these credentials were stored in plain text even for the passwords with out a single hashing algorithm. This reminds me that even my simple Linux Mint Laptop stores passwords in a shadow file which will take you some good time to crack even if you came across the file. One wonders why Yahoo, a giant firm could do such a great mistake?

In another angle, we have seen companies enabling 'strong password' rules for all those who wish to open up accounts with them. These strong password rules are all over the web which include but not limited to, having an alphanumerical password with a capital letter. Having a password phrase longer than 6 characters and other things. But the same report showed that some people had passwords less than three characters, passwords like, 'qwerty', '123456' and so many others. Why could Yahoo of all companies allow such passwords on their network in the first place.

I wouldn't want to mention the firewall and network security to avoid things like Injections because those ones are a little more complex but a company of yahoo's strength and financial standing, would be able to invest in any sort of security measures.

It is on this note that I ask, who would you blame for the rampant hacking of user credentials on popular networks? Would you take the users as weak and lazy, or the providers as people who don't mind about security?

Views: 89

Comment

You need to be a member of Diplo Internet Governance Community to add comments!

Join Diplo Internet Governance Community

Members

Groups

Follow us

Website and downloads

Visit Diplo's IG website, www.diplomacy.edu/ig for info on programmes, events, and resources.

The full text of the book An Introduction to Internet Governance (6th edition) is available here. The translated versions in Serbian/BCS, French, Spanish, Arabic, Russian, Chinese, and Portuguese are also available for download.

Interviews


Karlene Francis (Jamaica)
Ivar Hartmann
(Brazil)
Elona Taka (Albania)
Fahd Batayneh (Jordan)
Edward Muthiga (Kenya)
Nnenna Nwakanma (Côte d'Ivoire)
Xu Jing (China)
Gao Mosweu (Botswana)
Jamil Goheer (Pakistan)
Virginia (Ginger) Paque (Venezuela)
Tim Davies (UK)
Charity Gamboa-Embley (Philippines)
Rafik Dammak (Tunisia)
Jean-Yves Gatete (Burundi)
Guilherme Almeida (Brazil)
Magaly Pazello (Brazil)
Sergio Alves Júnior (Brazil)
Adela Danciu (Romania)
Simona Popa (Romania)
Marina Sokolova (Belarus)
Andreana Stankova (Bulgaria)
Vedran Djordjevic (Canada)
Maria Morozova (Ukraine)
David Kavanagh (Ireland)
Nino Gobronidze (Georgia)
Sorina Teleanu (Romania)
Cosmin Neagu (Romania)
Maja Rakovic (Serbia)
Elma Demir (Bosnia and Herzegovina)
Tatiana Chirev (Moldova)
Maja Lubarda (Slovenia)
Babatope Soremi (Nigeria)
Marilia Maciel (Brazil)
Raquel Gatto (Brazil)
Andrés Piazza (Argentina)
Nevena Ruzic (Serbia)
Deirdre Williams (St. Lucia)
Maureen Hilyard (Cook Islands)
Monica Abalo (Argentina)
Emmanuel Edet (Nigeria)
Mwende Njiraini (Kenya)
Marsha Guthrie (Jamaica)
Kassim M. AL-Hassani (Iraq)
Marília Maciel (Brazil)
Alfonso Avila (Mexico)
Pascal Bekono (Cameroon)

© 2019   Created by Community Owner.   Powered by

Badges  |  Report an Issue  |  Terms of Service