Yahoo Still Remains Vulnerable

The first thing you need to do after getting your house or apartment is robbed, of course, change the lock. Yahoo does not seem to think so, since the same practices that were in place when they are raped are still used according to a new report Venafi.

Moreover, their practices have been known for years as dangerous. Venafi provides simple: if you are a Yahoo user, you should be concerned about this. Here is what he did (or did not): the most important, 27 percent of certificates on external sites Yahoo has not changed since January 2015.

"Replacement certificates after a violation is a mitigation of critical practice, unless the certificates are replaced by the standard organizations can not be certain that the attackers do not have continuous access to encrypted communications," says Venafi . Over the past 90 days, 519 certificates were issued, leading to the conclusion that Venafi Yahoo "has the ability to find and replace the digital certificate", which he considers a common problem.

In addition, Venafi said that a series of "amazing" digital certificates Yahoo use MD5, a cryptographic hash function that is known to be vulnerable to brute force attacks. Nearly half (41 percent) of external certificates Yahoo uses a hashing algorithm considered dangerous.

"In our experience felonies, like that suffered by Yahoo, often accompanied by the relative weakness of cryptographic controls," said Alex Kaplunov, vice president of engineering Venafi. "To confirm this hypothesis, we take an in-depth look the exterior cladding Yahoo! web properties and details of how these sites use encryption. We found encryption practices in these properties are relatively low. This is not surprising. in our experience, most companies, including global brands with deep investments in cybersecurity, have low cryptographic controls ".


Popular posts from this blog

Full Tuition Master Scholarships Program Sponsored by Japan/World Bank 2018 | Apply Now

Samsung will reduce Galaxy Note 7’s battery capacity via automatic update