453,441 Yahoo Voice Passwords Leaked!

[Corrine]

 Yahoo Voices hacked, nearly half a million emails and passwords stolen | Naked Security 

Quote:

Yesterday, we reported on the Formspring website hack. Today, it's Yahoo Voices that has been compromised. Yahoo Voices, which defines itself as "where your expertise and perspectives take center stage!", allows Yahoo users to post their own articles, videos and slideshows online. This morning, hacker group D33DS Company, published the 453,491 email addresses and passwords online in plain text, in a document marked "Owned and Exposed".

Another story:  Hackers expose 453,000 credentials allegedly taken from Yahoo service (Updated) | Ars Technica 
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[v_v]

WOW!!!

And also check out the article about Windows gadgets at "  http://nakedsecurity.sophos.com/2012/07/12...r-gadgets/  ". I have been using the clock and temperature gadgets at work. Now, it seems like that is not a 'good thing!'

v_v
_________________
Justice, Equity, and Meaningful, Productive, and Fulfilling Lives to All Earthlings

[Corrine]

Yup. But note as I updated my post at  Microsoft Security Advisory 2719662, Gadget Vulnerability , it appears the Fix it solutions are backward!
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[techie]

I would say that the code would have to be run from an external source, not a local computer setting.

If you use the clock or calender section, it is updated internally from the operating system and is synced with the taskbar clock and calender.

That means it is internal, not external. If it were vulnerable, so would the taskbar clock and calender be as well. Your clock is updated from an external source at the taskbar option.

You can set where your time is synced from or disable the sync option, right click the clock, left click adjust date or time, chose the internet time button, then change settings, then you can uncheck if you don't want to sync with an internet service or chose another service, such as a government atomic clock server.

I had blocked the gadget sidebar from using the internet, on external sources, with my firewall.

I can see that almost any external gadget connecting to the internet for an update could be vulnerable, but it seems to be addressing third party add on gadgets, that has become the problem, not released from MS.

 http://technet.microsoft.com/en-us/security/advisory/2719662 

This is a just shoot the the hole thing fix.

[Corrine]

In addition to a "shoot the hole thing fix", it is also a way to shut down support and hosting of the Windows Vista/Windows 7 gadgets and move on to Windows 8.
_________________
Freedomlist.com (March 1, 2000 - 2013)



Take a walk through my Security Garden

[orillia3]

That explains the Yahoo email I got today regarding Associated Content. Apparently AC was the predecessor of Yahoo Voices which was compromised.

The idea of resetting hundreds of passwords on hundreds of websites every few months is a daunting task. There must be a better way. I do not entirely trust password managers as they sometimes glitch if there is a slight website URL change.

The internet seems to be the only place that you can interact with criminals intent on doing you harm on a regular basis.
_________________
My new site http://www.giobikes.org