1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Yahoo’s compromised records likely hidden within encrypted traffic, vendor says

Discussion in 'CSO' started by RSS, Sep 26, 2016.

  1. RSS

    RSS New Member Member

    LOUISVILLE, KY – As Derby Con was winding down, an interesting email hit Salted Hash’s inbox form Venafi. The security firm, known for their tools that secure digital keys and certificates, outlined a number of cryptographic issues at Yahoo.

    The email then claimed they’re not saying these flaws led to the massive data breach that impacted 500 million users. Yet, that’s exactly what their statements hint at.

    In Venafi’s experience, an emailed statement from Alex Kaplunov, Venafi’s vice president of engineering explains, breaches like the one suffered by Yahoo are often accompanied by weak cryptographic controls.

    Granted, Venafi has a horse in the race, so this isn’t an unusual statement for them to make, but it’s interesting – as it could explain how Yahoo failed to notice half-a-billion records moving into criminal hands over time.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page