When the Yahoo hack was revealed I absolutely dismissed Yahoos assertions of a nation state actor. I have been waiting for the independent investigations to play out and now the REAL reason for the hack has come out.
Yahoo internal security was poor. Unlike Google, which took security very seriously when they were breached in 2010 along with Yahoo, Yahoo basically sat on their hands when it came to security. Yahoo KNEW about the bigger hack since 2012. This tells me they had zero interest in making things properly secured. The current CEO KNEW of the issues AND the hack yet did nothing in 2010 when Google spent enormously on security nor in 2012 when Yahoo’s entire user database was taken. Of course since our laws are not enforced on bigger persons or companies there’s no reason to spend money on security because you will suffer little, if any, damage at all.
As I have done more research on this it turns out the number of accounts taken is going to get bigger. This is not surprising as the largest companies try to implement “damage control”. This is a total misnomer as their attempts to minimize the damage always turn out to make things worse. We will have to see if this plays out to the 1 billion mark or not but I am willing to say I think it will definitely get larger than 500 million. It appears that Yahoo’s entire network was owned much the same way Targets network was owned. The folks that got into Target owned everything and I bet Yahoo was..and might still be..fully owned.
It is the consumers who get screwed…over and over. Read the linked article and the links contained in said article. You will then understand why the cloud as we know it is doomed to failure. The current system of allowing third parties to control our ssl system is a bad idea. Comodo and wosign are two CAs that are woefully insecure. There is one individual who has advocated for a better system that puts the choice of who you trust into your hands. The cloud DOES have its uses…but putting your critical business there is a big gamble. Make sure you know the inherent risks of putting your business in the hands of a third party, multi-tenet system. Contact ETC Maryland to make sure your cloud ambitions are not putting your data…and by extension…your business at grave risk.