{title:}

Fri, 13. July 2012 – 10:14

Also irgendwie wollen die Nachrichten nicht abreissen:

Yahoo confirmed today that a bunch of passwords — more than 450,000 of them to be exact — have been stolen.

[…]

In LinkedIn’s case, the passwords were stored in a marginally scrambled state, not strongly encrypted as they should have been, but in a mixed-up state using an old, easy-to-break hashing technique known as MD5.

In the case of Yahoo, the passwords are said to have been stored in raw plaintext, which anyone with even the slightest bit of training in IT security knows is a no-no. If that is indeed how these passwords were stored, then Yahoo has some explaining to do.

Da wird es also spannend sein herauszufinden, was genau da bei Yahoo vor sich gegangen ist. Sicher, 100%ige Sicherheit fuer derartige Daten gibt es leider nicht, aber derart sensitive Informationen im Klartext abzulegen ist schon grobe Fahrlaessigkeit; sollte sich also bestaetigen, dass in der Tat Passwoerter unverschluesselt herumgelegen haben, dann wird sich Yahoo wohl einige recht unbequeme Fragen gefallen lassen muessen (und dies vollkommen zu Recht).