The Yahoo! Voices breach demonstrates an inherent problem with SDLC as a sole solution for web app security. Even in the case that you have a very good SDLC program, when you acquire some code that was developed outside of your organization, you need to quarantine it behind a WAF. This is true not only for acquisition but also for the more common use of using some third party applications and modules.
The Register reports:
The company said the information that was published by members of the hacking group D33Ds Company stemmed from users who had signed up with the Associated Content site before Yahoo! bought it 2010.
If these users try and log into their Yahoo! accounts now they will be asked a series of authentication questions before having to change their data, and Yahoo! is also suggesting other users get into the habit of changing their passwords regularly.
ADDED 8:26 AM: The same lesson applies to Instagram and Facebook.
Authors & Topics: