July 16, 2012

The Yahoo! Voices breach demonstrates an inherent problem with SDLC as a sole solution for web app security. Even in the case that you have a very good SDLC program, when you acquire some code that was developed outside of your organization, you need to quarantine it behind a WAF.  This is true not only for acquisition but also for the more common use of using some third party applications and modules.

The Register reports:

The company said the information that was published by members of the hacking group D33Ds Company stemmed from users who had signed up with the Associated Content site before Yahoo! bought it 2010.

And:

If these users try and log into their Yahoo! accounts now they will be asked a series of authentication questions before having to change their data, and Yahoo! is also suggesting other users get into the habit of changing their passwords regularly.

 

ADDED 8:26 AM:  The same lesson applies to Instagram and Facebook.

 

Share:

Posted by Imperva Blogger at 12:00:00 AM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.