Yahoo! And The Hack Heard ‘Round The World

November 1, 2017

Evan Schendel is a help desk specialist for Tech Experts.

In the age of Russian super-hackers and nationwide credit reporting agencies with pitiful security, what could be safe? One thing is for sure – not Yahoo!.

In September of 2016, Yahoo! released the news that 500 million accounts were hacked in the latter half of 2014. That news severely impacted Verizon’s business deal to buy them out, but they only lowered the price by $350 million USD to a total of $4.48 billion USD.

Three months after this business deal was done and the prior hack had been announced, Yahoo! let the nation know that approximately 1 billion accounts had been hacked in 2013. Verizon was not pleased, to say the least.

Just recently, Yahoo! released even more grave information.

In the earlier part of October, Yahoo! bumped the number of affected accounts up to 3 billion. This estimate encompasses every single Yahoo! account, including its subsidiaries like Tumblr and Flickr. That is a lot of data – and if you had any accounts (even unused) linked to these websites dating back to 2014, you could have even had the information sold.

The cybersecurity firm InfoArmor has reported some of this information has been sold on the dark web, a small part of the web not indexed by search engines.

The group selling this information has sold the data to three sources, two of which are known spammers. All paid upwards of $300,000 USD.

With this information, reused passwords from past accounts can be the largest risk, as many people recycle the same password(s) for all of their various online accounts. While no financial information was stolen, security questions, dates of birth, and backup emails were taken.

All of this can be used for not only breaking into the Yahoo! account in question, but also any other accounts with similar information.

A good course of action from here on would be to, as you should, never reuse passwords, and change any existing passwords you feel might be in danger. Ensure that no shady happenings have occurred with any accounts, up to and including bank accounts.

The information sold was reportedly utilized to spy on a range of US White House and military officials, alongside Russian business executives and government officials.

With this information kept in mind, a document was released stating that four men were indicted, two of whom were Russian intelligence officers working for the Russian Federal Security Service. Which is, ironically enough, an agency dedicated to aiding foreign intelligence agencies track cybercriminals.

To finalize, remember to keep safety measures on all your accounts and protect yourself from email fraud or spam to the best of your ability. Only sign up for accounts on legitimate websites and, when you do create an account, use a unique password for that site. For sites with sensitive information, elect to use two-factor authentication when possible.

That way, when a company’s security is pushed back in lieu of other things, you can serve as a second defense for yourself.

Filed Under: Online Security, Vulnerability Tagged With: , ,

Local Search: Raking In Business From Your Own Backyard

December 8, 2009

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

So you’re in the mood for a pizza. You turn to Google (because no one uses phone books anymore). Instantly, 10 local pizza shops are displayed in your search results. You order. It’s a win-win. You have your pizza, and the pizza parlor shop has your business.

What made this so easy? Local search – a type of search engine query that’s intended to produce local information, often about nearby businesses, products and services. What it does is help customers in your own town, city and neighborhood find you quickly and easily.

All of the big players – Google, Yahoo and Bing – have local search capabilities. So do the Internet Yellow Pages, various business aggregation sites and review sites, as well as directories created specifically for different cities.

As you can imagine, there are several business directories for Monroe. One of the best is: http://businessfinder.mlive.com/MI-Monroe.

I want my local listing!
How do you get your company listed? There are two ways: Navigate the process of submitting your business information to each of the local search engines yourself or save some time and hassle by hiring professionals to do it for you. Either way, getting listed on local search doesn’t happen automatically.

So many directories, so little time.
It’s not a matter of if you should submit your business information to a local search directory, it’s a matter of choosing which ones. To help you make the best decision, consider:

Location. Be sure to understand which geographic region or regions the directory serves. Some are very specific, while other serve a larger geographic area. Check to see if you’re able to list your company within a radius of your zip code.

Price. Many directories are free, or charge a nominal fee to enhance your listing or include additional information. If it’s free, why not list? If there’s a cost, make sure you understand what extras you’re getting for your dollars.

Relevance. Make sure a relevant category exists for your business. Some directories focus on a single industry, like hotels.

If you own a gourmet restaurant, you don’t want to be listed under fast food. Be thorough. If the specific category doesn’t exist, don’t list there.

Popularity. One characteristic of a good local search directory is the amount of traffic it gets. More traffic potentially means more potential people will find you.

A quick way to determine this is to go to a web traffic metrics site, like Alexa (http://www.alexa.com/). The higher the ranking, the busier the site.

No matter what you’re selling – computers, sandwiches or shoes – local search can help bring local customers to your door.

That is, people who could possibly return again, generating repeat business, and who will tell their friends and family about your company. First, they need to be able to find you. Think about the last time you used a phone book, versus a search engine. Local search is where you need to be.

Filed Under: Local Listings Tagged With: , , ,

Researcher: Don’t Trust Google Toolbar

June 26, 2007

Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. The problem is that many widely used Firefox extensions, including toolbars from Google, Yahoo, and AOL, do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher.

The Indiana University doctoral student discovered the Firefox issue last month while examining network traffic on his computer. He noticed that many of the most popular Firefox extensions are not hosted on servers that use the very secure SSL Web protocol.

Although the corporation behind Firefox, Mozilla, hosts the majority of Firefox extensions on its own SSL-enabled Web site, it is common for commercial extension-makers such as Google to host their software on an unsecured site, Soghoian said in an interview.

This leaves users vulnerable to a “man-in-the middle” attack, where Firefox could be tricked into downloading malicious software from a site it mistakenly thought was hosting an extension.

It wouldn’t be easy for an attacker to pull this off, however. In one scenario, the hacker would set up a malicious wireless access point in a public area where people are using wireless connections. He could then redirect extension update traffic to a malicious computer. “An attacker who sets up a wireless access point can then infect anyone who connects to it,” Soghoian said.

Filed Under: Security Tagged With: , , , , ,