London-based Yahoo! hacker gets 11 years for SQLi mischief A 23-year-old man has been sentenced to two years in prison for his part in a cyber attack on Yahoo! in 2012. Nazariy Markuta, of Harlesden, London, was a member of the D33Ds Company network, which nicked over 450,000 customer email addresses and passwords from Yahoo! after an investigation by the UK's National Crime Agency ( …
Yes wonder if I can get parking tickets charged concurrently..... Get 10 in one day and only pay for one of them.
If he's guilty of multiple crimes then he shouldn't be allowed to serve the punishment for all of them at the same time. The incentive is then why do one crime when you can do 10 and if you're caught you'll get the same punishment as if you'd only done the one.
"Damage that is deserved if they didn't take basic security measures to ensure the security they expect and deserve online."
I don't think anyone deserves that kind of misappropriation of data - mainly because it hurts the customers / chattel as well. I look at it as being inevitable, and the chain of command should be hung out to dry for failing to oversee proper security measures as appropriate.
FWIW I didn't downvote you because your point of view has merit in abstract terms. Have a beer & relax, it's Friday. :)
I don't think anyone deserves that kind of misappropriation of data - mainly because it hurts the customers / chattel as well.
Perhaps "invites" would be a more appropriate term. Leave your car running on a dark street in a high crime area* and you might not "deserve" to have it stolen, but you are asking for it to happen.
* An apt analogy for the internet, I believe.
First off, I hate this "reputational damage" malarkey. What's wrong with the good old-fashioned "damage to their reputation"?
Secondly, without saying "they deserved it" for having such a basic (sqli is basic) vulnerability, the fact that this vuln was so obviously latent, just waiting for someone to come up and turn the key, as it were, should the full cost/blame fall only on the first guy to "immanentise the escutcheon"?
"It is not believed to be related to Yahoo!'s half-a-billion account breach from the same year."
Another one? The recently reported breach was said to have been 2014, ac couple of years later and time, you'd think, to realise that they might, just possibly, need to do something about security.
Multiple breaches, with lessons not learned after the first?
See also: TalkTalk.
See also: http://www.theregister.co.uk/2016/09/23/if_your_company_has_terrible_it_security_that_could_be_a_rational_business_decision/ (which I already know you've read because we replied to one another in the comments).
Given that Yahoo outsource email for BT & Sky
I am not sure this is still the case. I think BT moved to something else at some point. Not sure - never used it.
By the way - this and other ISP hosted services should have been the Yahoo goose laying golden eggs, however Yahoo never ever invested in it. They were let to fester and putrefy instead.
One of the most retarded Purple palace business decisions of all time.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
