Top 10 websites of 2013

Another year has passed by lest see which site tops the list.

“Ranking powered by alexa.com”


Blowfish12@2012-13 blowfish12.tk Author: Sudharsun. P. R.

Was YOUR Yahoo password hacked? Here’s how to find out

Last night the news broke that Yahoo had a security breach and 435,000 usernames and passwords had been hacked. Particularly troubling? The login credentials are in plaintext, not even encrypted. The biggest question users have when this happens: have MY username and password been released?

A number of services can answer that. One is Should I Change My Password, which has two great features that differentiate it from some others.

One is the ability to check anonymously based on email address, which many people have as their username for online services. This is helpful, because you don’t have to enter your password into the service (which you don’t know if you can trust or not) to check if your password has, indeed, been compromised. Secondly, you can sign up to receive notifications in the future if your email address is ever involved in another hacking incident.

Simply go to Should I Change My Password, and enter your email address:

The site automatically checks you against millions of emails and passwords leaking innumerous security breaches. If your email address is among those that have been hacked and released, this is what you’ll see. (I checked it myself with an old email address that I knew had been previously compromised.)

While investigating the breach and writing my story last night, I personally downloaded a few hundred thousand of the usernames and passwords and tried (unsuccessfully) to log into a number of Yahoo accounts.  This service can give you some confidence that others won’t be trying the same with your private accounts.


Blowfish12@2012 blowfish12.tk Author: Sudharsun. P. R.

Hackers post 450K credentials apparently pilfered from Yahoo

Credentials posted in plain text appear to have originated from the Web company’s Yahoo Voices platform. The hackers say they intended the data dump as a “wake-up call.”

Yahoo appears to have been the victim of a security breach that yielded more than hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a “wake-up call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The hacked subdomain appears to belong to Yahoo Voices, according to a TrustedSec report. Hackers apparently neglected to remove the host name from the data. That host name — dbb1.ac.bf1.yahoo.com — appears to be associated with the Yahoo Voices platform, which was formerly known as Associated Content.

Because the data is quite sensitive and displayed in plain text, Blowfish12 has elected not to link to the page, although it is not hard to find. However, the page size is very large and takes a while to load.

The disclosure comes at a time of heightened awareness over password security. Recent high-profile password thefts at LinkedIn, eHarmony, and Last.fm contributed to approximately 8 million passwords posted in two separate lists to hacker sites in early June. Yesterday, Formspring announced it had disabled the passwords of its entire user base after discovering about 420,000 hashed passwords that appeared to come from the question-and-answer site were posted to a security forum.


Blowfish12@2012 blowfish12.tk Author: Sudharsun. P. R.