Yahoo's security black eye
<b>week in review</b> Hack reveals users' credentials in plain text, while RIM investors look for more financial security. Also: Amazon gets its game on.
Yahoo fell victim to a security breach that yielded hundreds of thousands of login credentials stored in plain text, but it appears users also did little to protect themselves.
The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call." [Update, 11:13 a.m. PT: On Friday morning, Yahoo gave the all-clear, saying "We ... have now fixed this vulnerability, deployed additional security measures," and so on.]
If there's one thing to learn from the security breach, it's that we need to be more creative with our passwords. The hackers said they hoped this would be taken as warning to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords. What was the most popular password on the Yahoo list? The classic 123456, of which there were 2,295 instances.
• Yahoo's password leak: What you need to know (FAQ)
More headlines
RIM faces angry investors, searches for new board
BlackBerry maker is confronted by disgruntled shareholders, as it votes to keep its current board of directors while confirming its search for more-qualified people to serve.• RIM's secret weapon? 80M 'very loyal' customers
• RIM CEO Heins: 'I'm not happy with the situation at RIM'
• How RIM's new marketing chief sees its developer prospects
New iOS hack yields in-app freebies
A new exploit gives users free access to digital content within iOS apps, content that normally costs money.Apple gives developers fully baked Mountain Lion
Apple's next big OS X update has hit golden master status, a sign the software is just about ready for a public release.• Older 64-bit Macs out of the picture for Mountain Lion
Amazon targets Apple's Game Center with GameCircle
The retail giant's new product offers tracking for achievements and leader boards, and saves in-game progress to the cloud.Malware went undiscovered for weeks on Google Play
Breaking the malware into separate, staged payloads allowed the Trojan's authors to avoid detection by Google's automated screening process.• Apple pulls controversial Chinese game from App Store
City of San Francisco to stop buying Apple computers
City officials tell the Wall Street Journal that city money can't be used to buy Apple desktops and laptops. The change comes after Apple withdrew its products from a green-certification registry.• Apple explains why it yanked devices from enviro registry
Google releases Android 4.1 source code
New version of the mobile operating system, aka Jelly Bean, was released along with proprietary binaries for Nexus 7 and Galaxy Nexus.• Nexus devices get Android 4.1 Jelly Bean update
• Android 4.1 Jelly Bean ported to Kindle Fire
Kim DotCom extradition hearing postponed until 2013
Hearing delayed while New Zealand courts sort out questions about the legality of evidence seized with search warrants later declared invalid.• Kim DotCom offers a travel deal to U.S. Justice Department
Russia's parliament approves Internet blacklist law
Russia is the latest country to enact Web censorship-style laws. Sites deemed "illegal" under Russian law now face near-immediate blacklisting.• Wikipedia blackout in Russia to protest censorship
Netflix's lost year: The inside story of the price-hike train wreck
One year ago tomorrow, CEO Reed Hastings took the first of a series of missteps that angered customers and nearly derailed his company. Current and former employees disclose what went wrong.Also of note
• Teens love texting and social networks but ignore e-mail
• Techies offended by Silicon Valley reality show
• Google's Larry Page back at work, recovering from illness