Thycotic’s Nathan Wenzler had a following comment on the Yahoo Account Key announced this week. He was surprised this security flaw was not pointed out.
[su_note note_color=”#ffffcc” text_color=”#00000″]Nathan Wenzler, Executive Director of Security, Thycotic :
Yahoo Account Key might make life easier for consumers, but it also leaves them open to an entirely new type of attack. Hackers have access to millions of emails accounts from 2015’s data breaches alone. With Yahoo Account Key, hackers can just try logging into every Yahoo address they find, and wait. Eventually, some users will accidentally hit “yes” on their phones, and just like that, they’re in. Hackers only need a small percentage to make that mistake to make it worthwhile, similar to how they determine success rates for spam and emails that are sent in large volumes.[/su_note][su_box title=”About Nathan Wenzler” style=”noise” box_color=”#336588″]Nathan has over a decade of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations. Throughout his career, Nathan has helped government agencies and Fortune 1000 companies build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security effort. Currently as the Senior Technology Evangelist for Thycotic, Nathan brings his expertise on security program development and implementation in both the public and private sector to admins, auditors, managers, and security professionals at a variety of conferences, trade shows, and educational events.[/su_box]
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.