Yahoo! and! Microsoft! have! long! way! to! go! in! account! hijack! fight! Microsoft and Yahoo! are way behind Google in fighting account hijacking, according to security experts. Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011. The claim is …
No! You're not suggesting he's this poor soul? Whatever could have given you that idea?
/sarc
He somewhat amusingly just followed my posts back to this discussion! I don't think I'm being conceited - look at his timestamps (above and there).
Checking me out RICHTO? Sorry dud, I've a strict policy against drug addicts and MS marketeers.
If you have ever tried to report spam from a compromised Yahoo! account, you know that they have no means to repoprt spam from their network. Their direct abuse address doesn't accept email anymore and suggests politely that you use their 'you beaut' html form.
Problem is that the form just goes round and round in circles. You never get to a point where you can enter the header or body. If you sign in to a Yahoo! account and pretend that the email come from outside their network, this is adifferent story.
My guess is that about 2 years ago Yahoo! got rid of all their abuse staff and now use some sort of automatic tool which seems to not be able to accept spam from their own network. Just guessin.
You'd think that Yahoo would be desperate enough by now to do something SUBSTANTIAL to improve their email system, since that's about the only thing they have left that's worth anything. Then again, the awful email system is probably what's keeping Yahoo afloat. It's such a mess that everyone is afraid to buy them out, even though the legacy of a large number of email users is supposed to have value.
Hey, Yahoo! Why don't you make a GOOD email system by making it BAD FOR SPAMMERS? Why don't you give us the tools to give the spammers bloody hell?
As regards the topic of the google stopping account theft, I really doubt it. The google has become so censorious, untrustworthy, and generally all around EVIL that I'm pretty sure it's another fake report. My theory would be that there was ONE spammer who was hijacking accounts on a large scale. That means when they finally figured out his trick and shut him down, they suddenly show a massive decrease in the so-called problem. Actually, it might have been a rather large problem for all we know. The google can simply juggle the pagerank to pitch things any way they prefer. Disagree with the google? Get disappeared.
How do accounts get hijacked?
I know how nefarious types have ways of setting up large numbers of new accounts, and I know what spam looks like and therefore how they could detect amounts of spam spewing from one account ( some better than others apparently ). This article is about that happening on hijacked accounts.
how do hijackers hijack real accounts in any kind of numbers?
random pwd tries based on the user name?
Perhaps a Google account is now worth more to its owner.
If you don't take care of your google account, you might compromise all the related services (most obviously docs) that you get from Google, so you make more of an effort. For hotmail and yahoo, there probably are no such related services, so no such consequences, so no such care.
It's still not quite the same as "I paid for this account, so I'll take care of it." but perhaps it is close enough. If so, the corollary is that this isn't going to change soon. Yahoo and Hotmail are not backed by a company willing to provide additional *free* services that might make those accounts equally valuable.
"Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011."
Funny how Google was the one that provided that initial information ehhh. And shockingly it is also a notation that they now only have 0.3% of their previous total number of hacked accounts......hmmmmmm can you say propaganda????
If MS and Yahoo! had bug bounty programs on their website similar to Google, Mozilla, Paypal, and Facebook, they could be far more secure than what they are currently.
I am going to move my business account from Yahoo! to Google just for the security reasons. Every week, I am receiving spam emails from my friends Yahoo! accounts - no problem with Google though!
Google cares more about security of its customers than Microsoft & Yahoo!
see this yourself: www.google.co.uk/about/appsecurity/reward-program/
Since most Android phones are linked up directly via credit card and account to gmail accounts, might just be a punters being a magnitude more password hygenic (cash and phone pwnership) vs Y! + MSN accounts which often are used just for mail, or even simply low grade instant messenger accounts.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
