Saturday, July 21, 2012

Half a million clear text passwords hacked on Yahoo



Recently it was reported that Yahoo had almost a half a million passwords hacked.  That is bad enough, but what is worse is that the hack exposed clear text passwords!  Really???  To quote tennis great John McEnroe. "You can't be serious!"

I understand that the code came from a company they acquired but that doesn't matter at all to me and is simply no excuse.  To me, that only strengthens the case for short selling the stock (not to mention 5 CEO's in 5 years)...  They clearly didn't do any technical due diligence.  While a full blown review of the code they were buying might have been overkill, you sure do think they would have found that the passwords were being stored in clear text...

Unfortunately password hacks seems to have been a theme lately (i.e. LinkedIn, eHarmony, etc.).   LinkedIn got a lot of grief for not salting their password hash. Apparently these developers aren't even advanced enough to know how to hash a password let alone salt it. 

A whole host of questions pop into my mind after reading this.  Here are a few.

  • Do you know what your cloud vendor is doing?  
  • Are they storing your password hashed? 
  • Is your sensitive data (i.e. credit card numbers) stored encrypted? 
  • Do they have off-site back up that is encrypted?  
  • Are their employees screened? 
 

Link to posting on CNN Yahoo

Tuesday, July 3, 2012

Microsoft's 6.2 Billion Dollar Writedown

Yikes!  Microsoft reported yesterday that it took a 6.2 BILLION dollar charge almost entirely related to the acquisition of aQuantive. They acquired aQuantive back in 2007 for 6.3 billion dollars and at the time it was their largest acquisition. Since then they purchased Skype for 8.5 billion dollars making it now the largest acquisition to date.

For those not familiar with a charge/write down such as this, allow me to explain. They basically said that they have NOTHING left from the acquisition. Nothing.  Zilch.  They basically burned 6.2 billion dollars and almost all of it due to the acquisition of aQuantive.

Wow!  That isn't just a small minor mistake. That is a major goof if you ask me. Lots of folks clearly missed the mark.  The moral of the story for me is to take what a given vendor says to you with a grain of salt.   When they lay out their vision and tell you "x is going to be the standard, etc."  Know that it might not take.  The public and industry at large might not adopt the technology or product.  Lots of companies (not just Microsoft) are talking about cloud, saas, and private clouds, etc.  Is there widespread adoption?  These companies are spending millions/billions on what they see in the future, not what is here today and now.  What if they are wrong? 

Microsoft clearly thought they were going to get something from this acquisition and they valued it to the tune of 6.3 billion dollars.  To have just a few years go by and say we got nothing from it is staggering (to me).  Also looks to me like they tried to bury the news on a slow week with the 4th of July.

This also makes me look back at Skype acquisition.  I never blogged on that one but I sure had plenty of thoughts on it.  It didn't make sense to me when it happened and it doesn't make sense to me now.  In fact, with such a debacle as this it makes me second guess Skype even more.  Microsoft largely had all of the basic technology.  Sure Skype had the apps for the phones (primarily iPhone and Android) and a substantial user base, but keep in mind the company also had a loss of 7 million dollars when it was acquired.  Hmmm...  Almost sounds like the fury back in the .dot com bust days.  Lots of hype over business models that hadn't yet shown they could turn a profit. 

Microsoft does some pretty cool things, but they do make blunders.  I believe recent history here will repeat itself and in a few years Microsoft will find out that the Skype acquisition was not worth 8.5 billion dollars. 


A link to the press release can be found here