Oracle MICROS POS Yahoo answers

ANALYSIS Fallen web giant Yahoo has been branded negligent for failing to tackle the prodigious challenge of upgrading its MD5 password security before some one billion accounts were stolen.Hackers stole names, addresses, phone numbers, and MD5 hashed passwords in a coup for social engineers who could use the information to compromise the very identity of users.That eye-watering news followed the company's September admission that 500 million accounts had been stolen in seperate attacks by alleged state-sponsored hackers in 2014, an incident that came two years after staff became first aware of the hack.Yahoo's service, including scores of American subscribers to major cable and DSL telcos including AT&T which use Yahoo for its default email services, along with Kiwi carrier Spark which ditched the service in September."What is most important is whether the hashes, be they MD5, SHA1, or SHA256, are salted, " Goldberg says. "There is absolutely no excuse to use unsalted hashes."But that the Purple Palace was even using the algorithm has drawn steep criticism from established security boffins."The MD5 hashing algorithm has been considered not just insecure, but broken, for two decades, " says Ty Miller, director of Sydney-based security firm Threat Intelligence, noting that MD5 collision vulnerabilities were found in 1996 with practical attacks developed in 2005."I consider it negligent of an organisation such as Yahoo, which has an obligation to protect the private data of over one billion users, to be using such an outdated and ineffective control to protect the passwords of its customers."