back to article Yahoo! and! Microsoft! have! long! way! to! go! in! account! hijack! fight!

Microsoft and Yahoo! are way behind Google in fighting account hijacking, according to security experts. Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011. The claim is …

COMMENTS

This topic is closed for new posts.
  1. Harvey Trowell
    Joke

    Kitchens Stoke On Trent

    Kitchens Stoke On Trent www.solidspamkitchen.co.uk

    Kitchens in Stoke On Trent with appliances for only £595, Tel 01234 567890

    Best value kitchens in Stoke On Trent. Kitchens Stoke On Trent

    1. Harvey Trowell
      WTF?

      WTF?

      I didn't post that, who's hijacked my Reg account? Blooming kids, mucking around, want to get real jobs, they'd get the birch back in my day, nowadays of course you're not allowed, heaven help us if there's a war, etc etc...

      1. Anonymous Coward
        Anonymous Coward

        Re: WTF?

        Hello. I'm planning a trip to Stoke on Trent. Could you recommend a good kitchen? I'd like something warm and homely but not twee. Nothing "cottage" in either sense thank you. Here's my credit card number: 4657 6235 9674 5396

        Thank you.

        Anne Ovine, Chesterfield.

  2. Androgynous Crackwhore
    Mushroom

    Poor RICHTO

    Looks like he won't be crawling out from under his rock again this week.

    <-- His favourite icon - in memory.

    1. Anonymous Coward
      Anonymous Coward

      Re: Poor RICHTO

      He's not been heard of since middle of January, mind there's a user who joined in the middle of January who looks and sound exactly like him ( hint : he's of the Prostetnic class )

      1. Androgynous Crackwhore
        Devil

        Re: Poor RICHTO

        No! You're not suggesting he's this poor soul? Whatever could have given you that idea?

        /sarc

        He somewhat amusingly just followed my posts back to this discussion! I don't think I'm being conceited - look at his timestamps (above and there).

        Checking me out RICHTO? Sorry dud, I've a strict policy against drug addicts and MS marketeers.

  3. Anonymous Coward
    Anonymous Coward

    The spammers broke audio "captcha"

    Once that happened, hundreds of thousands of new spammer accounts were created within minutes. Now they're all battling to find an alternative for the visually impaired.

    1. P_0

      Re: The spammers broke audio "captcha"

      Is any kind of CAPTCHA spammer-proof?

      1. mark 63 Silver badge

        Re: The spammers broke audio "captcha"

        not really cos they are all done by hand in automated sweatshops

  4. Nicholas Roberts
    FAIL

    Yahoo! spam reporting fail

    If you have ever tried to report spam from a compromised Yahoo! account, you know that they have no means to repoprt spam from their network. Their direct abuse address doesn't accept email anymore and suggests politely that you use their 'you beaut' html form.

    Problem is that the form just goes round and round in circles. You never get to a point where you can enter the header or body. If you sign in to a Yahoo! account and pretend that the email come from outside their network, this is adifferent story.

    My guess is that about 2 years ago Yahoo! got rid of all their abuse staff and now use some sort of automatic tool which seems to not be able to accept spam from their own network. Just guessin.

    1. Shannon Jacobs
      Holmes

      Yahoo just has the WILL to FAIL

      You'd think that Yahoo would be desperate enough by now to do something SUBSTANTIAL to improve their email system, since that's about the only thing they have left that's worth anything. Then again, the awful email system is probably what's keeping Yahoo afloat. It's such a mess that everyone is afraid to buy them out, even though the legacy of a large number of email users is supposed to have value.

      Hey, Yahoo! Why don't you make a GOOD email system by making it BAD FOR SPAMMERS? Why don't you give us the tools to give the spammers bloody hell?

      As regards the topic of the google stopping account theft, I really doubt it. The google has become so censorious, untrustworthy, and generally all around EVIL that I'm pretty sure it's another fake report. My theory would be that there was ONE spammer who was hijacking accounts on a large scale. That means when they finally figured out his trick and shut him down, they suddenly show a massive decrease in the so-called problem. Actually, it might have been a rather large problem for all we know. The google can simply juggle the pagerank to pitch things any way they prefer. Disagree with the google? Get disappeared.

  5. taxman
    Facepalm

    Yoohoo! Over here!

    It's all rather odd bodkins that Yeeeehaa! were one of the first to utilise DMARC/SPF/DKIM to identify that lovely pink meat, yet they are allowing the porkers to use their! service to promote the meaty loveliness.

    Fritters.

  6. mark 63 Silver badge

    How do accounts get hijacked?

    I know how nefarious types have ways of setting up large numbers of new accounts, and I know what spam looks like and therefore how they could detect amounts of spam spewing from one account ( some better than others apparently ). This article is about that happening on hijacked accounts.

    how do hijackers hijack real accounts in any kind of numbers?

    random pwd tries based on the user name?

  7. John Lilburne

    The company forum had 153 spammers signup over the weekend the favoured email suppliers for these spammers are gmail.com, mail.ru, and nokiamail.com, of the three gmail is way out in front, though come to think about it I've yet to see a legitimate signup from nokiamail.com

  8. Tom 35

    Don't forget

    Crap security questions. A 12 digit random password is not going to help if the answer to your security question is posted all over facebook.

  9. Ken Hagan Gold badge

    A possible explanation

    Perhaps a Google account is now worth more to its owner.

    If you don't take care of your google account, you might compromise all the related services (most obviously docs) that you get from Google, so you make more of an effort. For hotmail and yahoo, there probably are no such related services, so no such consequences, so no such care.

    It's still not quite the same as "I paid for this account, so I'll take care of it." but perhaps it is close enough. If so, the corollary is that this isn't going to change soon. Yahoo and Hotmail are not backed by a company willing to provide additional *free* services that might make those accounts equally valuable.

    1. Anonymous Coward
      Anonymous Coward

      Re: A possible explanation

      I think the reason that so few Google accounts get compromised any more is that about 60 million GMail users already moved across to Outlook.Com so that the contents of their emails don't get scanned and resold to the highest advertising bidder by the Borg....

  10. Anonymous Coward
    Anonymous Coward

    Maybe It's Because

    "Earlier this week Google said that "complex risk analysis" featuring "more than 120 variables" had reduced the number of compromised accounts on its system by 99.7 per cent, since the problem peaked in 2011."

    Funny how Google was the one that provided that initial information ehhh. And shockingly it is also a notation that they now only have 0.3% of their previous total number of hacked accounts......hmmmmmm can you say propaganda????

  11. Dozer
    Mushroom

    1 in 115???

    If I only got 1 spam per 115 legitimate Yahoo emails I would be one happy camper. My Spamassassin config automatically gives Yahoo 2.5 out of a needed 5 to get flagged.

    <-- Because that is what I would like to do to spammers.

  12. Anonymous Coward
    Anonymous Coward

    Security Bug Bounty Program is vital

    If MS and Yahoo! had bug bounty programs on their website similar to Google, Mozilla, Paypal, and Facebook, they could be far more secure than what they are currently.

    I am going to move my business account from Yahoo! to Google just for the security reasons. Every week, I am receiving spam emails from my friends Yahoo! accounts - no problem with Google though!

    Google cares more about security of its customers than Microsoft & Yahoo!

    see this yourself: www.google.co.uk/about/appsecurity/reward-program/

  13. BleedinObvious

    Android phones a factor?

    Since most Android phones are linked up directly via credit card and account to gmail accounts, might just be a punters being a magnitude more password hygenic (cash and phone pwnership) vs Y! + MSN accounts which often are used just for mail, or even simply low grade instant messenger accounts.

This topic is closed for new posts.

Other stories you might like