As Yahoo continues to investigate the biggest data breach in history, pressure is mounting on the company to admit when it knew about the attack, whether there was a delay in reporting it, and also about how it implements cryptography to secure data it’s responsible for.
Security company Venafi said it examined data from its internal certificate reputation service related to the security of Yahoo’s cryptographic keys and digital certificates. The results were a mixed bag of outdated hashing algorithms and self-signed certificates permeating Yahoo’s production environment.
Leave a reply
