Change your LinkedIn passwords
#1
Change your LinkedIn passwords
Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
#2
Re: Change your LinkedIn passwords
Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
#3
Re: Change your LinkedIn passwords
Quite a lot of you folks use LinkedIn here, so thought you might be interested if you haven't already heard:
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
6.5M passwords leaked in a hack - http://www.telegraph.co.uk/technolog...passwords.html
Though don't know how much of a threat it really is as I think they only stole the hash keys, so alone not that much use.
Either way, probably still worth changing your password.
I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
#4
Re: Change your LinkedIn passwords
Seems there might be another issue with LinkedIn to be aware of if you use the iPhone app.
http://arstechnica.com/apple/2012/06...-linkedin-app/
http://arstechnica.com/apple/2012/06...-linkedin-app/
#5
Re: Change your LinkedIn passwords
More to the point, if you've used the same password on other sites, change it there too, using a different password for every site.
I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
Basically if the hash tables haven't been salted, you're boned.
I'm guessing it's time to use KeePass to auto generate passwords, for individual sites now being a must....or use weird, long pass phrases.
http://keepass.info/
#6
Rootbeeraholic
Joined: Aug 2009
Location: Houston, Tx
Posts: 2,280
Re: Change your LinkedIn passwords
Done. Thanks for the heads up. I hadn't gotten around to checking the beeb yet today.
#10
Re: Change your LinkedIn passwords
Heads up... Todays winner is... Last.FM
Hacked... Check those passwords.
http://arstechnica.com/security/2012...eir-passwords/
Might be easier to list the places that havent been hacked recently.
Hacked... Check those passwords.
http://arstechnica.com/security/2012...eir-passwords/
Might be easier to list the places that havent been hacked recently.
#11
Re: Change your LinkedIn passwords
More to the point, if you've used the same password on other sites, change it there too, using a different password for every site.
I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
I seen some suggestions that LinkedIn weren't salting their password hashes, which makes the leaked hashes vulnerable to brute force attacks, which are getting easier and easier with modern GPUs. For those of a technical bent, this article is interesting reading - for non-techies, the bottom line from it is that your passwords need to be at least 12 characters long to be reasonably secure these days.
I simply do not understand why businesses like LinkedIn aren't choosing to use the securest possible methods to protect their clients - it's not like it would really cost them serious money to do it.
#12
Re: Change your LinkedIn passwords
Have used hash/salt for quite some time for password protected applications and came across this a while back which looks interesting: http://bcrypt.codeplex.com/. Will be evaluating this and, if secure enough, reversing into the current application.
I simply do not understand why businesses like LinkedIn aren't choosing to use the securest possible methods to protect their clients - it's not like it would really cost them serious money to do it.
I simply do not understand why businesses like LinkedIn aren't choosing to use the securest possible methods to protect their clients - it's not like it would really cost them serious money to do it.
#13
Re: Change your LinkedIn passwords
Indeed though I suspect it';s becuase a lot of social networking companies are not created by professionals and only hire fresh out of college (cheap) and inexperienced developers who neither recall such incidents nor fully understand the ramifications of a poor security model.
#14
Re: Change your LinkedIn passwords
Indeed though I suspect it';s becuase a lot of social networking companies are not created by professionals and only hire fresh out of college (cheap) and inexperienced developers who neither recall such incidents nor fully understand the ramifications of a poor security model.
Apparently linked in is saying the emails haven't been hacked, they think, possibly. If that's the case, passwords alone aren't to much use. Bit late to be salting the passwords now though, but better late than never...
#15
Re: Change your LinkedIn passwords
Right now, these hackers can
1) Find you a job
2) Get you a date
3) Play you some romantic music
They should start a Social site or something.
1) Find you a job
2) Get you a date
3) Play you some romantic music
They should start a Social site or something.