funsec mailing list archives

Re: LinkeDin!

From: Patrick Laverty <patrick_laverty () brown edu>
Date: Wed, 6 Jun 2012 17:47:11 -0400

Should we change our password yet? I see in Google that it's only in
the last few minutes that LinkedIn even admitted that "some" passwords
were stolen. Should we really change our password in a compromised
system before its owner has told us that they know how the attacker
got in and that they've closed the hole? Otherwise, if I'm the
attacker, I'd be constantly dumping the same list, and doing diffs on
the files. Because as indicated, people do repeat passwords across
services, and now maybe I've gotten their "new" password that they're
not going to change again and that might work on other systems as
well.

I'm the camp that'll hang on until LinkedIn says they've patched the
problem, otherwise I'm just risking giving away a second password.

Just my opinion.


On Wed, Jun 6, 2012 at 12:52 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rmslade () shaw ca> wrote:

No!  I'm *not* asking for validation to join a security group on LinkedIn!

Apparently several million passwords have been leaked in an unsalted file, and
multiple entities are working on cracking them, even as we speak.  (Type?)

So, odds are "low but significant" that your LinkedIn account password may have
been cracked.  (Assuming you have a LinkedIn account.)  So you'd better change it.

And you might think about changing the password on any other accounts you
have that use the same password.  (But you're all security people, right?  You'd
*never* use the same password on multiple accounts ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
It's important to be a go-getter.  But it's even more important
to know what it is you want to go and get.           - Gary Kallback
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

LinkeDin! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 06)
- Re: LinkeDin! Patrick Laverty (Jun 06)
  - Re: LinkeDin! Stephanie Daugherty (Jun 06)
    - Re: LinkeDin! Nick FitzGerald (Jun 06)