LinkedIn Defends Security Practices, Leadership

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/attacks/240002005

By Mathew J. Schwartz
InformationWeek
June 13, 2012

Did LinkedIn drop the ball on information security?

In the wake of a breach of LinkedIn users' passwords that first came to 
light last week--after a subset of those passwords were uploaded to an 
online password-cracking forum--security pundits have been asking how 
much LinkedIn's business practices might have been at fault.

Multiple commentators have noted the absence of a chief security officer 
(CSO) or chief information security officer (CISO) on the LinkedIn 
organizational chart, with some inferring that the breach could thus be 
traced to a "lax security" attitude at the social network, because "no 
one was responsible for IT security," according to TechWireAsia.

But LinkedIn has defended its security posture and response to the 
breach, noting that after the password theft came to light early last 
week, by Thursday it had disabled the passwords on all accounts that 
were known to have been compromised by attackers. "At this time, there 
have been no reports of compromised LinkedIn accounts as a result of 
this password theft," according to a Tuesday LinkedIn blog post, which 
further noted that the company was "continuing to work with law 
enforcement as they investigate this crime."

[...]


--
Certified Ethical Hacker, ISSMP, ISSAP, CISSP training
with Expanding Security gives the best training and support.
Get a free live class invite weekly. Best programs, best prices.
http://www.ExpandingSecurity.com/PainPill