Friday Sep 22

Posts Tagged ‘breach’

Jun
10/12
Three reasons you care about the LinkedIn breach
Last Updated on Monday, 11 June 2012 01:35
Written by jj
Sunday, June 10th, 2012
Share

I’ve been reading the flurry of posts, blogs, tweets and offhanded comments regarding LinkedIn’s recent data breach. I’m calling it a data breach here, not a password hash breach, because at this point, I don’t think anyone knows the extent of damage, or the full breadth of what data may have been taken.

Overheard in conversations, both in person and online, are comments “I don’t care about LinkedIn, I don’t need to change my password” and “they’re just hashes, only a few passwords were posted.” To those of you with this attitude, I think you’re missing the bigger picture. (more…)

Tags: , , , ,   |  Posted under Crypto, Industry Insider  |  Comments  No Comments
Jun
10/12
LinkedIn: Don’t just change your password, do this
Last Updated on Monday, 11 June 2012 01:36
Written by jj
Sunday, June 10th, 2012
Share

Don’t just change your password, do this

I disagree with a lot of the sites that have made the simple recommendation to change your LinkedIn password. LinkedIn added the recommendations that users change passwords at other sites, change passwords often, and use greater complexity (more combinations of numbers, letters, characters and capitals). I’m going to go one step further and be very specific in my recommendations. (more…)

Jun
10/12
Correcting colleagues on LinkedIn salting and hashing details
Last Updated on Monday, 11 June 2012 04:24
Written by jj
Sunday, June 10th, 2012
Share

I’d like to note there are some articles out there with misinformation as to the salting and hashing methods and abilities of LinkedIn to retroactively fix the issue of unsalted passwords.

In one particular article at Computer World  a reference was cited as saying LinkedIn could not have implemented the salting feature with the already-created database of hashes, and that salting could only be implemented with the original password, when a user created or changed a password. (more…)

Tags: , , , ,   |  Posted under Crypto, Industry Insider  |  Comments  3 Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs