funsec mailing list archives
Re: LinkeDin!
From: Stephanie Daugherty <sdaugherty () gmail com>
Date: Wed, 6 Jun 2012 19:20:59 -0400
For me, the right answer would be to change the password to a random one, keep the random one in my password manager, and reevaluate the situation after they've had a chance to clean up their mess. On Wed, Jun 6, 2012 at 5:47 PM, Patrick Laverty <patrick_laverty () brown edu>wrote:
Should we change our password yet? I see in Google that it's only in the last few minutes that LinkedIn even admitted that "some" passwords were stolen. Should we really change our password in a compromised system before its owner has told us that they know how the attacker got in and that they've closed the hole? Otherwise, if I'm the attacker, I'd be constantly dumping the same list, and doing diffs on the files. Because as indicated, people do repeat passwords across services, and now maybe I've gotten their "new" password that they're not going to change again and that might work on other systems as well. I'm the camp that'll hang on until LinkedIn says they've patched the problem, otherwise I'm just risking giving away a second password. Just my opinion. On Wed, Jun 6, 2012 at 12:52 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> wrote:No! I'm *not* asking for validation to join a security group onLinkedIn!Apparently several million passwords have been leaked in an unsaltedfile, andmultiple entities are working on cracking them, even as we speak.(Type?)So, odds are "low but significant" that your LinkedIn account passwordmay havebeen cracked. (Assuming you have a LinkedIn account.) So you'd betterchange it.And you might think about changing the password on any other accounts you have that use the same password. (But you're all security people,right? You'd*never* use the same password on multiple accounts ...) ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org It's important to be a go-getter. But it's even more important to know what it is you want to go and get. - Gary Kallback victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- LinkeDin! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 06)
- Re: LinkeDin! Patrick Laverty (Jun 06)
- Re: LinkeDin! Stephanie Daugherty (Jun 06)
- Re: LinkeDin! Nick FitzGerald (Jun 06)
- Re: LinkeDin! Stephanie Daugherty (Jun 06)
- Re: LinkeDin! Patrick Laverty (Jun 06)