Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Change Your Linkedin Passwords

HeliX

By HeliX
in International News

Recommended Posts

  • Replies 78
  • Created
  • Last Reply
HeliX Grand Master

HeliX

Posted
  • Author
Posted

Keepass is a good solution to keep your passwords complex and (almost) uncrackable, and it's free.

 

Yup! And if you need to share files containing passwords between locations, dropbox + truecrypt.

Link to comment
Share on other sites
Chinahand Experienced

Chinahand

Posted
Posted

@Helix - the link you've provided looks hugely dodgy. You are providing it with a password, and when you submit it your IP address. That looks like a phishing expedition if ever there was one!

 

Question: were both passwords AND email addresses stolen?

 

If all they've got is passwords its not that useful, surely? What's important is the link between the password and the login id/email.

 

Surely, most companies only give you so many log in attempts and then lock you out to stop people with a huge database of common passwords just working down the list? Or is Linkedin different?

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted

@Helix - the link you've provided looks hugely dodgy. You are providing it with a password, and when you submit it your IP address. That looks like a phishing expedition if ever there was one!

 

If you are worried then the obvious thing to do would be to change your password before checking whether your previous password is on the list.

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted

If all they've got is passwords its not that useful, surely? What's important is the link between the password and the login id/email.

 

The passwords aren’t linked to usernames, but Finnish security company Cert-Fi says that it’s likely the hacker has access to the usernames as well.

 

Mashable says that though the passwords are encrypted with the SHA-1 hash function, they aren’t salted. In plain English, that means that it’s easier for an enterprising hacker to figure out what passwords the encrypted hashes represent through trial and error; a salt adds a significantly more complicated degree of encryption, but apparently wasn’t in use by LinkedIn.

 

LinkedIn said on Twitter that it’s investigating the potential password hack. In the meantime, it's another good reminder to use a different password for each of your different Web services; if you have a LinkedIn account and use the same password elsewhere, you may want to start changing some of those passwords now.

 

http://www.macworld.com/article/1167113/linkedin_privacy_issues_possible_password_breach_ios_app_data_leak.html

Link to comment
Share on other sites
The Old Git Proficient

The Old Git

Posted
Posted

@Helix - the link you've provided looks hugely dodgy. You are providing it with a password, and when you submit it your IP address. That looks like a phishing expedition if ever there was one!

 

Steve Gibson from GRC and other I trust say it's OK. It seems to be all javascript that runs in your browser.

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted

@Helix - the link you've provided looks hugely dodgy. You are providing it with a password, and when you submit it your IP address. That looks like a phishing expedition if ever there was one!

 

I changed my password then ran the old one through the test. It's encrypting it locally in js and matching the hashes which you can verify from the source of the page.

 

If all they've got is passwords its not that useful, surely? What's important is the link between the password and the login id/email.

 

The passwords they find will go into rainbow tables and get used for brute forcing. As most people use the same password for multiple sites, the hit rate will increase.

 

I found my password, but my account (apparently) isn't included. So my fairly random/strong password was the same as someone elses. I've now made it stronger!

 

I wouldn't pay much attention to Steve Gibson though.

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted

I wouldn't pay much attention to Steve Gibson though.

 

I would. And he knows a heck of a lot more about security than you do.

 

Actually - I wouldn't pay much attention to anyone who wouldn't pay much attention to Steve Gibson.

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
  • Author
Posted

@Helix - the link you've provided looks hugely dodgy. You are providing it with a password, and when you submit it your IP address. That looks like a phishing expedition if ever there was one!

 

Question: were both passwords AND email addresses stolen?

 

If all they've got is passwords its not that useful, surely? What's important is the link between the password and the login id/email.

 

Surely, most companies only give you so many log in attempts and then lock you out to stop people with a huge database of common passwords just working down the list? Or is Linkedin different?

 

 

The link is fine, the pass is hashed client-side before the server processes it. If you're worried hash the password yourself and put it in.

 

Yes, both were probably stolen. Only passes have been released so far, but if they were taken from the database there is 0% chance that they didn't take the Usernames too.

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
  • Author
Posted

On top of the ~3.5mil passwords that the hackers have cracked, I've now cracked this 125:

 

 

 

Loaded 6458020 password hashes with no different salts (Raw SHA-1 [sSE2 4x])

Remaining 6458014 password hashes with no different salts

SocialMedia (?)

linkeddeknil (?)

lihatlihat (?)

tnemtiurcer (?)

linkedinfrance (?)

LinkedLinked (?)

LesEchos (?)

maafmaaf (?)

España (?)

München (?)

Nürnberg (?)

Paraná (?)

Whitstable (?)

Zürich (?)

attaché (?)

garçon (?)

garçons (?)

métairie (?)

piraña (?)

rivière (?)

réseau (?)

véronique (?)

éolienne (?)

quadrigesima (?)

Collateralized (?)

Cornmill (?)

Lighthouseman (?)

beerbellies (?)

akratic1 (?)

jammable1 (?)

Jinzhou1 (?)

Moogs1 (?)

Agroforester1 (?)

Calpain1 (?)

Darcies1 (?)

Douleia1 (?)

Fleckers1 (?)

Hooleys1 (?)

Jemimas1 (?)

Pheresis1 (?)

Poonces1 (?)

Punchbags1 (?)

Toyings1 (?)

abujaabuja (?)

arleenarleen (?)

armondarmond (?)

breaksbreaks (?)

cymrucymru (?)

dingledingle (?)

dorseydorsey (?)

efrainefrain (?)

ileanaileana (?)

janithjanith (?)

liberalibera (?)

lucienlucien (?)

mumbaimumbai (?)

nansennansen (?)

natalanatala (?)

robsonrobson (?)

salemasalema (?)

streepstreep (?)

sudhirsudhir (?)

sunmansunman (?)

trudietrudie (?)

avantiavanti (?)

bandarbandar (?)

bonzerbonzer (?)

brownybrowny (?)

caligocaligo (?)

flyboyflyboy (?)

frijolfrijol (?)

gazalgazal (?)

giftedgifted (?)

grampsgramps (?)

liberolibero (?)

mashiemashie (?)

perpsperps (?)

rucsrucs (?)

shoppyshoppy (?)

sweirsweir (?)

yahsyahs (?)

obutanip (?)

renilthgierf (?)

CONSERVATORIUM (?)

LAPAROSCOPY (?)

elysées (?)

mañanas (?)

brylcrm (?)

chmnyswp (?)

rbbrstmp (?)

AtivanAtivan (?)

BikoBiko (?)

BolBol (?)

GracieGracie (?)

KendraKendra (?)

MalangMalang (?)

MorMor (?)

ZiboZibo (?)

FerFer (?)

MoggieMoggie (?)

OuiOui (?)

PlasmaPlasma (?)

Epotipe (?)

arbassabra (?)

ekkassakke (?)

lomassamol (?)

Childminding2 (?)

Telicity2 (?)

Jobshare! (?)

Dingers3 (?)

Nupes5 (?)

Quesadillas5 (?)

Euphobia6 (?)

denziling (?)

greensboring (?)

tuckying (?)

coldsing (?)

eldercaring (?)

hondlesing (?)

paddlesing (?)

praisering (?)

quiltsing (?)

silencesing (?)

Dreamtiming (?)

Jaehning (?)

guesses: 125 time: 0:00:00:09 DONE (Thu Jun 7 14:42:15 2012) c/s: 10735G

 

 

 

Considering how easy it was (For some of them I just grabbed keywords and mangled them, the rest are dictionary words joined together + numbers), if your password is in this list you are bad and should feel bad.

Link to comment
Share on other sites
P.K. Grand Master

P.K.

Posted
Posted

Not exactly a life-threatening breach of security though is it?

 

The Mash:

 

LinkedIn hack 'an anti-prick hate crime'

 

THE theft of passwords from networking site LinkedIn is a direct attack on the world’s prick and douchebag communities, it has been claimed.

 

LinkedIn had become hugely popular with the world’s sizeable prick population, as it allows those who claim to be ‘Global President of Cross-Platform Technologies’ at a make-believe company to connect with similarly-deluded dipshits.

 

Etc: http://www.thedailym...e-2012060729702

 

I accidentally found someone I know on LinkedIn and I can personally vouch for just how unerringly true the above statements are. Some snippets from his over-worked imagination posted on www.pretentiouspricks.net LinkedIn that demonstrate so readily just how far some folks have their head up their own arse:

 

"Equally confident operating as Project Manager, Consultant and Business Analyst. Adept at working with prospective clients, customers, suppliers and technical teams at all levels.

 

A wide range of industrial sector experience, having worked in retail banking, general insurance, software houses, mobile telecommunications, manufacturing and finance houses in the UK and Europe.

 

An expert requirements analyst, risk manager, researcher, planner, man-manager and project manager.

 

A confident team player, flexible about travel and proven cross-national and cross-cultural work experience. Attentive to detail and results oriented."

 

Missing from the above: "Have been unemployed for the last six years or so."

 

The Defence rests....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...