Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Change Your Linkedin Passwords

HeliX

By HeliX
in International News

Recommended Posts

Slim Newbie

Slim

Posted
Posted

I would. And he knows a heck of a lot more about security than you do.

 

Actually - I wouldn't pay much attention to anyone who wouldn't pay much attention to Steve Gibson.

 

Fair enough. Shows how much you know. smile.png

 

Helix, not sure posting stolen cracked passwords on here's the best idea.

Link to comment
Share on other sites
  • Replies 78
  • Created
  • Last Reply
pongo Rising Star

pongo

Posted
Posted

I would. And he knows a heck of a lot more about security than you do.

 

Actually - I wouldn't pay much attention to anyone who wouldn't pay much attention to Steve Gibson.

 

Fair enough. Shows how much you know. smile.png

 

I know that he knows a lot more about security and code than you ever will. Despite your hubris.

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted

I know that he knows a lot more about security and code than you ever will. Despite your hubris.

 

Right you are chief.

 

I think you fit the bill in the opening paragraph...

http://allthatiswron...son-is-a-fraud/

 

and

 

http://attrition.org/errata/charlatan/steve_gibson/

 

Gibson repeatedly proves he doesn't understand many of the subjects he opines loudly about. He's a bit of an idiot. I don't claim to know more than him and never have, but I do claim to have spotted when he's wrong. He does it quite a bit.

 

There's some very smart people around in infosec, follow them, not him.

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted

Slim - if you think about it for even a second - only idiots and nobodies ever take the time to write the sorts of personal polemics and rants which you have linked to. Think about it. These sorts of web pages speak the most about the sort of people who write them.

 

Many of the the points raised can be quickly dismissed. Eg the stuff about XP which was initially a security disaster until they switched on the firewall by default. But if you Google hard enough you can always find something to justify your latest argument.

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted

Slim - if you think about it for even a second - only idiots and nobodies ever take the time to write the sorts of personal polemics and rants which you have linked to. Think about it. These sorts of web pages speak the most about the sort of people who write them.

 

Many of the the points raised can be quickly dismissed. Eg the stuff about XP which was initially a security disaster until they switched on the firewall by default. But if you Google hard enough you can always find something to justify your latest argument.

 

Okay.

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
  • Author
Posted

Helix, not sure posting stolen cracked passwords on here's the best idea.

 

There's no usernames associated with them, so it's just a list of no-context strings. If you want to try each one against the 125million LinkedIn accounts, that's not really my shout... :)

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted

There's no usernames associated with them, so it's just a list of no-context strings. If you want to try each one against the 125million LinkedIn accounts, that's not really my shout... smile.png

 

Oh I don't mean that they're of any use, more that it's not a great idea to post anything stolen.

 

Good analysis of the password database vs various techniques here:

 

http://erratasec.blogspot.com/2012/06/linkedin-vs-password-cracking.html

Link to comment
Share on other sites
JumpUp Newbie

JumpUp

Posted
Posted

For anyone wondering if their password has been cracked yet:

http://leakedin.org/

Though this is PURELY for curiosity, whatever result it comes back with change your blummin' pass!

 

i changed my p/word shortly after this news broke as a standard recourse, i have entered my old p/word into this link to for it to say it HAS NOT been leaked, curiously my new p/word has been leaked! this link definitely is dodgy and im going to change my p/word once again

 

thanks helix!

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
  • Author
Posted

For anyone wondering if their password has been cracked yet:

http://leakedin.org/

Though this is PURELY for curiosity, whatever result it comes back with change your blummin' pass!

 

i changed my p/word shortly after this news broke as a standard recourse, i have entered my old p/word into this link to for it to say it HAS NOT been leaked, curiously my new p/word has been leaked! this link definitely is dodgy and im going to change my p/word once again

 

thanks helix!

 

The link is NOT dodgy, it simply means your "new" password is one that one of those 125million people has already used.

Link to comment
Share on other sites
Slim Newbie

Slim

Posted
Posted

 

The link is NOT dodgy, it simply means your "new" password is one that one of those 125million people has already used.

 

Also, if it's strong, it's probably uncracked and you're not at risk. All that page is doing is matching the hashes.

Link to comment
Share on other sites
JumpUp Newbie

JumpUp

Posted
Posted

it seems suspicious that since the story came about, my old password says it wasnt leaked but the new one has! i think you have to be more open minded about the ingenious ways hackers work, this site you have posted it most probably a data capture site which will link up the password when it is entered again on my browser and used with an email.

 

you cant rule out that it isnt dodgy, its just another tool used by the cybercriminals.

 

having worked in the IT security industry for many years i have enough awareness of the techniques either used or can be employed by these people.

 

check theregister.co.uk

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
  • Author
Posted

I, too, have workedin IT Security. If you think the site is dodgy then hash your passwords to SHA1 before putting them in.

 

It bothers me that you think it's possible to "link up the password when it is entered again on my browser and used with an email" if you're an IT Security Professional..

Outside of XSS attacks (which your browser will warn you against provided you're not using some godawful browser), and keyloggers, which you should know if you have, that's not possible. Also if it was a keylogger the website becomes irrelevant...

 

The source code for the site will show you exactly what it's doing, which is using javascript to hash your pass client side before it's sent to the server anyway.

Link to comment
Share on other sites
ans Newbie

ans

Posted
Posted

Isn't it amusing that the two people claiming to be knowledgeable in the in the infosec field are citing Gibson and TheReg as security sources? Don't get me wrong, I've read El Reg plenty, but anyone who doesn't think it's a lightweight tech news site for the masses is seriously deluded. It's not really well known as an in depth security research and information source. As for Gibson, well, whatever credibility he started with 15 years ago has pretty much vanished...

 

I'd be interested to see your summary of how the LeakedIn site performs the check, as well as where you think the risks are. It's a fairly basic process so it shouldn't take someone who has "worked in the IT security industry for many years" more than a few minutes to enlighten us all.

 

Edit: Bah, I knew I should have hit submit before going to make a coffee. Beaten!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...