greg hughes - dot net
Note that the contents of this site represent my own thoughts and opinions, not those of anyone else - like my employer - or even my dog for that matter. Besides, the dog would post things that make sense. I don't.
 Wednesday, 06 June 2012
A topic I always enjoy... I post this with the hope that you’ll be able to take something from it as a message to carry to others. You may have heard that apparently the LinkedIn password list consisting on 16.5 million passwords was stolen and a table of hashed password values has been posted online. You may have received emails from concerned people you know, intended to let you know about the issue. And while it’s a good idea to change your password now, I wanted to take the opportunity to expand on the topic a bit. One message I consistently try to send is that it’s *always* a good idea to change your passwords regularly to protect against threats such as this and others. This specific case (as the info is exposed today) doesn’t represent an immediate broad threat for LinkedIn accounts, beyond the ability to potentially build a library of valid passwords sans usernames. But, there is enough information exposed to suggest a need to take reasonable action. In this case, the leaked info is a hashed (encrypted weakly but non-reversible) password list. The version of the list posted online contains only the hashed password values and not the associated user names or email addresses. However, the bad guys could possess that additional info, and just not be releasing it. Yet. We don’t know. “Hashed” means you cannot simply unencrypt the list and see the actual passwords. Instead you’d have to create your own list or library of possible passwords, create hashes for all of those, and then compare the resulting hashes to the stolen password hash list to find any matches. At that point, you’d know that you have a valid password for *someone’s* account on LinkedIn, but you would not know whose account the password it is associated with (since the login emails were not posted). But again, that account login/email info might be held by the bad guys who posted the hash list, there’s no way to tell for sure. If the bad guys also have the account names/email addresses, the real risk is that they would do a dictionary discovery “attack” against the hashed password list, correlate the resulting validated passwords to the respective email addresses (LinkedIn uses your email address as the login name) and then use those credentials to try to access LinkedIn -- as well as to attempt to access other sites/services where people might (and likely do) use the same login credentials. So, yes. Change your passwords, not only on LinkedIn but also on other sites where the same user name and password are used. But do it because it’s always been a good thing to do, not just when credential theft scares happen to come up. And also know that an actual readable list of Linkedin passwords and other login credentials have not been posted in the wild -- at least not yet.
© Copyright 2013 Greg Hughes

This work is licensed under a Creative Commons License.
 | This page was rendered at Tuesday, 05 March 2013 15:04:16 (Pacific Standard Time, UTC-08:00)
newtelligence dasBlog 2.1.8015.804
|
"Computers used to take up entire buildings, now they just take up our entire lives."
- Unknown
"So how do you know what is the right path to choose to get the result that you desire? And the honest answer is this... You won't. And accepting that greatly eases the anxiety of your life experience."
Syndication [XML] and .net Alerts
For lazy, highly-technical or enlightened people, get this site's content without the use of a web browser. I use FeedDemon for this, but you can choose your own. Subscribe - click the icon for my feed... or sign up for Microsoft Alerts to receive updates through your MSN Messenger, e-mail, or mobile device. Click the orange button thingie to sign up with your Passport account: 
Contact
Drop me an email: Phone: 503-766-2258
Add me to MSN Messenger
Monthly Archive
October, 2012 (2) |
June, 2012 (1) |
November, 2011 (1) |
October, 2011 (7) |
July, 2011 (1) |
May, 2011 (1) |
April, 2011 (1) |
January, 2011 (2) |
December, 2010 (3) |
November, 2010 (2) |
October, 2010 (1) |
September, 2010 (1) |
July, 2010 (1) |
June, 2010 (13) |
May, 2010 (4) |
April, 2010 (10) |
February, 2010 (1) |
January, 2010 (2) |
December, 2009 (1) |
November, 2009 (2) |
September, 2009 (2) |
August, 2009 (1) |
July, 2009 (2) |
June, 2009 (4) |
May, 2009 (7) |
April, 2009 (3) |
March, 2009 (5) |
February, 2009 (1) |
January, 2009 (10) |
December, 2008 (7) |
November, 2008 (7) |
October, 2008 (18) |
September, 2008 (18) |
August, 2008 (18) |
July, 2008 (35) |
June, 2008 (16) |
May, 2008 (12) |
April, 2008 (16) |
March, 2008 (22) |
February, 2008 (32) |
January, 2008 (9) |
December, 2007 (6) |
November, 2007 (4) |
October, 2007 (19) |
September, 2007 (36) |
August, 2007 (19) |
July, 2007 (17) |
June, 2007 (16) |
May, 2007 (13) |
April, 2007 (11) |
March, 2007 (5) |
February, 2007 (14) |
January, 2007 (16) |
December, 2006 (16) |
November, 2006 (4) |
October, 2006 (23) |
September, 2006 (14) |
August, 2006 (21) |
July, 2006 (34) |
June, 2006 (25) |
May, 2006 (20) |
April, 2006 (20) |
March, 2006 (17) |
February, 2006 (34) |
January, 2006 (30) |
December, 2005 (23) |
November, 2005 (39) |
October, 2005 (30) |
September, 2005 (49) |
August, 2005 (31) |
July, 2005 (21) |
June, 2005 (35) |
May, 2005 (53) |
April, 2005 (54) |
March, 2005 (60) |
February, 2005 (27) |
January, 2005 (59) |
December, 2004 (70) |
November, 2004 (58) |
October, 2004 (55) |
September, 2004 (64) |
August, 2004 (53) |
July, 2004 (65) |
June, 2004 (50) |
May, 2004 (49) |
April, 2004 (26) |
March, 2004 (20) |
February, 2004 (26) |
January, 2004 (28) |
December, 2003 (12) |
October, 2003 (8) |
September, 2003 (11) |
August, 2003 (1) |
On this page
Search and Translate this Site
Blog Posting Categories
Navigation Links
Blogroll
Scott Adams' Dilbert Blog
Scott Adams is the creator of Dilbert, and his blog is an incredibly smart, clever and often funny (sometimes very serious) look at the world. Everyone should read this blog. |
Alex Scoble
Alex is a former coworker who blogs about a variety of IT-related topics. |
Brent Strange
Brent is a cool dude and a great QA guy that I used to work with. His blog is, appropriately, focused on QA and testing technology. |
Chris Brooks
Chris was formerly my boss at work and is an avid board gamer and photographer. He always has some new info about top-notch board games you may have never heard of, so if you're into them, you should check out this blog. |
Chris Pirillo
Lockergnome by trade, Chris is always up to something new. If you are not familiar with the Lockergnome newsletters, be sure to check them out, too. |
Matthew Lapworth
Matt's a software developer and friend. He seems to enjoy extreme sports. That's fine as long as he doesn't, like, die or something. |
Milind Pandit
Milind writes about all sorts of interesting stuff. We worked toegther for eight years, and he worked at our employer longer than I, which pretty much makes him old as dirt in company time. :) |
MSFT Security Bulletins [RSS]
RSS feed for all Microsoft security bulletins provides an always-up-to-date list of updates along with complete descriptions of each. |
neopoleon.com
Rory Blyth is one of the funniest and most thought-provoking bloggers I read. And I blame him for everything. Literally. |
Scott Hanselman
Scott's computerzen blog is a popular spot for all things .NET and innovative. I used to work with him, but then he went off to Microsoft. He's one of the smartest guys I know, and arguably the best technical presenter around. |
Sign In
Who Links Here
Total Posts: 1891 This Year: 0 This Month: 0 This Week: 0 Comments: 3465
Android (7) Apple (67) AudioBlogging (42) Aviation (2) Blogging (154) Fireworks (5) Geek Out (130) GnomeDex (20) Google Voice (1) Helping Others (27) Home Servers (5) Humor (144) IT Security (218) Kineflex Artificial Disc Surgery (17) Management (8) Microsoft Office (4) Mobile (139) Movies (31) Mt. St. Helens (13) Office 2003 (52) OneNote (29) Personal Stories (164) Photography (29) Random Stuff (642) RSS Stuff (47) RunAs Radio (28) Safe Computing (39) SharePoint (56) Tablet PC (42) Tech (1037) Things that Suck (69) Windows (7) Windows Media Technology (27)
|