LinkedIn users change yer password!

Damn it. Someone cracked my account and discreetly changed one of my previous jobs to "Actor - Adult Films". I'm considering leaving it there...could be a good conversation starter.
 
I was thinking similarly... They change my past, maybe it'll be something more interesting.
 
"Members would receive an email with instructions on how to reset them, the company said."

How would a user (if they had not kept up with computing news) know the request to change their pw was valid?
I get a constant barrage of bogus things from "FB", "YT", "ebay", "paypal" to do this or that, and I ignore them all as mostly - they are nonsense.
 
Haven't received any notice that my account was hacked, but if it was, then the first thing I'd do after a password reset would be to delete my LinkedIn account.
 
denverpilot said:
Sysadmins who store un-salted passwords on any machine with any kind of public-side Internet access, should be shot.
Click to expand...

+1

It is getting to the point where I am willing to consider criminal sanctions against businesses that are so f'ing clueless. Their choice of SHA1 angers me further. The IT security equiv of AF447 ...
 
LOooooool at the anger of know-it-alls.

Here's one example: Amazon S3. You know that one, right? The biggest object public store service on the planet by orders of magniture. 650k IOPS all day long. And it uses HMAC auth. You know what it means? The passwords to it must be stored at Amazon in plaintext, otherwise the servers cannot reconstruct HMACs.

Yeah, well, it's sad that LinkedIn leaked, and unsalted passwords were kinda weak sauce, but how is that a big deal?

Perhaps I don't want to throw stones because of these glass walls:
https://github.com/zaitcev/slasti/commit/92576f4c87938eae2c8132321cffab2af45dfa05
Oh lookie, MD5.

P.S. Do not change your password. Change it in a week or two, when the internal security at LinkedIn is beefed up.
 
My account is all effed up. When I enter my user name and password, I actually gain access to someone else's account!

Luckily, LinkedIn is about as passe' as MySpace...
 
Yah, it's not like it's your brokerage account and no one here would use the same password for POA/Facebook/LinkedIn/Bank Account and eTrade? would they? :rofl:
 
Can someone please translate the terms used here (aka technical mumbo jumbo) and pls start w unsalted.
 
> LOooooool at the anger of know-it-alls ...
> P.S. Do not change your password. Wait a week.

Pete,

Your advice is incomplete. Change it now ... AND ... change it again. A
week or a few days, but change it multiple times, over time ... for the
reason you state.

Equally important:

For those that use the same or similar passwords on multiple sites (~half
the users), you also need to change your password on those sites too.
Yes, multiple times.

> Amazon S3

I don't recall anyone here suggesting (Amazon) S3 as a good example.
But it is certainly is a fashionable answer. Ditto DropBox. There are
*plenty* of fashionable services, that are doing it profoundly wrong, and
placing users' data at unnecessary and avoidable risk.
 
Last edited:
Jay Honeck said:
My account is all effed up. When I enter my user name and password, I actually gain access to someone else's account!

Luckily, LinkedIn is about as passe' as MySpace...
Click to expand...

I've had several legitimate job leads (IT Industry) due to Linked In.
 
MadseasoN said:
I've had several legitimate job leads (IT Industry) due to Linked In.
Click to expand...

"Help Wanted: Dynamic Business-oriented social media company seeks system administrator who has a solid background in system security. Extra consideration given for candidates who have experience in setting up user authentication systems that do not leak usernames and passwords to the public Internet. Resume's can be sent to wefiredthelastguy@linkedin.com."
 
denverpilot said:
"Help Wanted: Dynamic Business-oriented social media company seeks system administrator who has a solid background in system security. Extra consideration given for candidates who have experience in setting up user authentication systems that do not leak usernames and passwords to the public Internet. Resume's can be sent to wefiredthelastguy@linkedin.com."
Click to expand...

Good one.
 
I like my passwords with Ketchup. Or maybe grilled with a little basil.
 
'meanwhile, my dad's LinkedIn password is compromised every time he calls our dog in public...'
 
>fired the last guy ...

Seems that LinkedIn has finallyed admitted the obvious. No CIO. No CISO/CSSO.
 
You must log in or register to reply here.
Back
Top