If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(C|Net)   6.5 million LinkedIn passwords leakedout   (news.cnet.com) divider line 124
    More: Dumbass, privacy issues, Graham Cluley, SOPHOS, LinkedIn  
•       •       •

10811 clicks; posted to Geek » on 06 Jun 2012 at 10:58 AM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



124 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2012-06-06 11:03:37 AM
Ah, that makes more sense. I didn't think I worked for "MAKE YOUR COMPUTER RUN 1500% FASTER. ARE YOU SURE YOU WANT TO CLOSE THIS WINDOW NOW?"
 
2012-06-06 11:03:58 AM
Guess I'll go ahead and change mine then, even though I'm still not sure what the hell I'm supposed to even do on LinkedIn.
 
2012-06-06 11:04:46 AM
shiat, I don't even remember mine! Now I'll never get my account back!
 
2012-06-06 11:05:19 AM
They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.
 
2012-06-06 11:05:37 AM

Hoboclown: Guess I'll go ahead and change mine then, even though I'm still not sure what the hell I'm supposed to even do on LinkedIn.


i've gotten several requests for linkedin but i can't figure out what you would use it for.
 
2012-06-06 11:06:15 AM
One more reason to avoid social networking sites.
 
2012-06-06 11:07:47 AM
Oh my! ....And to top it all, my linkedin password is the same as the one I have on my matched luggage!
 
2012-06-06 11:08:11 AM

Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.


The article states that the hashes were reportedly stolen, not clear text passwords. These are SHA-1 hashes. The hackers will be long dead before they crack them all unless they have a super-computer.
 
2012-06-06 11:10:46 AM

JackieRabbit: Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.

The article states that the hashes were reportedly stolen, not clear text passwords. These are SHA-1 hashes. The hackers will be long dead before they crack them all unless they have a super-computer.


Maybe, but people are saying that they've located the SHA-1 of their password, which means that LinkedIn is not using a salt.

That greatly reduces the effort needed to crack a SHA-1, because you only need the rainbow tables for characters that can be entered from a keyboard.
 
2012-06-06 11:10:51 AM
Maybe someone found my password...
 
2012-06-06 11:11:08 AM

Turfshoe: Did you know if you type your linked in password on FARK, it automatically asterisks it out.

I'll go first:

*********

Isn't that awesome? Give it a try!


Sweet. So is it a deal between the two companies? Let's see...

*

If this fails, your ass is grass.
 
2012-06-06 11:11:37 AM

Lurk sober post drunk: Hoboclown: Guess I'll go ahead and change mine then, even though I'm still not sure what the hell I'm supposed to even do on LinkedIn.

i've gotten several requests for linkedin but i can't figure out what you would use it for.


I've gotten a couple of really nice job offers through it. And it's good to keep track of people you know are work-wise. You never know when you need someone to put in a good word or make your CV skip the usual pile.
 
2012-06-06 11:11:37 AM
Don't really use it, but changed my password anyway.
 
2012-06-06 11:11:52 AM
Hey, it does work!
 
2012-06-06 11:12:27 AM
I am picturing all the recruiters as the ones having 'LinkedIn' as thier password.
 
2012-06-06 11:13:16 AM

JackieRabbit: Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.

The article states that the hashes were reportedly stolen, not clear text passwords. These are SHA-1 hashes. The hackers will be long dead before they crack them all unless they have a super-computer.


Ah, thats what I get for only skimming the article. Carry on!
 
2012-06-06 11:13:28 AM

Fluid: Don't really use it, but changed my password anyway.


I log in once or twice a year. I changed my password anyway.
 
2012-06-06 11:13:31 AM
Hey, if you get my password... um... network with me. I could use the help finding a job.

//Have actually got someone in my LinkedIn network that I know through Fark.
 
2012-06-06 11:14:46 AM

Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.


or plain text in a database that everyone at the company has a copy, since they simply export PROD and deploy to DEV.
 
2012-06-06 11:17:22 AM

sotua: Lurk sober post drunk: Hoboclown: Guess I'll go ahead and change mine then, even though I'm still not sure what the hell I'm supposed to even do on LinkedIn.

i've gotten several requests for linkedin but i can't figure out what you would use it for.

I've gotten a couple of really nice job offers through it. And it's good to keep track of people you know are work-wise. You never know when you need someone to put in a good word or make your CV skip the usual pile.


I got my current job off Linkedin. They were scouring for someone in the area with my skills. It seems kinda bs but its also good to do research on people you will be interviewing with. Its always nice to go into an interview informed.
 
2012-06-06 11:18:06 AM

Khakimonkey: Oh my! ....And to top it all, my linkedin password is the same as the one I have on my matched luggage!


I use the same BS password on all Inet accounts where I don't keep financial or other too personal data on. So I lol with your statement. Does make online password management easy. Especially for the accounts you rarely log into. And yes I know I could use an app or the browser to manage, but is your process is good, it really doesn't matter.
 
2012-06-06 11:20:26 AM
 
2012-06-06 11:22:00 AM

ILostMyPassword: Maybe someone found my password...


Won't help them much without your user name. According to TFA all they have is a bunch of password hashes, no user names.
 
2012-06-06 11:27:05 AM

Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.


That is what I was thinking. What kind of amateur hour do they have going on over there.
 
2012-06-06 11:28:41 AM

DECMATH: ILostMyPassword: Maybe someone found my password...

Won't help them much without your user name. According to TFA all they have is a bunch of password hashes, no user names.


no the article thinks the people who stole the info might have the usernames but they are not revealing them yet.
 
2012-06-06 11:29:06 AM

Thoguh: i've gotten several requests for linkedin but i can't figure out what you would use it for.

Because it's Facebook with job offers instead of cat videos.


Um, no.
 
2012-06-06 11:30:58 AM

TheAlgebraist: JackieRabbit: Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.

The article states that the hashes were reportedly stolen, not clear text passwords. These are SHA-1 hashes. The hackers will be long dead before they crack them all unless they have a super-computer.

Maybe, but people are saying that they've located the SHA-1 of their password, which means that LinkedIn is not using a salt.

That greatly reduces the effort needed to crack a SHA-1, because you only need the rainbow tables for characters that can be entered from a keyboard.


Yes, but what if they reverse the chantstring on their cleartables? It effectively doubles or quadruples the rotations needed to decode and delineate the parsetags.
 
2012-06-06 11:30:59 AM
I'm going to start using racial epithets for my passwords. That way, if they get stolen, there's a sporting chance I'll at least offend the hackers deeply.

You laugh, but I know some damn good epithets.
 
2012-06-06 11:31:52 AM

ramblemn: Alonjar: They seriously store the actual passwords in a file rather than hash checks?

For farks sake.... and i bet the people in charge of their security get paid significantly more than I do. I hate the world sometimes.

or plain text in a database that everyone at the company has a copy, since they simply export PROD and deploy to DEV.


People actually still do such stupid things? We mirror production to a QA system for regression testing, but only the testing and systems teams have access to these environments. DEV is completely separate and only the developers have access to that. Everyone else in the company has to go to the data warehouse.
 
2012-06-06 11:35:11 AM
I'm just going to change all my passwords to the name I use for my penis, since they're so much alike.

Long, hard to crack, gets entered into small boxes, and is generally kept private, but makes a public appearance on the internet every now and then.
 
2012-06-06 11:36:41 AM
I have no idea what all this technical stuff means, but I'll write about it anyway.
i.imgur.com
 
2012-06-06 11:39:06 AM

DECMATH: ILostMyPassword: Maybe someone found my password...

Won't help them much without your user name. According to TFA all they have is a bunch of password hashes, no user names.


I'd bet they do, since why release the passwords if they don't?
 
2012-06-06 11:39:47 AM

CasperImproved: I use the same BS password on all Inet accounts where I don't keep financial or other too personal data on. So I lol with your statement. Does make online password management easy. Especially for the accounts you rarely log into. And yes I know I could use an app or the browser to manage, but is your process is good, it really doesn't matter.


If that password is easy to guess, (i.e. in existing rainbow tables), then someone will try your email on all the common sites and lots of the uncommon sites. Its time to pick a new common password and reset all the others.

If you used "123LI", you know they will try "123TF" for your totalfark account in time.
 
2012-06-06 11:40:23 AM

special20: I have no idea what all this technical stuff means, but I'll write about it anyway.
[i.imgur.com image 140x100]


Ha, I didn't make the connection, but I just read his article on why Facebook will disappear in a few years because of one analyst's projection: Link
 
2012-06-06 11:42:15 AM

Hoboclown: I'm still not sure what the hell I'm supposed to even do on LinkedIn.


I think the point of it is to find out which friends of your high school friends work at some company you're applying for a job at, so you have a stranger's name you can drop during the interview.
 
2012-06-06 11:43:47 AM
Please for the love of tits let this be an end to those nonstop spamming motherfarkers.
 
2012-06-06 11:45:02 AM
I'm convinced this is just a ploy to get people to log into their failing business model with the hopes that a few will "rediscover" its value.
 
2012-06-06 11:45:59 AM
Well, I have not logged into that thing for a year, but better safe than sorry.
So I change my password and login, Under "People you may know" is a psychopathic ex of mine.
How the hell? She's in a different country, we don't share any friends or family or whatever, she's not
a Facebook friend and I have not talked to her in over ten years. Kinda creepy.
 
2012-06-06 11:47:33 AM

Thoguh: i've gotten several requests for linkedin but i can't figure out what you would use it for.

Because it's Facebook with job offers instead of cat videos.


thank you for the link?
 
2012-06-06 11:48:19 AM
Hey, make fun of LinkedIn all you want, but this little nugget right here should make it the joy of every Farker out there!

On May 3, 2012, LinkedIn announced it had acquired SlideShare, deemed "the YouTube of slide shows" for $119 million. It was stated that the purchase was done to give LinkedIn members a way to discover people through content. Slideshare attracts 29 million monthly visitors.[30]
 
2012-06-06 11:49:36 AM

Hoboclown: Guess I'll go ahead and change mine then, even though I'm still not sure what the hell I'm supposed to even do on LinkedIn.


RibbyK: One more reason to avoid social networking sites.


It's not a social networking site, it's a professional netowrking site. I too have had interviews through linked in. Similarly, when i've been hiring I use it to 1) find suitable candidates and 2) check applicants against. The content of recommendations is generally trite, but if someone has recommendations it means someone else thinks enough of them to spend the time writing it. If this is their manager or boss then it has some weight.
 
2012-06-06 11:49:40 AM

Jormungandr: Well, I have not logged into that thing for a year, but better safe than sorry.
So I change my password and login, Under "People you may know" is a psychopathic ex of mine.
How the hell? She's in a different country, we don't share any friends or family or whatever, she's not
a Facebook friend and I have not talked to her in over ten years. Kinda creepy.


It's because she looks you up on a nearly constant basis.
 
2012-06-06 11:52:14 AM
I just checked the SHA-1 hash of my linkedin password against the "dumped" hashes and it wasn't in there.
 
2012-06-06 11:54:48 AM
Hah, the "professional" network. What a joke.rewardslink.info
 
2012-06-06 11:55:47 AM

Zion21: Hah, the "professional" network. What a joke.


Maybe they know someone with good security knowledge?
 
2012-06-06 12:01:27 PM
I used it when I was in business management, but I stopped once I started teaching. Anyone know if I should revisit it? College writing teacher...I just assumed that academia would see it as modern and threatening.
 
2012-06-06 12:01:54 PM

probesport: Jormungandr: Well, I have not logged into that thing for a year, but better safe than sorry.
So I change my password and login, Under "People you may know" is a psychopathic ex of mine.
How the hell? She's in a different country, we don't share any friends or family or whatever, she's not
a Facebook friend and I have not talked to her in over ten years. Kinda creepy.

It's because she looks you up on a nearly constant basis.


Seriously?
Well, that is kinda creepy if true. Google - fu reveals that people can get suggested if they have you in their contacts that get imported. Others suggest as you said, getting searched for.
 
2012-06-06 12:05:58 PM
Does the LinkedIn app really require a user to disable the calendar sync feature explicitly? If it does, then it's not opt-in, but opt-out, and the article writer doesn't show understanding of the difference.
 
2012-06-06 12:09:19 PM
I Just changed my password from 123 to 321. That'll teach 'em
 
2012-06-06 12:10:16 PM

Jormungandr: nder "People you may know" is a psychopathic ex of mine.
How the hell? She's in a different country, we don't share any friends or family or whatever, she's not
a Facebook friend and I have not talked to her in over ten years. Kinda creepy.


When you say "ex", do you mean ex-gf or ex-wife? If it is the latter, it is a matter of public record and there are companies out there who collect these records and cross-reference them for sites like Linkdn. My ex-wire often comes up as possible related on people search engines of me.
 
Displayed 50 of 124 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »





Report