Should we change our password yet? I see in Google that it's only in the last few minutes that LinkedIn even admitted that "some" passwords were stolen. Should we really change our password in a compromised system before its owner has told us that they know how the attacker got in and that they've closed the hole? Otherwise, if I'm the attacker, I'd be constantly dumping the same list, and doing diffs on the files. Because as indicated, people do repeat passwords across services, and now maybe I've gotten their "new" password that they're not going to change again and that might work on other systems as well.
I'm the camp that'll hang on until LinkedIn says they've patched the problem, otherwise I'm just risking giving away a second password. Just my opinion. On Wed, Jun 6, 2012 at 12:52 PM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmsl...@shaw.ca> wrote: > No! I'm *not* asking for validation to join a security group on LinkedIn! > > Apparently several million passwords have been leaked in an unsalted file, and > multiple entities are working on cracking them, even as we speak. (Type?) > > So, odds are "low but significant" that your LinkedIn account password may > have > been cracked. (Assuming you have a LinkedIn account.) So you'd better > change it. > > And you might think about changing the password on any other accounts you > have that use the same password. (But you're all security people, right? > You'd > *never* use the same password on multiple accounts ...) > > ====================== (quote inserted randomly by Pegasus Mailer) > rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org > It's important to be a go-getter. But it's even more important > to know what it is you want to go and get. - Gary Kallback > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links > http://blogs.securiteam.com/index.php/archives/author/p1/ > http://twitter.com/rslade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.