For me, the right answer would be to change the password to a random one, keep the random one in my password manager, and reevaluate the situation after they've had a chance to clean up their mess.
On Wed, Jun 6, 2012 at 5:47 PM, Patrick Laverty <[email protected]>wrote: > Should we change our password yet? I see in Google that it's only in > the last few minutes that LinkedIn even admitted that "some" passwords > were stolen. Should we really change our password in a compromised > system before its owner has told us that they know how the attacker > got in and that they've closed the hole? Otherwise, if I'm the > attacker, I'd be constantly dumping the same list, and doing diffs on > the files. Because as indicated, people do repeat passwords across > services, and now maybe I've gotten their "new" password that they're > not going to change again and that might work on other systems as > well. > > I'm the camp that'll hang on until LinkedIn says they've patched the > problem, otherwise I'm just risking giving away a second password. > > Just my opinion. > > > On Wed, Jun 6, 2012 at 12:52 PM, Rob, grandpa of Ryan, Trevor, Devon & > Hannah <[email protected]> wrote: > > No! I'm *not* asking for validation to join a security group on > LinkedIn! > > > > Apparently several million passwords have been leaked in an unsalted > file, and > > multiple entities are working on cracking them, even as we speak. > (Type?) > > > > So, odds are "low but significant" that your LinkedIn account password > may have > > been cracked. (Assuming you have a LinkedIn account.) So you'd better > change it. > > > > And you might think about changing the password on any other accounts you > > have that use the same password. (But you're all security people, > right? You'd > > *never* use the same password on multiple accounts ...) > > > > ====================== (quote inserted randomly by Pegasus Mailer) > > [email protected] [email protected] [email protected] > > It's important to be a go-getter. But it's even more important > > to know what it is you want to go and get. - Gary Kallback > > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links > > http://blogs.securiteam.com/index.php/archives/author/p1/ > > http://twitter.com/rslade > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
