Unfortunately the passwords that were harvested in the initial attack were only md5 encrypted, no salt had been used which is just as good as using plain text nowadays. But so far I have yet to receive an email from them, for now. Hopefully their mail server has not been hijacked. On Jun 11, 2012 5:14 PM, "Tim Holloway" <[email protected]> wrote:
> I recently received an email with attached ZIP file concerning a "wire > transfer" which unless I seriously misread the headers comes from > mailb-bf.linkedin.com ([216.52.242.151]) as well as several LinkedIn > tokens. > > I hope by now that everyone is aware that LinkedIn's security system was > seriously compromised recently and that as a result, people's encrypted > passwords had been posted to a public Internet site. > > Evidently the breech was more serious than has been admitted, since it > looks like a LinkedIn mailerver has been hijacked. Which means that if > you have changed your LinkedIn password, the new password may have been > harvested. > > Or in other words, there is now absolutely nothing that can be trusted > coming from (or going to) LinkedIn. > > I hope they got their Instant Delivery and Everyday Low Prices on their > Information Technology dollars, because about the last disaster of this > magnitude I can recall was when the magazine "Business 2.0" was sunk due > to failure to invest in a decent set of backup systems. > > Again, until someone credible says otherwise, use LinkedIn at your own > risk. > > Tim > > > --------------------------------------------------------------------- > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml > Unsubscribe [email protected] > >
