Please forward me the message. On Jun 11, 2012 5:28 PM, "Tim Holloway" <[email protected]> wrote:
> I did get an email concerning the need to change my password when I > responded to a request to connect to someone I know fairly well this > morning. At the time I had no reason to believe that that would be a > problem. > > I have been worried that there's been sort of a "contest" going on to > type in passwords and see if they match the harvested database, because > anyone tapped into the right place would be able to use those clear-text > passwords and match results to build up a very useful database. > > As far as the apparent malware delivery is concerned, here's the > backtrail (if anyone wants, I'll forward the entire message for them to > analyze): > > Received: from [190.40.186.225] ([190.40.186.225]) by > mail2.mousetech.com > (8.13.8/8.13.8) with ESMTP id q5BKWN1b024788 for <[email protected]>; > Mon, > 11 Jun 2012 16:32:26 -0400 > Received: from mailb-bf.linkedin.com ([216.52.242.151]) by > mx5.biz.mail.yahoo.com; Mon, 11 Jun 2012 11:32:22 -0500 > Sender: [email protected] > Date: Mon, 11 Jun 2012 11:32:22 -0500 > From: LinkedIn <[email protected]> > To: timh <[email protected]> > Message-ID: > <[email protected]> > Subject: Re: Wire Transfer > > > On Mon, 2012-06-11 at 17:18 -0400, Andrew Leslie wrote: > > Unfortunately the passwords that were harvested in the initial attack > > were only md5 encrypted, no salt had been used which is just as good > > as using plain text nowadays. But so far I have yet to receive an > > email from them, for now. Hopefully their mail server has not been > > hijacked. > > > > On Jun 11, 2012 5:14 PM, "Tim Holloway" <[email protected]> wrote: > > I recently received an email with attached ZIP file concerning > > a "wire > > transfer" which unless I seriously misread the headers comes > > from > > mailb-bf.linkedin.com ([216.52.242.151]) as well as several > > LinkedIn > > tokens. > > > > I hope by now that everyone is aware that LinkedIn's security > > system was > > seriously compromised recently and that as a result, people's > > encrypted > > passwords had been posted to a public Internet site. > > > > Evidently the breech was more serious than has been admitted, > > since it > > looks like a LinkedIn mailerver has been hijacked. Which means > > that if > > you have changed your LinkedIn password, the new password may > > have been > > harvested. > > > > Or in other words, there is now absolutely nothing that can be > > trusted > > coming from (or going to) LinkedIn. > > > > I hope they got their Instant Delivery and Everyday Low Prices > > on their > > Information Technology dollars, because about the last > > disaster of this > > magnitude I can recall was when the magazine "Business 2.0" > > was sunk due > > to failure to invest in a decent set of backup systems. > > > > Again, until someone credible says otherwise, use LinkedIn at > > your own > > risk. > > > > Tim > > > > > > > --------------------------------------------------------------------- > > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > > RSS Feed > > http://www.mail-archive.com/[email protected]/maillist.xml > > Unsubscribe [email protected] > > > > >
