subject:"Re\: 6.5 Million Encrypted LinkedIn Passwords Leaked Online \[REPORT\]"

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Angus Scott-Fleming

On 6 Jun 2012 at 14:05, NT System Admin Issues  wrote:

> On 6 Jun 2012 at 18:28, Heaton, Joseph@DFG  wrote:
> 
> > What I had heard from my security guy was that what was hacked 
> > was the hash for the encryption. So, doesn't really matter what 
> > you change to until Linkedin changes the hash itself. Anyone hear 
> > if they've done that?
> 
> Actually, it seems that LI hashed the passwords without salting them so a 
> simple rainbow-tables attack on the database should reveal all the short 
> passwords and all the common passwords (like "password1234" and 
> "linkedinpassword").  If you have a long enough password I doubt they'll be
> able to find its hash in time.
> 
> That said, I did change my LI pwd, including lengthening it somewhat.

More news, it would appear they have learned their lesson and are now salting 
the password hash:

= Included Stuff Follows =

Linkedin Blog » An Update on LinkedIn Member Passwords Compromised

"It is worth noting that the affected members who update their passwords 
and members whose passwords have not been compromised benefit from the 
enhanced security we just recently put in place, which includes hashing 
and salting of our current password databases."

= Included Stuff Ends =
Seen here:
http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Angus Scott-Fleming

On 6 Jun 2012 at 18:28, Heaton, Joseph@DFG  wrote:

> What I had heard from my security guy was that what was hacked 
> was the hash for the encryption. So, doesn't really matter what 
> you change to until Linkedin changes the hash itself. Anyone hear 
> if they've done that?

Actually, it seems that LI hashed the passwords without salting them so a 
simple rainbow-tables attack on the database should reveal all the short 
passwords and all the common passwords (like "password1234" and 
"linkedinpassword").  If you have a long enough password I doubt they'll be 
able to find its hash in time.

That said, I did change my LI pwd, including lengthening it somewhat.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Ben Scott

On Wed, Jun 6, 2012 at 1:23 PM, Kennedy, Jim
 wrote:
> Something to keep in mind here. Linkedin is still investigating. So that
> means they have not found the problem……so the exploit that was used to get
> the passwords before everyone changed them is still usable. Only now lots
> more people know about it.

  Depends on the exploit.  If the exploit was "disgruntled employee
took a backup tape with him when he quit", that might be harder to
repeat.  ;-)

  Another thing to consider: If someone can steal 6.5 million hashed
passwords, they may well have had enough access to do a lot of *other*
things, too.   Such as plant backdoors or timebombs in the system.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Ben Scott

On Wed, Jun 6, 2012 at 2:28 PM, Heaton, Joseph@DFG  wrote:
> What I had heard from my security guy was that what was hacked was the hash
> for the encryption.  So, doesn’t really matter what you change to until
> Linkedin changes the hash itself.  Anyone hear if they’ve done that?

  I believe your understanding of what "hash" means here is incorrect.

  It's a best practice to store passwords as hashes.

  If one stores passwords in cleartext, anyone who obtains a copy of
the password database now knows the passwords.  They can use those
passwords to login, or try them on other sites.

  So, passwords are hashed.  A hash is a cryptographic function which
is not easily reversible.

  For example, say I have a password of "drowssap".  That might hash
to "939df92f0634b2e1dac11807724db138c8d6b98b".  It's computationally
easy to feed "drowssap" into the hash function and get the hash.  But
it is computationally expensive to take the hash and reverse it to the
original password.

  When I set or change my password, I enter the password cleartext,
and their system hashes it, and stores the hash.  Later, during login
authentication, I enter my attempted password, their system hashes
*that*, and compares it to the stored hash.  If the two hashes match,
I must have entered the same password[1], so I'm legit.

  Now, if someone steals the hashed passwords, that's not great, but
it's much less serious.  They cannot use the hash to login to my
account -- the system only accepts passwords.  They cannot easily
convert the hash back to my password.

  The exception would be that attackers could pre-compute hashes for
possible passwords -- especially common passwords.  These are called
"rainbow tables".  The attackers could then look up hashes from the
stolen database against their rainbow tables.  This might let them
find all the accounts using "drowssap" as a password, for example.

  The effectiveness of rainbow tables can be significantly reduced by
salting passwords before hashing.  Reportedly, LinkedIn's system did
not do this.  So that's too bad.

-- Ben

[1] Technically not true, but good enough for this explanation.
Google "hash collision" if you want to know more.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Kurt Buff

More on this:

http://news.ycombinator.com/item?id=4073309

On Wed, Jun 6, 2012 at 7:06 AM, Andrew S. Baker  wrote:
> http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
>
> Even though this report has not yet been validated (at the time of my
> posting), I would highly recommend that you change your LinkedIn password
> now.  If you were using that same password on another internet site, now
> would be a great time to choose a separate password for that site (and other
> sites) and use a password manager like Password Corral, PassKeep or LastPass
> to manage them.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Kurt Buff

Um, that's not the way it works...

If they have the hash, they can reverse it with enough effort (read:
rainbow tables or brute force).

However, if you change your password, the has changes. In fact, for
some cipher systems, one of the design goals that a change of one
character in the encrypted text should produce a change in 50% of the
characters of the resulting ciphertext.

Thus, changing your password in this case is a particularly good thing.

What's more problematic is that they (LinkedIn) are reported not to
have use a salt for their password hashing. If true, that's a very
stupid mistake that will make reversing the password hashes much
easier. See, for instance, this:

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

On Wed, Jun 6, 2012 at 11:28 AM, Heaton, Joseph@DFG  wrote:
> What I had heard from my security guy was that what was hacked was the hash
> for the encryption.  So, doesn’t really matter what you change to until
> Linkedin changes the hash itself.  Anyone hear if they’ve done that?
>
>
>
> Joe Heaton
>
> ITB – Windows Server Support
>
>
>
> From: David Lum [mailto:david@nwea.org]
> Sent: Wednesday, June 06, 2012 10:52 AM
> To: Heaton, Joseph@DFG; NT System Admin Issues
>
>
> Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
>
>
>
> Hmm…good point. However they would have to re-break in to get the changed
> passwords wouldn’t they? Of course if they got in once it might be trivial
> for another go.
>
>
>
> From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> Sent: Wednesday, June 06, 2012 10:24 AM
> To: NT System Admin Issues
> Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
>
>
>
> Something to keep in mind here. Linkedin is still investigating. So that
> means they have not found the problem……so the exploit that was used to get
> the passwords before everyone changed them is still usable. Only now lots
> more people know about it.
>
>
>
> From: David Lum [mailto:david....@nwea.org]
> Sent: Wednesday, June 06, 2012 10:29 AM
> To: NT System Admin Issues
> Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
>
>
>
> Done. Thank you sir!
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Wednesday, June 06, 2012 7:06 AM
> To: NT System Admin Issues
> Subject: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
>
>
>
> http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
>
>
>
> Even though this report has not yet been validated (at the time of my
> posting), I would highly recommend that you change your LinkedIn password
> now.  If you were using that same password on another internet site, now
> would be a great time to choose a separate password for that site (and other
> sites) and use a password manager like Password Corral, PassKeep or LastPass
> to manage them.
>
>
>
> -ASB: http://XeeMe.com/AndrewBaker
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Heaton, Joseph@DFG

What I had heard from my security guy was that what was hacked was the hash for 
the encryption.  So, doesn't really matter what you change to until Linkedin 
changes the hash itself.  Anyone hear if they've done that?

Joe Heaton
ITB - Windows Server Support

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 10:52 AM
To: Heaton, Joseph@DFG; NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Hmm...good point. However they would have to re-break in to get the changed 
passwords wouldn't they? Of course if they got in once it might be trivial for 
another go.

From: Kennedy, Jim 
[mailto:kennedy...@elyriaschools.org]<mailto:[mailto:kennedy...@elyriaschools.org]>
Sent: Wednesday, June 06, 2012 10:24 AM
To: NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Something to keep in mind here. Linkedin is still investigating. So that means 
they have not found the problem..so the exploit that was used to get the 
passwords before everyone changed them is still usable. Only now lots more 
people know about it.

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Sent: Wednesday, June 06, 2012 10:29 AM
To: NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Done. Thank you sir!

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Wednesday, June 06, 2012 7:06 AM
To: NT System Admin Issues
Subject: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/

Even though this report has not yet been validated (at the time of my posting), 
I would highly recommend that you change your LinkedIn password now.  If you 
were using that same password on another internet site, now would be a great 
time to choose a separate password for that site (and other sites) and use a 
password manager like Password Corral, PassKeep or LastPass to manage them.

-ASB: http://XeeMe.com/AndrewBaker

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Andrew S. Baker

Perhaps LinkedIn is being a little more diligent right now.  Of course, it
really depends on how the passwords were obtained in the first place.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 6, 2012 at 1:51 PM, David Lum  wrote:

> Hmm…good point. However they would have to re-break in to get the changed
> passwords wouldn’t they? Of course if they got in once it might be trivial
> for another go.
>
> ** **
>
> *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
> *Sent:* Wednesday, June 06, 2012 10:24 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online
> [REPORT]
>
> ** **
>
> Something to keep in mind here. Linkedin is still investigating. So that
> means they have not found the problem……so the exploit that was used to get
> the passwords before everyone changed them is still usable. Only now lots
> more people know about it.
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Wednesday, June 06, 2012 10:29 AM
> *To:* NT System Admin Issues
> *Subject:* RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online
> [REPORT]
>
> ** **
>
> Done. Thank you sir!
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, June 06, 2012 7:06 AM
> *To:* NT System Admin Issues
> *Subject:* 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
> 
>
> ** **
>
> http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
>
> ** **
>
> Even though this report has not yet been validated (at the time of my
> posting), I would highly recommend that you change your LinkedIn password
> now.  If you were using that same password on another internet site, now
> would be a great time to choose a separate password for that site (and
> other sites) and use a password manager like Password Corral, PassKeep or
> LastPass to manage them.
>
> ** **
>
> -*ASB*: http://XeeMe.com/AndrewBaker
>
> ** **
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Kurt Buff

Lovely.

Thank you for the notification.

On Wed, Jun 6, 2012 at 7:06 AM, Andrew S. Baker  wrote:
> http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
>
> Even though this report has not yet been validated (at the time of my
> posting), I would highly recommend that you change your LinkedIn password
> now.  If you were using that same password on another internet site, now
> would be a great time to choose a separate password for that site (and other
> sites) and use a password manager like Password Corral, PassKeep or LastPass
> to manage them.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Andrew S. Baker

Yes, we will have to keep our eye on this until a resolution has been
publicized.

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 6, 2012 at 1:23 PM, Kennedy, Jim
wrote:

>  Something to keep in mind here. Linkedin is still investigating. So that
> means they have not found the problem……so the exploit that was used to get
> the passwords before everyone changed them is still usable. Only now lots
> more people know about it.
>
> ** **
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Wednesday, June 06, 2012 10:29 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online
> [REPORT]
>
>  ** **
>
> Done. Thank you sir!
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, June 06, 2012 7:06 AM
>
> *To:* NT System Admin Issues
> *Subject:* 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]
> 
>
> ** **
>
> http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/
>
> ** **
>
> Even though this report has not yet been validated (at the time of my
> posting), I would highly recommend that you change your LinkedIn password
> now.  If you were using that same password on another internet site, now
> would be a great time to choose a separate password for that site (and
> other sites) and use a password manager like Password Corral, PassKeep or
> LastPass to manage them.
>
> ** **
>
> -*ASB*: http://XeeMe.com/AndrewBaker
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread David Lum

Hmm...good point. However they would have to re-break in to get the changed 
passwords wouldn't they? Of course if they got in once it might be trivial for 
another go.

From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org]
Sent: Wednesday, June 06, 2012 10:24 AM
To: NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Something to keep in mind here. Linkedin is still investigating. So that means 
they have not found the problem..so the exploit that was used to get the 
passwords before everyone changed them is still usable. Only now lots more 
people know about it.

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Sent: Wednesday, June 06, 2012 10:29 AM
To: NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Done. Thank you sir!

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Wednesday, June 06, 2012 7:06 AM
To: NT System Admin Issues
Subject: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/

Even though this report has not yet been validated (at the time of my posting), 
I would highly recommend that you change your LinkedIn password now.  If you 
were using that same password on another internet site, now would be a great 
time to choose a separate password for that site (and other sites) and use a 
password manager like Password Corral, PassKeep or LastPass to manage them.

-ASB: http://XeeMe.com/AndrewBaker

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread Kennedy, Jim

Something to keep in mind here. Linkedin is still investigating. So that means 
they have not found the problem..so the exploit that was used to get the 
passwords before everyone changed them is still usable. Only now lots more 
people know about it.

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, June 06, 2012 10:29 AM
To: NT System Admin Issues
Subject: RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Done. Thank you sir!

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 06, 2012 7:06 AM
To: NT System Admin Issues
Subject: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/

Even though this report has not yet been validated (at the time of my posting), 
I would highly recommend that you change your LinkedIn password now.  If you 
were using that same password on another internet site, now would be a great 
time to choose a separate password for that site (and other sites) and use a 
password manager like Password Corral, PassKeep or LastPass to manage them.

-ASB: http://XeeMe.com/AndrewBaker

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

2012-06-06 Thread David Lum

Done. Thank you sir!

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 06, 2012 7:06 AM
To: NT System Admin Issues
Subject: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

http://mashable.com/2012/06/06/6-5-million-linkedin-passwords/

Even though this report has not yet been validated (at the time of my posting), 
I would highly recommend that you change your LinkedIn password now.  If you 
were using that same password on another internet site, now would be a great 
time to choose a separate password for that site (and other sites) and use a 
password manager like Password Corral, PassKeep or LastPass to manage them.

-ASB: http://XeeMe.com/AndrewBaker

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

Re: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

RE: 6.5 Million Encrypted LinkedIn Passwords Leaked Online [REPORT]

13 matches

Site Navigation

Mail list logo

Footer information