Searching \ for '[OT]:: LinkedIn - major security breach' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: massmind.org/techref/index.htm?key=linkedin+major+security
Search entire site for: ': LinkedIn - major security breach'.

Exact match. Not showing close matches.
PICList Thread
'[OT]:: LinkedIn - major security breach'
2012\06\13@213353 by RussellMc

face picon face
*** LinkedIn  - major security breach. ***

If you or yours have a LinkedIn account, read on.
If not, be thankful, this is not the post you want, move along.

________________________________

Be very careful with emails claiming to have come from LinkedIn.
They have had a major security breach and are sending out genuine
emails to selected account holders suggesting that you change your
password. BUT the occasion has resulted in a number of people sending
out "phishing"  emails that appear to come from linked in, but don't.
some simply redirect you to illicit drug sales sights. Others may be
less benign :-).

 IF IN ANY DOUBT

1 - In your browser address bar enter http://www.linkedin.com
   (Or http://www.linkedin.com/settings if you trust that this email is from
ME :-) then step 3.)
       Do NOT use a shortcut or click on a link.
       ONLY access by typing in address.

2 - CLEAR THE PASSWORD FIELD !!!!
 - Click signin (small near bottom)

3 -  CLEAR THE PASSWORD FIELD !!!! (again if needed)

4  - Enter email address and click "forgot password?"

5 - An email with a link for password reset will be sent.

6 - Click link in THIS EMAIL ONLY

7 - ENSURE that address you are at starts "https://www.linkedin.com   "

                note the S on https

8 - Proceed ...

___________________

Pardon me Sir, Did you see what happened ...?

"Hackers" stole at least 1.6 million ENCRYPTED LinkedIn passwords.

If you used passwords like "123456" or "password"  you are already
toast. Proceed anyway. The others they are trying to decrypt. Knowing
who you are makes this easier.
There may be many more than 1.6M addresses as it depends how many used
very poor passwords. Min should be OK, it's  ............... :-)

Facebook does not noew that 'decrypt' is a word.
(Yes, I nowe).








____________________

*** LinkedIn  - major security breach. ***
If you or yours have a LinkedIn account, read on.
If not, be thankful, this is not the post you want, move along.
  Be very careful with emails claiming to have come from LinkedIn.
They have had a major security breach and are sending out genuine
emails to selected account holders suggesting that you change your
password. BUT the occasion has resulted in a number of people sending
out "phishing"  emails that appear to come from linked in, but don't.
some simply redirect you to illicit drug sales sights. Others may be
less benign :-).
  IF IN ANY DOUBT
1 - In your browser address bar enter http://www.linkedin.com
    (Or http://www.linkedin.com/settings if you trust ME then step 3.)
        Do NOT use a shortcut or click on a link.
        ONLY access by typing in address.
2 - CLEAR THE PASSWORD FIELD !!!!
  - Click signin (small near bottom)
3 -  CLEAR THE PASSWORD FIELD !!!! (again if needed)
4  - Enter email address and click "forgot password?"
5 - An email with a link for password reset will be sent.
6 - Click link in THIS EMAIL ONLY
7 - ENSURE that address you are at starts "https://www.linkedin.com   "
   note the S on https
8 - Proceed ...

Pardon me Sir, Did you see what happened ...?
"Hackers" stole at least 1.6 million ENCRYPTED LinkedIn passwords.
If you used passwords like "123456" or "password"  you are already
toast. Proceed anyway. The others they are trying to decrypt. Knowing
who you are makes this easier.
There may be many more than 1.6M addresses as it depends how many used
very poor passwords. Min should be OK, it's  ............... :-)

Facebook does not noew that 'decrypt' is a word.
(Yes, I nowe).

 I note that Facebook has attached an invalid Linkedin address to this
post !!! If there is a link wehen you see it, DO NOT click it.

2012\06\13@213537 by RussellMc

face picon face
Double copy I see - sorry

2012\06\14@030042 by V G

picon face
They weren't encrypted. They were 160-bit unsalted SHA-1 hashes.

On Wed, Jun 13, 2012 at 9:33 PM, RussellMc <spam_OUTapptechnzTakeThisOuTspamgmail.com> wrote:

> Pardon me Sir, Did you see what happened ...?
> "Hackers" stole at least 1.6 million ENCRYPTED LinkedIn passwords.
> If you used passwords like "123456" or "password"  you are already
> toast. Proceed anyway. The others they are trying to decrypt. Knowing
> who you are makes this easier.
> There may be many more than 1.6M addresses as it depends how many used
> very poor passwords. Min should be OK, it's  ............... :-)
>

2012\06\14@100234 by Bob Axtell

face picon face
On 6/13/2012 9:33 PM, RussellMc wrote:
{Quote hidden}

I have tried to cancel all social network memberships, because I have decided that there is a troubling fraud at the core of each and every one. If you have tried to cancel a subscription, you will quickly discover that you CAN'T. Another part of the fraud.

LinkdIn never provided me with any benefit whatever.

--Bob A

2012\06\14@114739 by John Ferrell

face
flavicon
face

On 6/14/2012 10:02 AM, Bob Axtell wrote:
{Quote hidden}

I only have one "social" account and that I Facebook.
Since I cannot simply withdraw I am planning to route all inbound emails directly to my delete file and cease all contacts with the Facebook site.

Are there any problems with that approach?
If we assume all sites are insecure I fail to see the big problem.
I use a unique password for each account and my backup is a 3x5 index card file on my desk.

Other than Legal, Medical, and finance issues I don't see the big deal with expectations of privacy.

Our culture does need to give up the idea that the victim is responsible for the damage.


-- John Ferrell W8CCW
“During times of universal deceit,
  Telling the TRUTH becomes a revolutionary act”
     George Orwell


2012\06\14@115912 by Daniel Dourneau
flavicon
face
I would suggest some very interesting reading.
The battle is tough and will get tougher


Le 14/06/12 17:47, John Ferrell a écrit :
{Quote hidden}

>

2012\06\14@120059 by Daniel Dourneau

flavicon
face
I would suggest some very interesting reading.
The battle is tough and will get tougher
http://europe-v-facebook.org/EN/en.html
(sorry, in my first message I forgot to paste the link)


Le 14/06/12 17:47, John Ferrell a écrit :
{Quote hidden}

>

2012\06\15@031109 by William \Chops\ Westfield

face picon face

On Jun 14, 2012, at 12:00 AM, V G wrote:

> They weren't encrypted. They were 160-bit unsalted SHA-1 hashes.

An SHA-1 hash of something is usually considered 'encrypted', especially since the opposite of "encrypted" is usually "plaintext."  In theory, hashed is better than encrypted, because you can't decrypt a hash.

In fact, it's pretty likely that a lot of people would consider a published list of SHA1 hashes to be "no a problem" (just like it used to be considered ok that the unix passwd file was world readable.)  Linked-in seems to have been guilty of this.

They're wrong, of course.  Computers have gotten too fast.  A modern off-the-shelf computer can apparently calculate about 2billion SHA1 hashes per second, making brute-force attacks on poor (short, and/or present-in-a-dictionary) passwords quite feasible.

Reasonable-looking semi-technical discussion here:
http://erratasec.blogspot.com/2012/06/confirmed-linkedin-6mil-password-dump..html

BillW

More... (looser matching)
- Last day of these posts
- In 2012 , 2013 only
- Today
- New search...