Embedded Business News
Jun 7, 2012 - 2:38:33 PM
Passwords kinda revealed, LinkedIn security kinda improved, something about barn doors and horses.
LinkedIn, the professional networking site popular among embedded systems professionals, has been hacked. Encrypted passwords of 6.5 million LinkedIn members have been revealed on a Russian website.
Like many websites, LinkedIn hashed the passwords using SH-1 encryption. This makes it almost impossible to decrypt the passwords by themselves. However, LinkedIn's Engineers did not salt the SH-1 encryption. Without salt, hackers can compare the list to a rainbow table of words and hashed passwords. By matching the hashed passwords to the hashes in the rainbow table the original password can be discovered. If the user has a hacked account on another website that uses the same password, email addresses can be matched to passwords and your LinkedIn account has gets violated.
It appears that many LinkedIn members use the unimaginably unimaginable password of "linkedin", as the SH-1 hash of that word appears more than once in the leaked password list.
Expect these phishing attempts to get more creative in the next few days. Some won't be as easy to spot as this hilarious example here:
Changing your LinkedIn Pasword
To change your LinkedIn password follow these steps:
The best passwords are a combination of words, numbers, and at least one special character such as !,#,$,%, etc. So use the %$#*& special characters.
And when you are on LinkedIn, always, always, ALWAYS make sure that your browser's address bar shows linkedin.com. Check it carefully - for example here, 1inkedin.com the "L" is, instead, the number one. Remember, hackers are creative spellers.
© Copyright 2018 Microcontroller.com