Home |  Directory |  Search |  GET LISTED! | Services | Advertise? | FAQ | Link to Us | Contact
Your country: United States
Category: Embedded Business News

LinkedIn Hacked, Passwords Please No Salt

By Bill Giovino
Jun 7, 2012 - 2:38:33 PM

 
Passwords kinda revealed, LinkedIn security kinda improved, something about barn doors and horses.
Email this page

Post to LinkedIn ReTweet This Share on Facebook del.icio.us Yahoo! MyWeb Digg StumbleUpon reddit   

Subscribe to this RSS feed!

LinkedIn, the professional networking site popular among embedded systems professionals, has been hacked. Encrypted passwords of 6.5 million LinkedIn members have been revealed on a Russian website.

LinkedIn Hacked, Passwords Please No Salt
While the encrypted passwords have been publicly posted, no names or email addresses were revealed. Of course, this does not mean that the hackers do not have names and email addresses and have just chosen not to post them.

Like many websites, LinkedIn hashed the passwords using SH-1 encryption. This makes it almost impossible to decrypt the passwords by themselves. However, LinkedIn's Engineers did not salt the SH-1 encryption. Without salt, hackers can compare the list to a rainbow table of words and hashed passwords. By matching the hashed passwords to the hashes in the rainbow table the original password can be discovered. If the user has a hacked account on another website that uses the same password, email addresses can be matched to passwords and your LinkedIn account has gets violated.

It appears that many LinkedIn members use the unimaginably unimaginable password of "linkedin", as the SH-1 hash of that word appears more than once in the leaked password list.

Gone Phishing
There has also been a flood of phishing emails. Many LinkedIn members with weak spam protection are receiving dozens of email invitations to connect with new (fake) contacts. There have also been some fake "change your password now" emails (the real LinkedIn password change email contains no links).

Expect these phishing attempts to get more creative in the next few days. Some won't be as easy to spot as this hilarious example here:

LinkedIn Fake Password Change Email. Duh.
LinkedIn Fake Password Change Email. Duh.

Changing your LinkedIn Pasword
I manage the LinkedIn Semiconductor Sales & Marketing group and I've already advised my 18,000 brilliant and good-looking members to change their passwords. You should, too.

To change your LinkedIn password follow these steps:

  1. Log into your LinkedIn account by typing www.linkedin.com directly in your browser's address
  2. In the upper-right hand corner, click on your name and from the drop-down list select "Settings".
  3. From Settings, next to the word Password click "Change"
  4. Follow, follow, follow the instructions.

The best passwords are a combination of words, numbers, and at least one special character such as !,#,$,%, etc. So use the %$#*& special characters.

And when you are on LinkedIn, always, always, ALWAYS make sure that your browser's address bar shows linkedin.com. Check it carefully - for example here, 1inkedin.com the "L" is, instead, the number one. Remember, hackers are creative spellers.

© Microcontroller.com. All Rights Reserved.

LinkedIn Hacked, Passwords Please No Salt

This Article has been seen 24014 times

Product data and specifications in this article are the responsibility of the manufacturer. No warrenty is expressed or implied as to the accuracy of manufacturer-supplied data. So there.
 
Embedded Systems News- Latest Headlines
·X-FAB Doubles 6-Inch SiC Foundry Capacity
·Microchip Introduces SAM-L10 and SAM-L11 Microcontrollers with TrustZone and picoPower
·X-FAB Introduces New Galvanic Isolation Technology
·Look! Up in the Sky! Its an Autonomous Vehicle!
·X-FAB Becomes First Semiconductor Foundry to Achieve IATF-16949 Automotive Quality Certification
·Microchip PIC32MZ Flash Microcontroller is the World's Fastest 32-bit MCU
·Microchip PIC24F KM Webinar
·Choosing A Microcontroller Architecture Part 1
·New Atmel SAMD20 Cortex-M0+ Microcontrollers
·Silicon Labs Buys Energy Micro
·Zilog Buys Microcontroller Product Lines from Samsung
·Texas Instruments introduces new Tiva ARM Cortex-M4 Microcontrollers
·You Might Be an Engineer If
·Microchip and Digilent Bring Arduino to PIC32 Microcontrollers
·Atmel SAMA5D3 has Lots of Power and Linux Development
·The Good Ol Days of Semiconductors Part 2
·Renesas RL78-G14 Microcontroller Demo Kit is a Neat Tool Toy
·National Semiconductor - the Good Ol Days of Semis
·Microchip Introduces MPLAB XC32++ Free PIC32 C++ Compiler
·Freescale Kinetis L-Series Based on ARM Cortex-M0+ Core

Technical Writing Services

Creative Technical Writing services offered. Easygoing, experienced professional looking for clients.

Looking for an experienced technical writer to capture your target audience? A writer that is comfortable meeting your schedule and can be trusted with your business objectives?

Writing is like golf; most people can do it, but few can do it proficiently and professionally.

Resources

Home |  Directory |  Search |  GET LISTED! | Services | Advertise? | FAQ | Link to Us | Contact
-0-10/11/2024