In a way, the leak was a good thing, wasn't it? It makes people more aware of password security, and at the very least it makes people change their passwords, which people should be doing regularly anyway but don't.
True, and also more paranoid. It also brings to light how insecure LinkedIn have designed their authentication system. Storing unsalted hashes is a big no-no, and this revelation of bad practice will be more embarrassing to LinkedIn than the leak itself. true again. Someone is going to get fired over this, and I hope that person may never find work in ICT ever again. A bit harsh - almost every organization worth its salt has the occasional IT Security and compliance audits from which it learns a few things about measures they can apply to enhance their security. Regards On 8 June 2012 14:53, Benjamin Tayehanpour <[email protected]>wrote: > In a way, the leak was a good thing, wasn't it? It makes people more aware > of password security, and at the very least it makes people change their > passwords, which people should be doing regularly anyway but don't. It also > brings to light how insecure LinkedIn have designed their authentication > system. Storing unsalted hashes is a big no-no, and this revelation of bad > practice will be more embarrassing to LinkedIn than the leak itself. > Someone is going to get fired over this, and I hope that person may never > find work in ICT ever again. > > > On 8 June 2012 14:28, Victor van Reijswoud > <[email protected]>wrote: > >> +1 >> >> On Fri, Jun 8, 2012 at 12:18 PM, Gerald Begumisa <[email protected]>wrote: >> >>> General rule is simply not to trust any third party who asks you to type >>> your password anywhere. Even if they claim something magical will happen >>> -- http://goo.gl/kVRAA >>> >>> On Fri, Jun 8, 2012 at 2:08 PM, Victor van Reijswoud < >>> [email protected]> wrote: >>> >>>> Thanks Reinier for explaining. I am sure that many people do not fully >>>> grasp the code. >>>> >>>> So, are you saying that it is safe to check, or that all who have >>>> checked should change their passwords again? >>>> >>>> V >>>> >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way. >>> >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > -- Emmanuel C. Sekyewa +256 782 199 202
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
