Overall, On 6/6/2012 1:18 PM, Ben Kamen wrote:
On 2012-06-06 12:02 PM, David F. Skoll wrote:
Hi,
After the LinkedIn password fiasco, I have deleted my LinkedIn
account. Because I was the owner of the MIMEDefang group, I had to
delete that too.
I've been wondering what to do too...
Between Facebook privacy and LinkedIn incompetence...
Thankfully, LinkedIn uses a reasonably unique password unlike anywhere
else I run on the web.
But the incompetence.. ugh...
I want to shout, "what is wrong with these companies" --- but I
already know the answer.
It's not pretty. In fact, it's pretty depressing.
My understanding is that at least LinkedIn stored the passwords in SHA-1
format. They need to add a salt to make things less susceptible to
look-up tables but assuming you used a unique and strong password, your
login is fairly safe.
The bigger issue is that they usernames are email addresses. So I think
we may see an uptick in spam from that portion of the exploit.
However, I use dedicated, unique email addresses for the vast majority
of my accounts as I'm sure others on this list do. If there is an
exploit, I should be able to track it as I have been for MANY other
major companies that have had their databases exploited.
In short, yes, LinkedIn had a breach apparently. However, if you use
decent passwords that are unique as any security person will extoll, the
damage should be highly limited.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
