Nice - and I think I got very lucky, as my old password was said to have not been on the cracked list.
Kurt On Fri, Jun 8, 2012 at 8:23 AM, Free, Bob <[email protected]> wrote: > > Maybe I missed this during this discussion because I’ve been Deaning harshly > due to vacation return but I thought this was a very cool way to test if > password hashes were in that table that’s now floating around or to > demonstrate to folks what is actually in a table of >6M real passwords. > > > > A white hat “pass-the-hash” if you will J > > > > > > https://lastpass.com/linkedin/ > > > > > > > > > > > > From: Andrew S. Baker [mailto:[email protected]] > Sent: Thursday, June 07, 2012 6:25 PM > To: NT System Admin Issues > Subject: [dkim-failure] Re: To notify, or not notify (LinkedIn) > > > > Exactly. LinkedIn goes way beyond "online resume site." > > > > Oh, and don't forget about authentication to other sites. > > ASB > > http://XeeMe.com/AndrewBaker > > Harnessing the Advantages of Technology for the SMB market… > > > > On Thu, Jun 7, 2012 at 11:32 AM, Ziots, Edward <[email protected]> wrote: > > Actually the emails and passwords in linked in, and the information you have > posted about yourself has a lot of value (spear-phishing attacks, company > reputation hit ( use your accounts to spread stuff on linked in about your > company or other companies in a negative light) I could go on with the > scenario but you definitely don’t want to be a target on that. (Grounds for > termination, etc) > > > > Z > > > > Edward Ziots > > CISSP, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > > > From: David Lum [mailto:[email protected]] > Sent: Thursday, June 07, 2012 11:14 AM > > > To: NT System Admin Issues > > Subject: FW: To notify, or not notify (LinkedIn) > > > > Here’s the discussion this morning with one of our Service Desk guys. > > > > _____________________________________________ > > Sent: Thursday, June 07, 2012 7:48 AM > To: David Lum > Subject: RE: To notify, or not notify (LinkedIn) > > > > David, this is EXACTLY what I was looking for. Thank you very much! > > > > No more comments from the peanut gallery here. J > > _____________________________________________ > From: David Lum > Sent: Thursday, June 07, 2012 7:45 AM > Subject: RE: To notify, or not notify (LinkedIn) > > > > Good questions! > > > > How do we make the decision about what gets set out and what doesn’t > > Experience – it’s part of why our wages are a far more than minimum-wage - > we’re paid to think, not just fill in checkboxes. For something more > concrete: “if it's business-oriented and heavily used by said business then a > notification should go out, if not, then no”. If in doubt: Ask. There was > discussion between three departments that happened before the LinkedIn notice > was sent out, for example. > > > > Do we have a clearly defined idea of where it ends > > I do, see above. > > > > Several users are utilizing Dropbox and putting company property/product on > that site. If it was hacked, that would be a lot worse than losing your > “online resume” from LinkedIn, in my opinion. > > If so then I would hope that if you heard about Dropbox passwords being > posted on the Internet that you would want to send out a note to the org, > right? On the other hand this is one reason we DON’T want users using Google, > Dropbox, etc for corporate business – we don’t have control of the security. > This is one area that most employees seem to grasp… > > > > Is Service Desk expected to field calls regarding non-NWEA items (LinkedIn > for example) > > If it’s about communications *we* send out, then yes. If we know what we’re > doing (and we do) it should be trivial to respond to these. It’s our job to > support our staff, even if some things are beyond our direct control. > > > > Do we need to survey the Org and find a “list” of all the business related > apps/sites and actively monitor them? > > No, we’re paid to understand and know our environment. If we don’t know the > majority of what’s on users’ machines and what websites are commonly used by > our staff then we’re not doing our job. Do we know EVERY site they use? No. > The key phrase is “commonly used”. > > > > Dave > > _____________________________________________ > > Sent: Thursday, June 07, 2012 7:23 AM > To: David Lum > Subject: RE: To notify, or not notify (LinkedIn) > > > > > > David, > > Thank you for your follow up and feeling concerned about our reaction. Let > me state, I wasn’t upset with the decision, I think what you did was a good > thing. Here’s the angle I am coming from: > > > > How do we make the decision about what gets set out and what doesn’t > Is Service Desk expected to field calls regarding non-NWEA items (LinkedIn > for example) > > > > I am not trying to knock the fact we sent it out, even if I was acting in a > joking manor yesterday. What I am trying to do is play the other side and > ask questions that I feel really do need to be asked. Where do we stop? > Yesterday when we were all talking, Dropbox was tossed out and it didn’t seem > to get the same response as LinkedIn. Several users are utilizing Dropbox > and putting company property/product on that site. If it was hacked, that > would be a lot worse than losing your “online resume” from LinkedIn, in my > opinion. > > > So what I am trying to drill down to is; how do we make these decisions, how > do we support this when they happen and do we need to survey the Org and find > a “list” of all the business related apps/sites and actively monitor them? > > > > And if all this is “above my pay grade” , then disregard my 7:00 am rambling J > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
