Posted by CH2inCA on 6/6/12 1:30pm
Msg #422765
If you have a Linked-in Account
There has been a security breach. I don't have an account so I didn't check it out.
http://www.informationweek.com/news/security/attacks/240001623?cid=nl_IW_daily_2012-06-06_html&elq=3971a2e9f76d4f9bbbc4195dcb7f43c0
|
Reply by JPH13/MO on 6/6/12 2:23pm
Msg #422773
Thanks! Will change my pw and let others know.
|
Reply by jba/fl on 6/6/12 2:33pm
Msg #422774
they are suggesting that you change all of your passwords, on all accounts. What a PITA! I have just spent 30 mins doing that, and haven't made a dent.
I don't even know why I have LinkedIn. It was good for a while, but now everyone is everyone's "contact" whether they know you or not. That is totally away from the original concept. I left it for now, but really blame the webmaster for being so stingy with their security coding. Evidently they didn't "salt" it, which is not like salting slugs to make them disappear. Sad that there are these kinds of people in the world (hackers, criminals).
|
Reply by Les_CO on 6/6/12 2:49pm
Msg #422776
I just got a notice from Facebook that someone using a computer in Cairo Egypt accessed my account. Was it me (no) and if not I should change my password. I did, and many, many others. Because if they have my email address and my password from Facebook, they can access lots of other (PayPal, Bank, Credit Card Companies) accounts. Foolishly I used the same or a similar password (so as to remember) on many accounts, apparently this is a no-no. I also bought a folding wallet sized password directory, to write all this down in. Unfortunately I will need it if I travel to remember, and if I lose it ( my luggage, my wallet, etc.)I can do all this again….I don’t see the point in these social network sites, and think they are useless to me. Happy password changing!!!!
|
Reply by MW/VA on 6/6/12 6:54pm
Msg #422792
I've suspected for some time that all the hacking into
email accts. is coming from FB & others like it. None of these are secure sites, and apparently are a hackers dream.
My biz email acct. was hacked into a couple of mos. ago & they pirated my contact list to send out a lot of spam. It was a PIA, but none of my other email links or accts. were affected. I needed to change my password & was reminded to change it at least every six mos.
|
Reply by dickb/wi on 6/6/12 3:39pm
Msg #422781
i went to my linked in acct and can't find anywhere on my profile where to change my pass word.....does any one know how i can do that....tia
|
Reply by Les_CO on 6/6/12 3:53pm
Msg #422782
Go to LinkedIn, go to your account, click on “profile,” click on your name, click on drop down drop down says “settings” of the left side you will see password with “change’ underneath. Click on that
|
Reply by dickb/wi on 6/6/12 3:59pm
Msg #422783
thanks les......much appreciated n/m
|
Reply by VT_Syrup on 6/6/12 4:38pm
Msg #422785
Vulnerabilities: regular words as passwords and reuse
The first step in being vulnerable is using a common word, or anything word-like, as a password. So "Got2go" is weak. LinkedIn uses a weak procedure to store your password. They treat it with a math algorithm named SHA1. So "Got2go" gets converted to "2592229439122e476d3c552f100c018c214e5966". There are SHA1 cracking websites around, like
http://www.md5decrypter.co.uk/sha1-decrypt.aspx
If you go there and feed in 259222... it will find that that is in its database of cracked passwords, and tell you the password is "Got2go". On the other hand, if you use one of the password vault products out there, and have it generate a nice random
password like "3&cA+N[SZ<W<", the cracking website can't figure it out.
The second vulnerability is reusing passwords on multiple sites, so if the security on one site is broken, the evil person can get into all your accounts that use that password. Again, password vault software will make it reasonable to keep track of many different passwords.
Tech Republic has a column about free password managers here:
http://www.techrepublic.com/blog/five-apps/five-free-and-secure-password-management-apps/1381?tag=content;siu-container
I use one, also free, that isn't mentioned in the article, from
http://pwsafe.org/
I don't know if the one I use is better, but I've been using it for years and can't bother to change.
|
Reply by Lee/AR on 6/6/12 4:51pm
Msg #422786
Re: Vulnerabilities: regular words as passwords and reuse
Just closed my account. See no real need for it, don't think its particularly useful to me and don't need the grief. There, I fixed it!
|
Reply by VT_Syrup on 6/6/12 5:17pm
Msg #422787
Re: Vulnerabilities: regular words as passwords and reuse
Yup, you fixed it, as long as you didn't use the same password for any other account.
|
Reply by Les_CO on 6/6/12 6:25pm
Msg #422791
Re: Vulnerabilities: regular words as passwords and reuse
Wow! Thanks...I guess I start over?
|
Reply by VT_Syrup on 6/7/12 6:59am
Msg #422819
Re: Vulnerabilities: regular words as passwords and reuse
Les CO asks if he (right?) should start over. He already changed his passwords, and presumably this time made them all different. If he's writing them down, he probably didn't use nasty ones like 3&cA+N[SZ<W<. A different approach that involves more letters, but is easier to remember and type, is a fairly long nonsense phrase, like "I like 3/16 Phillips head screws on my cereal."
|
Reply by Carmela Arndt on 6/6/12 8:41pm
Msg #422809
Interesting, thanks VT n/m
|
Reply by MW/VA on 6/6/12 7:09pm
Msg #422793
Also, don't forget to run a malware program if you think
you've been hacked.
|
