We dive into the LinkedIn password breach and how the information may be cracked.
LinkedIn's Password Breach and Official Response Dissected : Read more
LinkedIn's Password Breach and Official Response Dissected : Read more
LinkedIn's Password Breach and Official Response Dissected
- Thread starter acku
- Start date
- Status
I never understood what the IT departments or the higher ups that had full control over what the ITs did were thinking. Did they really think they would get away with weak encryption, or even without encryption?
Then again, maybe they were completely blind to the news for the past year or were lazy, like an unnamed company that still uses Windows NT 4.0 because the OS still works (so why replace it?).
Then again, maybe they were completely blind to the news for the past year or were lazy, like an unnamed company that still uses Windows NT 4.0 because the OS still works (so why replace it?).
I think other personal information has gotten in the hands of spammers. I think this for 3 reasons.
1) An email account I rarely use (but have had for 10 years) was hacked this morning and locked out for sending spam. It had the same password as my LinkedIn account.
2) My friends gmail informed him that it had blocked someone in Peru who was accessing his account. He said his gmail was the only other account he had with the same password as LinkedIn.
3) I am hearing of a lot more spam coming from friends email addresses in the last couple days.
Coincidence?
1) An email account I rarely use (but have had for 10 years) was hacked this morning and locked out for sending spam. It had the same password as my LinkedIn account.
2) My friends gmail informed him that it had blocked someone in Peru who was accessing his account. He said his gmail was the only other account he had with the same password as LinkedIn.
3) I am hearing of a lot more spam coming from friends email addresses in the last couple days.
Coincidence?
freggo
Distinguished
- Nov 22, 2008
- 2,019
- 0
- 19,780
[citation][nom]A Bad Day[/nom]I never understood what the IT departments or the higher ups that had full control over what the ITs did were thinking. Did they really think they would get away with weak encryption, or even without encryption?Then again, maybe they were completely blind to the news for the past year or were lazy, like an unnamed company that still uses Windows NT 4.0 because the OS still works (so why replace it?).[/citation]
There is only so much security you can implement.
The problem is not 'weak' security.
The problem is that there are not serious enough consequences for hacking.
Put a 20 year minimum sentence on major attacks; put serious law enforsment resources behind finding theose guilty; and make the -short- trials VERY public. Than the rest if these idiots will get the message. You get caught... your life as you know it is over.
Think about this from the perspective of the 6+Million accounts (not just people) affected. The amount of time lost, money lost, their worries. You are not just screwing with a 'big company'; you are screwing with the lives of Millions of people.
This is not kiddy stuff, this is a Major Financial crime all told.
Lock 'em up with Bubba and the gang, and loose the key.
There is only so much security you can implement.
The problem is not 'weak' security.
The problem is that there are not serious enough consequences for hacking.
Put a 20 year minimum sentence on major attacks; put serious law enforsment resources behind finding theose guilty; and make the -short- trials VERY public. Than the rest if these idiots will get the message. You get caught... your life as you know it is over.
Think about this from the perspective of the 6+Million accounts (not just people) affected. The amount of time lost, money lost, their worries. You are not just screwing with a 'big company'; you are screwing with the lives of Millions of people.
This is not kiddy stuff, this is a Major Financial crime all told.
Lock 'em up with Bubba and the gang, and loose the key.
You do realize the internet is global, you can hop on open wifi, and this person was (probably) in Russia right?
you can't even figure out who a hacker is unless they are an idiot let alone chase them down. nevermind that consequences don't do anything to prevent normal crime. the problem IS weak security because crime will never. ever. stop.
- Jul 24, 2006
- 22,816
- 258
- 57,490
You don't need to use mnemonics and you don't need to use a password made up of entirely random characters. You just need a long password that uses a large character space (ie. at least one lowercase and uppercase letter, one number and preferably one special character). "pAssw0rd1112!" is a much stronger password than ")1!#Bjt1{.#" by orders of magnitude.
[citation][nom]freggo[/nom]There is only so much security you can implement.The problem is not 'weak' security.[/citation]
Wonder why I use long complex passwords for Gmail and Yahoo Mail? Because I prefer forcing the hackers to break through those companies' security measures rather than giving them a weak password to play with.
Wonder why I use long complex passwords for Gmail and Yahoo Mail? Because I prefer forcing the hackers to break through those companies' security measures rather than giving them a weak password to play with.
Chipi
Distinguished
- Sep 24, 2008
- 86
- 0
- 18,630
[citation][nom]randoMIZER[/nom]You don't need to use mnemonics and you don't need to use a password made up of entirely random characters. You just need a long password that uses a large character space (ie. at least one lowercase and uppercase letter, one number and preferably one special character). "pAssw0rd1112!" is a much stronger password than ")1!#Bjt1{.#" by orders of magnitude.[/citation]
Notice how the word random is in in quotation marks in my sentence. That means I'm not using it literally
What I meant was that my password looks like a bunch of random letters and numbers, but it's actually a sentance in my head.
And I never said random symbols, I said letters and numbers. Maybe you should drink your coffee first, huh...
I'm not even gonna comment on your statement regarding the strength of those 2 passwords, it's just ridiculous
)
Notice how the word random is in in quotation marks in my sentence. That means I'm not using it literally
What I meant was that my password looks like a bunch of random letters and numbers, but it's actually a sentance in my head.
And I never said random symbols, I said letters and numbers. Maybe you should drink your coffee first, huh...
I'm not even gonna comment on your statement regarding the strength of those 2 passwords, it's just ridiculous
)[citation][nom]randoMIZER[/nom]You don't need to use mnemonics and you don't need to use a password made up of entirely random characters. You just need a long password that uses a large character space (ie. at least one lowercase and uppercase letter, one number and preferably one special character). "pAssw0rd1112!" is a much stronger password than ")1!#Bjt1{.#" by orders of magnitude.[/citation]
There are partial hashes in the list: linkedin, LinkedIn, L1nked1n, l1nked1n, L1nk3d1n, l1nk3d1n, linkedinsecret, linkedinpassword
substitution is easy to code and compensate for.
Cheers,
Andrew Ku
TomsHardware.com
There are partial hashes in the list: linkedin, LinkedIn, L1nked1n, l1nked1n, L1nk3d1n, l1nk3d1n, linkedinsecret, linkedinpassword
substitution is easy to code and compensate for.
Cheers,
Andrew Ku
TomsHardware.com
That would be harder, but not impossible. Strong passwords should look completely random. Word-based passwords are weak.
Check out what this guy did with only a CPU. (cracked 900k passwords in 4 hours)
https://community.qualys.com/blogs/securitylabs/2012/06/08/lessons-learned-from-cracking-2-million-linkedin-passwords
STravis
Distinguished
- Nov 3, 2009
- 405
- 0
- 18,780
[citation][nom]A Bad Day[/nom]Wonder why I use long complex passwords for Gmail and Yahoo Mail? Because I prefer forcing the hackers to break through those companies' security measures rather than giving them a weak password to play with.[/citation]
Gmail provides for two factor authentication - there is NO reason NOT to use said feature.
Gmail provides for two factor authentication - there is NO reason NOT to use said feature.
PreferLinux
Distinguished
- Dec 7, 2010
- 1,023
- 0
- 19,460
[citation][nom]randoMIZER[/nom]You don't need to use mnemonics and you don't need to use a password made up of entirely random characters. You just need a long password that uses a large character space (ie. at least one lowercase and uppercase letter, one number and preferably one special character). "pAssw0rd1112!" is a much stronger password than ")1!#Bjt1{.#" by orders of magnitude.[/citation]
Ever heard of a dictionary attack? It is easy to include those modifications in the dictionary (which will make it several times longer, but nowhere near as much as a completely random password that is several characters shorter).
By the way, one thing that was missed in the article is rainbow tables – using them would drop the cracking time massively, even for long random passwords.
Ever heard of a dictionary attack? It is easy to include those modifications in the dictionary (which will make it several times longer, but nowhere near as much as a completely random password that is several characters shorter).
By the way, one thing that was missed in the article is rainbow tables – using them would drop the cracking time massively, even for long random passwords.
tntom
Distinguished
- Sep 1, 2001
- 356
- 0
- 18,780
I am always getting on my wife for using the same password for everything. I have to go in and change them for her. I know it is not as secure as memorization but I keep them in a password protected file. I only use similar passwords for things like webforums where I want something easy to remember but could careless if someone hacked it.
[citation][nom]PreferLinux[/nom]Ever heard of a dictionary attack? It is easy to include those modifications in the dictionary (which will make it several times longer, but nowhere near as much as a completely random password that is several characters shorter).By the way, one thing that was missed in the article is rainbow tables – using them would drop the cracking time massively, even for long random passwords.[/citation]
The existing rainbow tables appear to have already been used. That's built into the ~3.5 million hashes that start with 00000. Now it's dictionary and brute-force cracking with iteration/variation strings.
It's my impression that hackers used RTs first (working backwards from the text file). They would be the easiest to check against, because they are pregenerated hashes. You don't need a fast computer to do that. Plus, if your password can be looked up using a RT, it's definately not a secure password. RTs are for common stuff. Anyone with "passwordpassword" is just looking for trouble.
Cheers,
Andrew Ku
TomsHardware.com
The existing rainbow tables appear to have already been used. That's built into the ~3.5 million hashes that start with 00000. Now it's dictionary and brute-force cracking with iteration/variation strings.
It's my impression that hackers used RTs first (working backwards from the text file). They would be the easiest to check against, because they are pregenerated hashes. You don't need a fast computer to do that. Plus, if your password can be looked up using a RT, it's definately not a secure password. RTs are for common stuff. Anyone with "passwordpassword" is just looking for trouble.
Cheers,
Andrew Ku
TomsHardware.com
onanonanon
Distinguished
- Aug 2, 2010
- 50
- 0
- 18,630
[citation][nom]tntom[/nom]I am always getting on my wife...[/citation]
And I should hope so too, Sir!
And I should hope so too, Sir!
eddieroolz
Splendid
- Sep 6, 2008
- 7,057
- 0
- 25,860
My password was not one of breached from Last.FM's similar breach, but as precaution I've changed password on every service that used the same one as Last.FM.
- Status
TRENDING THREADS
-
News Intel CEO Pat Gelsinger retires, effective immediately — also steps down from BOD, two co-CEOs step in- Started by Admin
- Replies: 93
-
Question Am i losing my mind? 2 Are there supposed to be 2 fan cables for 3 fans on my RTX 3060
- Started by jeremy0118
- Replies: 5
-
Question Most game have stutters and little spikes on frametime graph on good pc.- Started by zaidher89
- Replies: 12
-
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
Facebook
Twitter
Instagram