{"id":5032,"date":"2012-06-06T17:09:05","date_gmt":"2012-06-06T21:09:05","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=5032"},"modified":"2018-11-26T14:10:47","modified_gmt":"2018-11-26T19:10:47","slug":"linkedin-password-breach","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2012\/06\/06\/linkedin-password-breach\/","title":{"rendered":"LinkedIn Password Breach"},"content":{"rendered":"<p><a href=\"http:\/\/www.macworld.com\/article\/1167113\/linkedin_privacy_issues_possible_password_breach_ios_app_data_leak.html\">Lex Friedman<\/a>:<\/p>\n<blockquote cite=\"http:\/\/www.macworld.com\/article\/1167113\/linkedin_privacy_issues_possible_password_breach_ios_app_data_leak.html\"><p><a href=\"https:\/\/twitter.com\/LinkedIn\/status\/210356987576324096\">LinkedIn said on Twitter<\/a> that it&rsquo;s investigating the potential password hack. In the meantime, it's another good reminder to use a different password for each of your different Web services; if you have a LinkedIn account and use the same password elsewhere, you may want to start changing some of those passwords now.<\/p><\/blockquote>\n<p><a href=\"http:\/\/www.red-sweater.com\/blog\/2545\/keychain-password-search\">Daniel Jalkut<\/a>:<\/p>\n<blockquote cite=\"http:\/\/www.red-sweater.com\/blog\/2545\/keychain-password-search\"><p>What if I committed the foolish move of using the same password on LinkedIn as I did on another, more important site? Now a hacker with possession of my username and password for LinkedIn can make some very good guesses about my username and password on other sites.<\/p><\/blockquote>\n<p>He&rsquo;s written an app and an AppleScript to help.<\/p>\n<p>Update (2012-06-08): <a href=\"http:\/\/queue.acm.org\/detail.cfm?id=2254400\">Poul-Henning Kamp<\/a> (via <a href=\"https:\/\/twitter.com\/secboffin\/status\/211038920824209409\">Graham Lee<\/a>):<\/p>\n<blockquote cite=\"http:\/\/queue.acm.org\/detail.cfm?id=2254400\"><p>LinkedIn is learning fast right now, according to their damage control missives, they have now implemented salting and &ldquo;better hashing.&rdquo; But we have yet to find out why nobody objected to them protecting 150+ million user passwords with 1970s methods\n.<\/p>\n<p>And everybody else should take notice too: Even if you use md5crypt, you should upgrade your password scrambling algorithm. As a rule of thumb: If it does not take a full second to calculate the password hash, it is too weak.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Lex Friedman: LinkedIn said on Twitter that it&rsquo;s investigating the potential password hack. In the meantime, it's another good reminder to use a different password for each of your different Web services; if you have a LinkedIn account and use the same password elsewhere, you may want to start changing some of those passwords now. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-11-26T19:10:49Z","apple_news_api_id":"9917be2d-179a-4c9b-aaad-6715358934fd","apple_news_api_modified_at":"2018-11-26T19:10:51Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AmRe-LReaTJuqrWcVNYk0_Q","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1755,436,981,355,96],"class_list":["post-5032","post","type-post","status-publish","format-standard","hentry","category-technology","tag-breach","tag-linkedin","tag-passwords","tag-privacy","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/5032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=5032"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/5032\/revisions"}],"predecessor-version":[{"id":5042,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/5032\/revisions\/5042"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=5032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=5032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=5032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}