If you are a LinkedIn/Last.FM/eHarmony user, then change your password pronto.

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

<< < (5/5)

daddydave:
I'm just thinking, if someone's LinkedIn password was "linkedin" or "password" or "abc123", and someone figures it out through a brute force attack and posts it on a web site, did the breach take place in LinkedIn or the user himself? Is that what happened, or did I mischaracterize the event?

So if those users change their password, what good will it do? They are going to change it to the same kind of guessable password.

EDIT: I guess I did mischaracterize this a bit, but there are two parts to this. A bunch of password hashes were obtained, and for some of them they were able to figure out the passwords. So apparently they are guessing passwords until they come up with one that matches the hash to confirm it, so that of course would be easier for those who chose those easy-to-guess passwords. I thnk it was the same way with the gawker.com breach.

Done editing now...except maybe for grammar, lol.

Deozaan:
It also would have been better if the hashes were salted, because then I think you'd need to know the salt to recover the passwords.

Navigation

[0] Message Index

[*] Previous page

Go to full version