You are not logged in or registered. Please login or register to use the full functionality of BayernForum.com

Security Advise: Linkedin Passwords Leaked

Do you have any suggestions for BayernForum.com? Any difficulties using the forum? Ask away!
 

Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Fri Jun 08, 2012 7:41 pm

There was a huge linkedin passwords leak:

http://arstechnica.com/security/2012/06 ... -linkedin/

I personally checked and this is no hoax. The passwords are encrypted but can be cracked in time (they are already online so they can be cracked by thousand of zombies PCs working on it.

If you had a linkedin password you are STRONGLY advised to immediately change it. Also if you had the same password to another site (e.g. gmail) change that too.
"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby MUTU » Fri Jun 08, 2012 8:33 pm

Already did two days ago :)
30GB free cloud storage. Click here for the referral.
User avatar
MUTU
Site Admin & EURO 2016 Prediction Game Winner
Site Admin & EURO 2016 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 30558
Joined: Mon Aug 14, 2006 11:00 pm
Location: L-Imqabba, Malta
National Flag:
Malta
Has thanked: 5302 times
Been thanked: 7932 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby BayernLeb » Fri Jun 08, 2012 8:39 pm

So can I get my Professor's password :twisted: ?
Image
User avatar
BayernLeb
I'm a chatterbox!
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 629
Joined: Sun Apr 01, 2012 6:30 pm
Location: Lebanon
Has thanked: 107 times
Been thanked: 125 times
Gender: Male
BayernForum.com fan club: Active member

Re: Security Advise: Linkedin Passwords Leaked

Postby MaCk0y » Fri Jun 08, 2012 8:42 pm

Same goes for eHarmony and last.fm.... #-o
User avatar
MaCk0y
Assistant Admin
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 5752
Joined: Thu Jun 07, 2007 6:46 pm
Location: Malta
Has thanked: 1663 times
Been thanked: 1376 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Fri Jun 08, 2012 8:52 pm

"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby MUTU » Fri Jun 08, 2012 9:13 pm

What the heck? Don't these guys know how to use a hashing algorithm for safely storing passwords? What kind of amateurs do they have working there?
30GB free cloud storage. Click here for the referral.
User avatar
MUTU
Site Admin & EURO 2016 Prediction Game Winner
Site Admin & EURO 2016 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 30558
Joined: Mon Aug 14, 2006 11:00 pm
Location: L-Imqabba, Malta
National Flag:
Malta
Has thanked: 5302 times
Been thanked: 7932 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Fri Jun 08, 2012 9:19 pm

MUTU wrote:What the heck? Don't these guys know how to use a hashing algorithm for safely storing passwords? What kind of amateurs do they have working there?


No, the passwords were hashed with a very strong algorithm (SHA1 in case of Linkedin which cannot be reversed you just compare the output to crack it). The hashed passwords have been leaked, so there will be some time to crack them.

But a lot can be said about the security of coding in those sites, allowing SQL injections etc. and not investing a lot for their protection. I would expect more from Linkedin a "professional" kind of site, with massive personal data in it...
"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby MUTU » Sat Jun 09, 2012 1:01 am

Ah ok so it is not alarming. It is probably not feasible at this day and age to actually try to decrypt the passwords, and by the time it is, it is most likely to be changed. The amount of security that is allocated to websites is ridiculous. They should know better.
30GB free cloud storage. Click here for the referral.
User avatar
MUTU
Site Admin & EURO 2016 Prediction Game Winner
Site Admin & EURO 2016 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 30558
Joined: Mon Aug 14, 2006 11:00 pm
Location: L-Imqabba, Malta
National Flag:
Malta
Has thanked: 5302 times
Been thanked: 7932 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby tflags » Sat Jun 09, 2012 10:04 am

ok. I just realized I have got to be fully awake to go through all these posts again. And understand them... So encryption actually works? Not even a cray, PS4, or whatever can decrypt things in like a nanosecond?
Kimmich
Kimmich - Thiago - Kimmich
Kimmich -- Kimmich
Kimmich -- Hummels -- Boa --Kimmich
Kimmich with Gloves
User avatar
tflags
Moderator
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 8763
Joined: Fri Feb 18, 2011 8:41 pm
Location: Around the world... in 80 days.
National Flag:
Ecuador
Has thanked: 788 times
Been thanked: 2776 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Sat Jun 09, 2012 10:32 am

tflags wrote:ok. I just realized I have got to be fully awake to go through all these posts again. And understand them... So encryption actually works? Not even a cray, PS4, or whatever can decrypt things in like a nanosecond?


No. Encryption works for only limited time depending of how strong is the password itself.

Eventually they will be cracked from thousand of zombie computers working together.

So if your password is super strong you have 1-2 weeks.
"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby MUTU » Sat Jun 09, 2012 10:47 am

AvatarX wrote:So if your password is super strong you have 1-2 weeks.

... assuming they start from your password first.

Chances are that if you don't change your password, nobody will bother decrypting it. But just in case it would be a good idea to change it.
30GB free cloud storage. Click here for the referral.
User avatar
MUTU
Site Admin & EURO 2016 Prediction Game Winner
Site Admin & EURO 2016 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 30558
Joined: Mon Aug 14, 2006 11:00 pm
Location: L-Imqabba, Malta
National Flag:
Malta
Has thanked: 5302 times
Been thanked: 7932 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Sat Jun 09, 2012 2:22 pm

MUTU wrote:
AvatarX wrote:So if your password is super strong you have 1-2 weeks.

... assuming they start from your password first.

Chances are that if you don't change your password, nobody will bother decrypting it. But just in case it would be a good idea to change it.


No, you didn't get it. They don't need to start from 1 password. There are botnets with thousands (yes, lots of thousands) of PCs that can try to crack them in the same time ... we are talking for a lot of cpu power to crack them, all at the same time, so it is a necessity to change the password.
"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby MUTU » Sat Jun 09, 2012 3:11 pm

AvatarX wrote:
MUTU wrote:
AvatarX wrote:So if your password is super strong you have 1-2 weeks.

... assuming they start from your password first.

Chances are that if you don't change your password, nobody will bother decrypting it. But just in case it would be a good idea to change it.


No, you didn't get it. They don't need to start from 1 password. There are botnets with thousands (yes, lots of thousands) of PCs that can try to crack them in the same time ... we are talking for a lot of cpu power to crack them, all at the same time, so it is a necessity to change the password.

There are 6.4 million logins. If they try to crack all of them simultaneously it would probably take them some thirty years!
30GB free cloud storage. Click here for the referral.
User avatar
MUTU
Site Admin & EURO 2016 Prediction Game Winner
Site Admin & EURO 2016 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 30558
Joined: Mon Aug 14, 2006 11:00 pm
Location: L-Imqabba, Malta
National Flag:
Malta
Has thanked: 5302 times
Been thanked: 7932 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes

Re: Security Advise: Linkedin Passwords Leaked

Postby AvatarX » Sat Jun 09, 2012 3:53 pm

MUTU wrote:There are 6.4 million logins. If they try to crack all of them simultaneously it would probably take them some thirty years!


Thirty years? Maybe you didn't understand me.

Not the whole passwords db for each one of them, but break the db into small parts and try to crack it in the same time. 6.4 million in a botnet of 100 thousand PCs with 2 cores average, is 32 passwords per core which is not much at all...

Especially if the password is an English word from a dictionary, can be cracked in few minutes just by comparing the SHA1 output with the SHA1 output of the dictionary.
"You can live to be a hundred if you give up all the things that make you want to live to be a hundred."
User avatar
AvatarX
Assistant Admin & World Cup 2014 Prediction Game Winner
Assistant Admin & World Cup 2014 Prediction Game Winner
 
Years of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membershipYears of membership
 
Posts: 7973
Joined: Sat Oct 04, 2008 11:42 pm
Location: Metaverse
National Flag:
Anonymous
Has thanked: 740 times
Been thanked: 881 times
Gender: Male
BayernForum.com fan club: Active member
BayernForum.com donator: Yes


Return to Suggestions & Support

Who is online

Users browsing this forum: No registered users and 2 guests