PDA

View Full Version : linkedin password hack - A different spin on the story



fatality_uk
June 7th, 2012, 10:08 PM
BEFORE USING THIS TOOL, CHANGE YOUR PASSWORD!

So anyway, I was looking at the coverage and got this link to allow you to check if your password has been hacked.

https://lastpass.com/linkedin/

Now thinking, what do people use as passwords? So I tried "ubuntu", that came up as hacked. Then tried "linkedin", also came up. Tried a few more raunchy combinations and some general things like "iwantanewjob", "sunglasses" and "imahacker".

Amazing what people will use to store thier personal data!

catlover2
June 7th, 2012, 10:19 PM
Wow, really, these are just pathetic...
All of these are compromised...

asdfjkl;
qwerty
ilovecats
1337
1234567890
whatsthat
101010
lightswitch

wilee-nilee
June 7th, 2012, 10:35 PM
Since the site was hacked it really does not matter how lame the passwords are really.

fatality_uk
June 7th, 2012, 10:51 PM
And one day the Sun will go supernova and life on this small rock will cease to exist, but coming back to the point! I am always amazed at how little care people put into password security and how many people re-use the same password for so many sites, leading to easy breaches of valuable personal data.

Smilax
June 8th, 2012, 12:03 AM
And one day the Sun will go supernova and life on this small rock will cease to exist, but coming back to the point! I am always amazed at how little care people put into password security and how many people re-use the same password for so many sites, leading to easy breaches of valuable personal data.


i do believe that our sun don't have sufficient mass to go supernova, rather, as a red giant to white dwarf route it shall follow.


however, life on earth is indeed doomed.

scouser73
June 8th, 2012, 12:10 AM
Originally Posted by fatality_uk I am always amazed at how little care people put into password security and how many people re-use the same password for so many sites, leading to easy breaches of valuable personal data.

People do need to be proactive with their online security, but also the companies storing usernames & passwords should also be accountable for their lax security measures.

CharlesA
June 8th, 2012, 03:11 AM
Awww I thought "thedoc" was a good one too...

Smilax
June 8th, 2012, 01:42 PM
Now ya'll have a nice day. O:)

why thank you.....


shuffles of to buy shares in spaceX

VTPoet
June 8th, 2012, 09:52 PM
DAMN!!! So buying FaceBook shares as a really long term investment was probably a bad idea :)

Meh. But the only way you're going to get back your initial investment is to wait a billion years. ;)

patrickceg
June 9th, 2012, 05:32 AM
...a part of me wishes one of the doomsday scenarios occurs so people re-prioritize their lives so maintaining little "social networks" is the least of their concerns, but anyway...

Back on topic, call me cruel, but I like being surrounded by people who just ask to be attacked by choosing weak passwords, as it reduces the probability of someone wanting to attack me ;) It also keeps the number of competent hackers low, since there's still low-lying fruit to be picked. The only thing that would make people use better PWs is if it was more convenient for them to use a good PW over a weak one, but at the moment it seems just fine to run around the Internet putting "Password1" into each login box.

Reference:
http://money.cnn.com/2012/03/01/technology/password_security/index.htm

EDIT: Thanks for sharing - discovering this low-lying fruit this is fun!
"bonjour","hello1", "hello2", "january","password","hacked"

Greenborn
June 9th, 2012, 10:30 PM
BEFORE USING THIS TOOL, CHANGE YOUR PASSWORD!

So anyway, I was looking at the coverage and got this link to allow you to check if your password has been hacked.

https://lastpass.com/linkedin/

Now thinking, what do people use as passwords? So I tried "ubuntu", that came up as hacked. Then tried "linkedin", also came up. Tried a few more raunchy combinations and some general things like "iwantanewjob", "sunglasses" and "imahacker".

Amazing what people will use to store thier personal data!

My Linkedin password was hacked and it was not an easy one to hack (capital letters, lowercase letters, numbers, special signs, etc.). Changed now but, wtf Linkedin? Got security? Not.:lolflag:

catlover2
June 9th, 2012, 11:25 PM
My Linkedin password was hacked and it was not an easy one to hack (capital letters, lowercase letters, numbers, special signs, etc.). Changed now but, wtf Linkedin? Got security? Not.:lolflag:

When someone acquires a list of usernames with password hashes like this, it makes no difference how good your password is. The password "a" is just as likely to be among the millons of hacked passwords as the password "jjaSSH455ιθνıi$@/!ffjH^3#dHHDd."

MadCow108
June 10th, 2012, 01:33 PM
When someone acquires a list of usernames with password hashes like this, it makes no difference how good your password is. The password "a" is just as likely to be among the millons of hacked passwords as the password "jjaSSH455ιθνıi$@/!ffjH^3#dHHDd."

no, a long password is still saver.
that site does not really tell you if the password has been cracked, it only compares the hashes using the password you give them.
So it only tells you if your password is in the list, and nothing more.

it takes considerably longer to crack longer passwords even if you have the hash. Even if they are not salted you need huge rainbow tables.
linkedin used sha1 hashes (not md5 like last.fm) so people also have a hard time using collision attacks as sha1 is vulnerable but still not cheap to break.

roelforg
June 10th, 2012, 03:30 PM
I'm telling ya, we should switch to hardware keys!

CharlesA
June 10th, 2012, 03:47 PM
I'm telling ya, we should switch to hardware keys!
RSA tokens (http://en.wikipedia.org/wiki/SecurID) you mean? Too expensive.

Erik1984
June 10th, 2012, 04:05 PM
I'm telling ya, we should switch to hardware keys!

Google already has two step authentication (so you need login credentials + mobile phone) I expect more big online services to provide such a login mechanism in the future.