[Mimedefang] FYI: LinkedIn MIMEDefang group is gone
Kevin A. McGrail
KMcGrail at PCCC.com
Wed Jun 6 14:19:53 EDT 2012
Overall, On 6/6/2012 1:18 PM, Ben Kamen wrote:
> On 2012-06-06 12:02 PM, David F. Skoll wrote:
>> Hi,
>>
>> After the LinkedIn password fiasco, I have deleted my LinkedIn
>> account. Because I was the owner of the MIMEDefang group, I had to
>> delete that too.
>
> I've been wondering what to do too...
>
> Between Facebook privacy and LinkedIn incompetence...
>
> Thankfully, LinkedIn uses a reasonably unique password unlike anywhere
> else I run on the web.
>
> But the incompetence.. ugh...
>
> I want to shout, "what is wrong with these companies" --- but I
> already know the answer.
>
> It's not pretty. In fact, it's pretty depressing.
My understanding is that at least LinkedIn stored the passwords in SHA-1
format. They need to add a salt to make things less susceptible to
look-up tables but assuming you used a unique and strong password, your
login is fairly safe.
The bigger issue is that they usernames are email addresses. So I think
we may see an uptick in spam from that portion of the exploit.
However, I use dedicated, unique email addresses for the vast majority
of my accounts as I'm sure others on this list do. If there is an
exploit, I should be able to track it as I have been for MANY other
major companies that have had their databases exploited.
In short, yes, LinkedIn had a breach apparently. However, if you use
decent passwords that are unique as any security person will extoll, the
damage should be highly limited.
Regards,
KAM
More information about the MIMEDefang
mailing list