LinkedIn Reinforces Encryption After Last Week's Password Leak
The professional social networking site has still not given any details as to how the hack occurred.
Linkedin is like the little boy who cried, 'wolf.' By sending too much mail that people are not really interested in, they are getting ignored when they have something important to sayAndrew ConwayCloudmark
This will count as a small consolation for anyone affected by the loss of 6.5 million passwords secured in an 'unsalted' state using the less secure 160 bit SHA-1 encryption algorithm.
The company said that after discovering the hack on the morning of 6 June, it had disabled published passwords it believed were at risk of exposure by the end of play on 7 June. None of the emails involved included email logins, the company claimed.
"After we disabled the passwords, we contacted members with instructions on how to reset their passwords," LinkedIn said. "At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft."
Importantly, the company said it had now completed an upgrade of the security applied to all accounts whether part of the hack or not which added the use of salted hashes.
Precisely what new security was now being employed - specifically whether 256-bit SHA-2 was part of the upgrade - the company's announcement is oddly evasive.
LinkedIn did say it had disabled all passwords believed to be at risk although again how many of the 6.5 million leaked were deemed worthy of this attention is not clear
"For security reasons, we cannot discuss certain details of our ongoing security upgrades," it said.
The firm's small army of security critics might point out that detailing the security standards employed should not render a company vulnerable and indeed most vendors with public membership usually state the encryption standards used as a deterrent.
As to who hacked LinkedIn, how the hack was carried out, and with what real-world effects on member security, the LinkedIn note does not elaborate.
"At this time, LinkedIn cannot release any further information in order to protect our members and due to the ongoing investigation," the company said.
According to message filtering vendor Cloudmark, an ironic effect of the hack appears to have been that some LinkedIn users discarded legitimate warnings sent by the firm after the attack because they thought they might be criminal spam.
"Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password," said Cloudmark's Andrew Conway.
LinkedIn did say it had disabled all passwords believed to be at risk although again how many of the 6.5 million leaked were deemed worthy of this attention is not clear.
In Conway's view, part of the problem was that LinkedIn automatically opted users into receive email related to their activity and interests, resulting in some users marking the company's emails as spam simply to stem the tide of unwanted communication.
"Linkedin is like the little boy who cried, 'wolf.' By sending too much mail that people are not really interested in, they are getting ignored when they have something important to say," said Conway.
The overall India PC shipments for Q1 2013 stood at 2.71 million units i.e. a year-on-year growth of roughly 3% over Q1 2012 and a quarter-on-quarter growth of about 7.5% over Q4 2012.
No new Nexus tablet? Not more than a peep on that groundbreaking Internet-on-your-face technology that Sergey Brin quietly introduced last year?
Google is facing some tough questions from Congress over the privacy concerns raised by Glass, its fledgling augmented reality system for recording and receiving information on the fly.
The Accelerator program team will travel to four key startup hubs of India, namely, Delhi, Hyderabad, Pune and Chennai, to meet entrepreneurs and answer all their queries related to the startup ecosystem of India as well as the Microsoft Accelerator for Windows Azure (India) program