LinkedIn Reinforces Encryption After Last Week's Password Leak
The professional social networking site has still not given any details as to how the hack occurred.
Linkedin is like the little boy who cried, 'wolf.' By sending too much mail that people are not really interested in, they are getting ignored when they have something important to sayAndrew ConwayCloudmark
This will count as a small consolation for anyone affected by the loss of 6.5 million passwords secured in an 'unsalted' state using the less secure 160 bit SHA-1 encryption algorithm.
The company said that after discovering the hack on the morning of 6 June, it had disabled published passwords it believed were at risk of exposure by the end of play on 7 June. None of the emails involved included email logins, the company claimed.
"After we disabled the passwords, we contacted members with instructions on how to reset their passwords," LinkedIn said. "At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft."
Importantly, the company said it had now completed an upgrade of the security applied to all accounts whether part of the hack or not which added the use of salted hashes.
Precisely what new security was now being employed - specifically whether 256-bit SHA-2 was part of the upgrade - the company's announcement is oddly evasive.
LinkedIn did say it had disabled all passwords believed to be at risk although again how many of the 6.5 million leaked were deemed worthy of this attention is not clear
"For security reasons, we cannot discuss certain details of our ongoing security upgrades," it said.
The firm's small army of security critics might point out that detailing the security standards employed should not render a company vulnerable and indeed most vendors with public membership usually state the encryption standards used as a deterrent.
As to who hacked LinkedIn, how the hack was carried out, and with what real-world effects on member security, the LinkedIn note does not elaborate.
"At this time, LinkedIn cannot release any further information in order to protect our members and due to the ongoing investigation," the company said.
According to message filtering vendor Cloudmark, an ironic effect of the hack appears to have been that some LinkedIn users discarded legitimate warnings sent by the firm after the attack because they thought they might be criminal spam.
"Over four percent of the people receiving this [warning] email, thought it was spam and sent it straight to the bit bucket. If Linkedin sends out 6.5 million emails, then a quarter of a million people are congratulating themselves on avoiding spam, and still have a compromised Linkedin password," said Cloudmark's Andrew Conway.
LinkedIn did say it had disabled all passwords believed to be at risk although again how many of the 6.5 million leaked were deemed worthy of this attention is not clear.
In Conway's view, part of the problem was that LinkedIn automatically opted users into receive email related to their activity and interests, resulting in some users marking the company's emails as spam simply to stem the tide of unwanted communication.
"Linkedin is like the little boy who cried, 'wolf.' By sending too much mail that people are not really interested in, they are getting ignored when they have something important to say," said Conway.
They came, they saw, and they walked away. That seems to be the story of Nokia’s unsuccessful attempt to sell its Chennai mobile manufacturing plant, which has been frozen over the Rs 21,000 crore tax dispute.
Software behemoth Google may be the next big player to hop on to the IoT bandwagon. Google has developed a software that can run on low power devices, and help them communicate with connected devices.
Canadian based smartphone company BlackBerry Ltd announced that it is planning to buy back 2.6 percent of its shares and plans to propose a new employee share purchase program at its annual meeting in June.
Lenovo's recent acquisitions have taken a bite out of the company's earnings, with its net profit in the first quarter dropping 37 percent despite strong PC sales.