Skip to main content

Posts

Showing posts from June, 2012

Security Vacuum - Anything Better Than Nothing?

"I don't have a Facebook account as I am worried about privacy/identity theft/my boss knowing what I did last Saturday/my patients/pupils/clients seeing what I did last Saturday...".  A fair assumption you would think?  Facebook can easily be replaced with any other on line account linked to the personality of an individual such as LinkedIn, MySpace, Twitter and so on.

Whilst there are various settings that can now be put in place to increase privacy on some of the social networking sites, suspicion still remains.  However, what would happen if you didn't create a Twitter/Facebook/LinkedIn account?  Sure, there would be a definite reduction in risk of any of your personal information, photos or history being made available, as it wouldn't be there in the first place.

But, what would happen if some one else put that information there in your place?

If there is no Facebook account representing you, what is stopping someone from creating one?  That in itself is no…

LinkedIn - Weak Passwords & Poor Protection?

Last week saw the release of 6.5 million passwords for the online professional social network LinkedIn.  LinkedIn, for those that don't use it, is a place to publish an online version of your career history and connect to work colleagues and acquaintances away from the more friends focused Facebook.  The site is popular, with over 160 million users spread across 200 countries, with no real direct competitor.

The release contained only the passwords of the users and not the associated email addresses, making the hack only slightly less worrying.  The passwords were also hashed, seemingly with the SHA1 algorithm, but unsalted.  The salting factor is generally what makes hashing more secure and without, many of the passwords were easily reversed back into plain text.  The failure to properly use a salt during the hashing phase is deemed to be a major failure in basic password security.

It was the analysis of the hashed passwords that initially led to the news that the leaked password…