Written by Dave Stelzl CISSP

LinkedIn Passwords – Another Opportunity To Help Clients

I’ve just scheduled the next Making Money with Security Workshop.  If you haven’t attended one of these, you need to…there are just too many security opportunities out there; unfortunately I routinely see people leaving money on the table simply because they are not prepared to sell the entire project.  In fact, the entire project is often not obvious because the client doesn’t know what they need, and the discovery process on the sales side is lacking. I am posting this along with the LinkedIn news, because I believe there is a tremendous opportunity here to really make a difference – I want every person I work with to have access to “Asset Owners” – to have access to the most important security issues their client have.  I am passionate about this…because I know it works.

Get More Information

Read more here and sign up using the early bird discount. – for dates and times, outline, etc.

 

The LinkedIn Issue So Far

This recent issue with LinkedIn is big.  It’s just one social network, but 6.5 Million passwords is huge, and most of these people use these passwords on every online account they have.  Look at some of the issues posted in a recent PC Magazine article:

  • A file containing 6.5 million unique hashed passwords appeared in an online forum based in Russia. More than 200,000 of these passwords have reportedly been cracked so far – it’s just a matter of time for the rest.
  • This breach is so serious that security professionals advise people to change their LinkedIn passwords immediately – in fact, I recommend you change yours right now!
  • This was amazing:  “One common way people create passwords for different websites is to add the name of the site into the passphrase, says Thorsheim. So some people may use the password “1234Facebook” for the world’s largest social network, and then “1234LinkedIn” for LinkedIn and so on.”  This is a foolish way to create a password – something to educate your clients on.
  • If you know the password is hashed with SHA-1 (Which in this case – these passwords are), you can quickly uncover some of the more basic passwords that people commonly use – in other words, encryption is not that secure if you know what it translates to.

© 2012, David Stelzl

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s