LinkedIn Hacked ?

[dasyad]

Not on the lists

Still changed all my passwords though.

Same.

Interesting quote from the link above:

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

I wonder how recent is "recently"?

 

[The__Malteser]

Bah, they are all encrypted Cba downloading a decrypter

Although i went on my hotmail, and I find

SPAM SENT OUT!!

I foolishly removed it, so I didn't check the date it was sent.

It was sent to people I sent a cv to, applying for work

GAH!

My password is not 40 characters long

 

[squerble]

Where can I look at all these leaked passwords to see if I'm on the list?

I'm still hoping an OcUK member can trust me a pointer towards the hashes so I can check.

 

[squerble]

Thanks for the link OcUK member.



****. On the list.

 

[The__Malteser]

Thanks for the link OcUK member.



****. On the list.

How did you decrypt it? :S

 

[LOAM]

Says if you have been compromised then they will email you. As I've not had an email I assume I'm ok :s

 

[dasyad]

It would probably be prudent to assume the worst and just change your password anyway, especially if you use the same password elsewhere

 

[Dist]

How did you decrypt it? :S

I may be mistaken, but you don't need to decrypt anything. If you hash your own password you can simply do a search to see if it is in the list.

 

[squerble]

How did you decrypt it? :S

You don't. You generate the SHA1 hash of your password, and then look for that string (and try it minus the first five characters if the first search comes back negative) in the list.

Mine matches.

 

[Chaos]

Type your password into a SHA-1 generator and check it.

 

[The__Malteser]

Cheers

 

[toon_mad]

I don't use social networking sites.

*safe*

Finally someone with sense

 

[squerble]

That's the command I used. Bits obviously blanked out for security but you get the idea.

 

[The__Malteser]

My profile

Name: y
Surname: yve

has not been compromised.

Not sure where the spam came from Spyware doctor gave just 4 browser stuff. AVG now.

 

[sniffy]

Look here : http://plaintextoffenders.com/
Be gobsmacked

WTF

A useless CS undergrad knows how to hash a password with a salt. How do these people get work?

We take the security of our members very seriously

lol. You evidently do not.

 

[willhub]

They've not got my password.

 

[memyselfandi]

Please can someone trust me the link ...

Thanks

 

[Dist]

http://www.leakedin.org/

It uses javascript to hash the password (so it's all client side, you don't send them your pass), and then compares the hash to the list of hashes.


Edit: It's down right now for the moment, they just talked about it on the TWiG podcast seconds ago, and it killed the site.

 

[squerble]

http://www.leakedin.org/

It uses javascript to hash the password (so it's all client side, you don't send them your pass), and then compares the hash to the list of hashes.


Edit: It's down right now for the moment, they just talked about it on the TWiG podcast seconds ago, and it killed the site.

After reading a few ethical hacking guides, I don't trust using things like this out of principal, hence my desire to get the hashes for myself. But then I'm quite paranoid about security (and yes, my password was for LI only ).

 

[Dist]

Well anyone who wants the list of hashes themselves and wants to hash their own password can just google it, there are tons of sites out there hosting the list of hashes. If it wasn't for the fact that this uses javascript and even suggests you look at the source to see for yourself that you don't ever send out your password to them then I wouldn't have suggested it, but it's all good and helps people who don't want to have to download anything, or read how to hash their password themselves.