Messages In This Digest (3 Messages)
- 1.
- Computerworld reports Linkedin Passwords have all been compromised From: John Rechenberg
- 2.
- Here's How To Change Your LinkedIn Password After Today's Security B From: Ann Bergquist
- 3.
- LEAD: Disaster Recovery/Business Continuity Systems Analyst From: Ann Bergquist
Messages
- 1.
-
Computerworld reports Linkedin Passwords have all been compromised
Posted by: "John Rechenberg" jar1@optimum.net john_rechenberg
Wed Jun 6, 2012 2:12 pm (PDT)
[Attachment(s) from John Rechenberg included below]
I am sending out this message because it seems that all or almost all
passwords on Linkedin have been compromised. This is an on-going and
possibly unresolved situation, so even if you change passwords now, you may
have to change them again. The hackers may not have access to your email
identity, which is good.
In the meantime, please pay attention to further messages, and I would
suggest changing your Linkedin password at this time to a unique combination
of letters and words that you do not use elsewhere.
Enclosed is the Computerworld article:
Update: LinkedIn probing reports of massive breach
About 6.5 million hashed LinkedIn passwords said to be accessed and posted
online
Jaikumar Vijayan
June 6, 2012 (Computerworld) <http://www.computerworld.com >
Professional social networking service LinkedIn today said it is
investigating reports that hackers broke into its systems and accessed the
usernames and hashed passwords of the social network's 6.5 million members.
The data was said to be posted on an online Russian hacker forum.
In numerous Twitter messages
<https://twitter.com/LinkedIn/ > , LinkedIn told itsstatus/210356987 576324096
members that it's investigating the breach reports, and that it can't yet
confirm that hacker had accessed the site.
One said: "Our team is currently looking into reports of stolen passwords.
Stay tuned for more."
One security researcher today said that he has downloaded a file from a
Russian hacker website containing more than 6.4 million hashed passwords.
Marcus Carey, a security researcher at Rapid7, said he also downloaded two
separate files containing more than 300,000 passwords collected by the
hackers. The hackers accessed the passwords by using simple password
cracking tools, Carey said.
Though it is not immediately possible to confirm if the hashed passwords
were in fact accessed from LinkedIn's servers, there are numerous anecdotal
reports that users have seen their LinkedIn password posted online, he said.
So far, he added, there is no evidence that emails associated with the
passwords have also been accessed, though that remains a possibility.
Carey noted that the hackers might still have access to the LinkedIn
servers.
According to him, a look at the data that was posted online suggests that
the hackers may have had access to the data for sometime.
Users of LinkedIn should immediately change their passwords to protect their
accounts, he said.
After reviewing the data posted online by the apparent hackers, Carey said,
"We don't know who is behind this but [they] definitely had access to the
LinkedIn database for at least the last week."
"I want to emphasize is that we don't know if the attackers still have
access to the LinkedIn system," he added.
According to Carey, a manual inspection of the leaked passwords show that
the site was protected by using the Secure Hashing Algorithm-1 (SHA-1)
format.
Because the protection offered by SHA-1 isn't foolproof, security experts
have for some time now recommended that organizations use a technique called
salted hashing to protect sensitive data, like passwords.
The fact that the passwords have been hashed using straight SHA-1 makes them
somewhat easy to crack using brute force methods, he said.
Many of the 300,000 or so passwords that have already been posted in clear
text online were cracked using a password cracking tool called John the
Ripper, Carey said.
Users should immediately change their passwords, and keep a close eye on
updates on the incident from LinkedIn, he said.
If it turns out that the hackers still have access to the database, LinkedIn
users may need to change their passwords again, he said.
"The silver lining here is that we know the attack took place, so users can
at least change their passwords," he said.
The real danger comes when such attacks aren't discovered until long after
they are launched. The fact that the attackers don't appear to have the
matching email addresses for the stolen passwords is also a good sign fro
LinkedIn members, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services
security and e-voting for Computerworld. Follow Jaikumar on Twitter at
@jaivijayan <http://twitter.com/jaivijayan > , or subscribe to Jaikumar's RSS
feed <http://www.computerworld.com/ > . Hiss/feed/keyword/ Jaikumar+ Vijayan
e-mail address is jvijayan@computerworld.com .
Thank you,
John Rechenberg, PMP
158 Harcourt Avenue
Bergenfield, NJ 07621-1960
jar1@optonline.net
H: [201]387-9063
C: [201]694-3571
http://www.linkedin.com/in/johnrech enberg
Attachment(s) from John Rechenberg
1 of 1 File(s)
- 2.
-
Here's How To Change Your LinkedIn Password After Today's Security B
Posted by: "Ann Bergquist" annber55@yahoo.com annber55
Wed Jun 6, 2012 4:19 pm (PDT)
You may want to update your LinkedIn password - I did.
Ann Bergquist
http://www.linkedin.com/in/annbergq uist
Copy and paste this long link into your browser:
http://www.businessinsider.com/ heres-how- to-change- your-linkedin- password- af
ter-todays-security-breach-2012- 6
- 3.
-
LEAD: Disaster Recovery/Business Continuity Systems Analyst
Posted by: "Ann Bergquist" annber55@yahoo.com annber55
Wed Jun 6, 2012 6:19 pm (PDT)
Please reply to Jack directly jackschwartz@itechrecruiting. com
Ann Bergquist
http://www.linkedin.com/in/annbergq uist
To my JO network: I don't usually work on contract positions, but here is one that I am trying to fill. Candidates must be willing to work as a W-2 through us and be on site at out client in northern NJ for 6-9 months and the contract will probably be extended longer- they have alot of work to do. I realize that it is easier for candidates to just shoot me a resume with a boiler plate cover, but priority will be given to candidates who specify in the cover why they are a good fit for this specific position. If this is not a good fit for you, please share with Disaster Recovery/ Business Continuity people in your network. Thanks
They want a contractor in No. NJ>>W-2 only
Systems Analyst- Disaster Recovery/Business Continuity.
Duties
The position will report to the ITS DR Manager, and will assist the DR Project Managers with various risk mitigating efforts such as Governance, DR Documentation, requirements gathering, recommendations for DR strategies, implementation coordination, etc.
Assist the DR Team with risk mitigation efforts to enhance the overall DR Program. This individual will work closely with DR Project managers helping to identify, recommend, develop, implement, and support cost-effective operational processes and services. They will also assist in implementing policies, procedures, and best practices
Evaluates current ways of doing things and assists with implementing new approaches, ideas and strategies
Seeks opportunities to assist in providing value-added service to internal clients and uses appropriate resources/technology throughout Company.
Assist in steps to implement governance including risk assessments, business impact analysis, testing, and documentation
Assists with the technical review and coordination with projects relating to disaster recovery planning, implementation and tracking
Coordinates the DR documentation gathering, gap analysis, completion and on-going reviews
Assists with the coordination of testing schedules, objectives, exercises and post mortem reviews
Assists in the DR requirements gathering for business criticality ratings and coordinates the procurement and implementation of associated IT DR assets
Participates in the design, development, testing of new tools with a strong background in data replication and technologies for DR
Skills
Ability to assist with implementation of an effective and sustainable Information Technology (IT) Disaster Recovery (DR) program including governance, risk assessment / impact analysis, recovery strategy selection, plan development, testing, change control and awareness
Proven track record of delivering business continuity or disaster recovery programs
Experience with assessing and implementing data replication products
Experienced in the development of disaster recovery plans
Ability to assist with the coordination of DR Test objectives, coordination, and reporting
Experienced with Microsoft Office Suite: Word, Project, Excel, Visio, Power Point
Strong interpersonal skills (verbal, written and presentation) รข" The position requires a lot of customer interaction including meetings, presentations and documentation
Strong knowledge of IT Disaster Recovery Professional Practices and/or Data Center Operational environments
5+ years IT Disaster Recovery / Business Continuity Technology
5+ Experience with 3+ years as a Manager or Project Manager
Education
BS or MS degree in Computer Science, Engineering, or related field.
Advanced Business Continuity Planning / DR Certifications from an industry recognized certification board (e.g. DRI, BCI, etc.)
Jack M. Schwartz
Managing Director
ITech Recruiting LLC
516-826-4640 office
516-524-6010 cell
JackSchwartz@ITechRecruiting. com
RELATED KEYWORDS
Need to Reply?
Click one of the "Reply" links to respond to a specific message in the Daily Digest.
Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Individual | Switch format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe
No comments:
Post a Comment