[Owasp-natal] Confirmado hack no Linkedin

Noilson Caio caiogore em gmail.com
Quinta Junho 7 00:30:40 UTC 2012

é isso mesmo.

LinkedIn has confirmed<http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/>that
some of the password hashes that were posted
match users of its service. They have also stated that passwords that
are reset will now be stored in salted hashed format.

What is a salt? It is a string that is added to your password before it is
cryptographically hashed. What does this accomplish? It means that password
lists cannot be pre-computed based on dictionary attacks or similar

[image: Password hash with salt example]

This is an important factor is slowing down people trying to brute force
passwords. It buys time and unfortunately the hashes published from
LinkedIn did not contain a salt.

[image: 60% of LinkedIn passwords cracked]After removing duplicate hashes,
SophosLabs has determined there are 5.8 million unique password hashes in
the dump, or which 3.5 million have already been brute forced. That means
over 60% of the stolen hashes are now publicly known.

We also did some additional testing of commonly used passwords that should
never be used. We started with the list of passwords that the Conficker
worm used<http://nakedsecurity.sophos.com/2009/01/16/passwords-conficker-worm/>to
spread through Windows networks.

All but two of the Conficker passwords were used by someone in the 6.5
million user password dump. The two passwords that weren't found were
'mypc123' and 'ihavenopass'.

Other passwords that we found in the dump include 'linkedin',
'linkedinpassword', 'p455w0rd' and 'redsox'. We even found passwords that
suggest people should know better like 'sophos', 'mcafee', 'symantec',
'kaspersky', 'microsoft' and 'f-secure'.

We will continue to keep Naked Security readers up to date with what is
known as we learn more.

It is critical that LinkedIn investigate this to determine if email
addresses and other information was also taken by the thieves which could
put the victims at additional risk from this attack.

*Special thanks to Beth Jones and Richard Wang from SophosLabs for their
hard work and assistance with this post.*

Noilson Caio Teixeira de Araújo
Linux Professional Institute Certification  2 - LPI000182893
Novell Certified Linux Administrator (CLA) - 10111916
Novell Data Center Technical Specialist

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-natal/attachments/20120606/31d39446/attachment.html>

More information about the Owasp-natal mailing list