Erik's Weblog 2.0

June 7, 2012 +1 more...




I was just reading this blog post from Vicente Silveira explaining yesterday's breach of Linkedin's password databases.

It really rubs me the wrong way, to say the least.


First, he minimizes the breach. Dude, you just got hacked.

Second, he dares lecture us on the use of strong passwords. Seriously? That wouldn't have made one bit of a difference, would it? The hacker lifted the passwords directly from your databases, didn't he?

What you should really explain is why your password databases weren't salted in the first place? It is really not rocket science. But salting wasn't the solution, was it? Not losing the hashes in the first place, was.

Let me venture a guess or two here. Could it be that the hacker gained access using a weak password from someone in your organization? Could it be that this person was a contractor also working for eHarmony? I know, I'm reaching...


Post a comment


Comment Preview