Erik's Weblog 2.0

June 7, 2012




I was just reading this blog post from Vicente Silveira explaining yesterday's breach of Linkedin's password databases.

It really rubs me the wrong way, to say the least.


First, he minimizes the breach. Dude, you just got hacked.

Second, he dares lecture us on the use of strong passwords. Seriously? That wouldn't have made one bit of a difference, would it? The hacker lifted the passwords directly from your databases, didn't he?

What you should really explain is why your password databases weren't salted in the first place? It is really not rocket science. But salting wasn't the solution, was it? Not losing the hashes in the first place, was.

Let me venture a guess or two here. Could it be that the hacker gained access using a weak password from someone in your organization? Could it be that this person was a contractor also working for eHarmony? I know, I'm reaching...



Twits du Jour (June 6)

  • @RussB Router didn't see anything, no IPv6 interface. I'll have to play with it later. #
  • @RussB Didn't try direct, but my router should work with v6 as is. I did restart the modem. #
  • @RussB (Yeah, I realized that after I hit tweet. Sue me.) I suspect they are, but that test page your linked to said I didn't have it, yet. #
  • @RussB We buy keywords like that on Google, so that pricks from California don't come down here. ;-) #
  • @RussB No v6-love on Comcast for me. :/ #
  • @RussB Is that why you had to connect your lappy directly? Your router doesn't support v6? #
  • @RussB hey! When I try, it says: unknown host. So some of it works! ;) #
  • @RussB probably because I don't have IPv6 configured. #
  • @RussB # ping6 connect: Network is unreachable #
  • @RussB I've been stalking you for years. ;-) #
  • Another day, another breach... #