Open Cloze
Gap-fill exercise
Fill in all the gaps, then press "Check" to check your answers.
LinkedIn: Unsalted, Assaulted and Faulted
An extremely determined and talented digital intruder can find
way to break
the security of just about
website. So when you hear
a site getting hacked, the
that there was a break-in doesn't necessarily mean
anyone was incredibly lazy or inept or asleep at the switch. Sometimes a site just gets outplayed
a criminal genius.
Other times,
, the circumstances of
intrusion indicate that the site really was flat-out doing security
. Sometimes a site really does leave the door unlocked and
open.
That seems to be what happened
LinkedIn (NYSE: LNKD) recently. The site suffered a break-in,
the intruders swiped files containing many users' logins and passwords. That's not good, but it's a setback that could
been mitigated by following some longstanding best practices,
encrypting that data so that even if someone should steal it, they couldn't
any sense of it.
But apparently that practice had
been followed. After the breach, LinkedIn indicated
going forward, the new passwords that victims put on their accounts, as
as the passwords used by members whose data wasn't stolen, will
hashed and salted. That's a delicious way to say that the data will be scrambled in
to make it very difficult
thieves to use it. It also implies that
the time of the break-in, LinkedIn wasn't hashing and salting anything. The thieves stole raw potatoes.
Sure enough, millions of users' passwords appear to
been exposed.
If LinkedIn indeed hadn't
hashing and salting users' passwords, the incident
exposed an embarrassingly weak security practice. Some users
it in stride, saying that if anyone breaks
their LinkedIn profile, that'll be the first visit it's had in years. For others, it's
joke -- LinkedIn's a site for career networking, and some profiles could hold some very sensitive info.
Mucking
with people's actual LinkedIn pages probably isn't what
intruders really have in mind, though. Like with a lot of other sites, LinkedIn users
in using an email address/password combo, and lots of people are in the
of using the exact same email-password combo for all the sites
visit,
banking and credit card sites. Try enough cracked combos at enough sites, and
are you'll gain access to something much
interesting than who someone's coworkers are.
Adapted from: TechNewWorld, June 9, 2012; Available at
Check
OK