LinkedIn

Last week there was no escaping news of the latest data breach. The LinkedIn hack of 2012 which we thought had "only" exposed 6.5M password hashes (not even the associated email addresses so in practice, useless data), was now being sold on the dark web. It was allegedly 167 million accounts and for a mere 5 bitcoins (about US$2.2k) you could jump over to the Tor-based trading site, pay your Bitcoins and retrieve what is one of the largest data breaches ever to hit the airwaves. But this is not a straightforward incident for many reasons and there are numerous issues raised by the data itself and the nature of the hack. I've had a heap of...

Update: 17 Feb 2014: Sanity has prevailed and the service has now been pulled. LinkedIn Intro has already become known by many names: A dream for attackers, A nightmare for email security and privacy and A spectacularly bad idea to mention but a few. Harsh words. The general consensus of people I’ve spoken to is that it’s fundamentally stupid and about the worst thing you could consider doing with your privacy. It looks like this: You probably didn’t know this, but apparently you want a third party to access your email, pull some data out of it, manipulate the contents then send it on for you. That’s every email you send. Oh...

No really, this is my LinkedIn password: y>8Q^<6mqKEA4hac Well it was my LinkedIn password until earlier today when it became apparent that LinkedIn had suffered what could only be described as a massive security breach. The disclosure of 6 million passwords used in one of the world’s premier social networking sites is nothing short of astonishing. But what’s also astonishing is that this exercise once again demonstrates that we, as users, are continuing to choose outrageously stupid passwords. How do I know this? Take a look at leakedin.org and try something obvious: And here it is: Now try your old LinkedIn password which, of course, you’ve already changed. Don&...

The final catalyst for me eventually taking the leap into the blogosphere came from an unexpected source. It was actually my own response to a Stack Overflow Question where I’d suggested that one of the best ways to make yourself more marketable as a software developer is to have an active online profile. I don’t necessarily mean to try and achieve semi celebrity status like Scott Guthrie or Joel Spolsky, rather to be able to illustrate that over time, you’ve been actively involved in the areas in which you profess to have expertise. It’s one thing to present a CV or a LinkedIn profile which says you’ve done everything from...