the-frontline

LinkedIn slow to warn users of password breach

11 Jun 2012

When news broke last week of a hack of some 6.5 million passwords from LinkedIn, we at V3 were interested to see if anyone of us had been affected and how the company would deal with the incident.

First impressions weren't good as the company took several hours to issue any kind of formal response to growing media speculation about the breach which did nothing to reassure users of the site.

The firm eventually confirmed it was investigating an incident in a statement but on logging on the site there was no message or alert relating to the incident, no doubt meaning many users were left in the dark as to the best course of action.

The firm did say, though, that it would be alerting those affected to the breach and urging them to change their passwords.

However, it appears wasn't until Saturday, a full three days after the breach was first made public, that these email were sent to affected users telling them it may be a good idea to change their passwords.

One V3 member received this email (pictured below), although they had of course changed their email long before this tardy warning.

LinkedIn password email censoredAs you can see the, advice they give is simple, straightforward and sound, but the time it took the company to send it out is disappointing and should be a lesson for other online companies that speed is of the essence when dealing with major security incidents.

For those still concerned about password security V3's has put together a quick guide on password security, breaking down five simple measures you can take to protect your password.

Android's pattern-lock security confounds FBI computer forensics team

15 Mar 2012

sony-xperia-s-pattern-lock-screenJust how good is the protection afforded by the pattern-lock technique Google designed to prevent unauthorised access to some Android-based smartphones?

Good enough to apparently defeat the entire technical brainpower of the Federal Bureau of Investigation's (FBI) Regional Computer Forensics Labs (RCFL) in Southern California.

A recently released affidavit, discovered by security researcher Christopher Soghoian of Indiana University, revealed that the FBI went cap-in-hand to a judge, seeking a warrant that would force Google to help them unlock the phone.

The phone in question had been seized during the arrest of a notorious gang member and pimp in January.

In his warrant application, special agent Jonathan Cupina explained how the RCFL technicians made several attempts to unlock the phone, but ended up just triggering the lock-out mechanism, which requires a Gmail login and password to override. It was these details that the FBI wanted Google to hand over.

As Soghoian points out, it seems slightly perverse for a computer forensics lab to resort to obtaining search warrants for Google, when there are tried and tested commercial products and hardware hacks that would have enabled the FBI to access the phone's data.

Sure, the FBI may have needed a warrant to legally access the phone's data, but surely it could have done that rather than going direct to Google? It certainly doesn't paint the FBI's computer forensic team in a flattering light.

About The Frontline

Insight into the latest tech news from V3.co.uk's team of reporters

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Internship – Modeling computational complexity of DSP algorithms

Internship – Modeling computational complexity of DSP...

Software Developer

Do you consider yourself a good programmer and get a...

iOS / OS X Software Engineer

Location: Wroclaw Join the leader in entertainment...

Browse posts by date

Cal_navigation_previousApril 2014Cal_navigation_next
MonTueWedThuFriSatSun
       
123456
       
78910111213
       
141517181920
       
21222324252627
       
282930

Other sites we like at The Frontline