11 Jun 2012
When news broke last week of a hack of some 6.5 million passwords from LinkedIn, we at V3 were interested to see if anyone of us had been affected and how the company would deal with the incident.
First impressions weren't good as the company took several hours to issue any kind of formal response to growing media speculation about the breach which did nothing to reassure users of the site.
The firm eventually confirmed it was investigating an incident in a statement but on logging on the site there was no message or alert relating to the incident, no doubt meaning many users were left in the dark as to the best course of action.
The firm did say, though, that it would be alerting those affected to the breach and urging them to change their passwords.
However, it appears wasn't until Saturday, a full three days after the breach was first made public, that these email were sent to affected users telling them it may be a good idea to change their passwords.
One V3 member received this email (pictured below), although they had of course changed their email long before this tardy warning.
As you can see the, advice they give is simple, straightforward and sound, but the time it took the company to send it out is disappointing and should be a lesson for other online companies that speed is of the essence when dealing with major security incidents.
For those still concerned about password security V3's has put together a quick guide on password security, breaking down five simple measures you can take to protect your password.
Just how good is the protection afforded by the pattern-lock technique Google designed to prevent unauthorised access to some Android-based smartphones?
Good enough to apparently defeat the entire technical brainpower of the Federal Bureau of Investigation's (FBI) Regional Computer Forensics Labs (RCFL) in Southern California.
A recently released affidavit, discovered by security researcher Christopher Soghoian of Indiana University, revealed that the FBI went cap-in-hand to a judge, seeking a warrant that would force Google to help them unlock the phone.
The phone in question had been seized during the arrest of a notorious gang member and pimp in January.
In his warrant application, special agent Jonathan Cupina explained how the RCFL technicians made several attempts to unlock the phone, but ended up just triggering the lock-out mechanism, which requires a Gmail login and password to override. It was these details that the FBI wanted Google to hand over.
As Soghoian points out, it seems slightly perverse for a computer forensics lab to resort to obtaining search warrants for Google, when there are tried and tested commercial products and hardware hacks that would have enabled the FBI to access the phone's data.
Sure, the FBI may have needed a warrant to legally access the phone's data, but surely it could have done that rather than going direct to Google? It certainly doesn't paint the FBI's computer forensic team in a flattering light.