I'm sure it's no surprise to all of you, that our most retweeted and talked about topic this week is of course Linkedin, and their very large password leak, followed swiftly by the same group hacking eHarmony. The hottest version of this story via my monkeyfeed is this one from Ars Technica: 8 million leaked passwords connected to LinkedIn, dating website. That's right, eight million passwords overall, methodically being cracked on various websites as we speak. I, like most of you, quickly went in and changed my existing normal password to one with 47 random characters, so every time I log in I feel like R2D2 talking to the Death Star.
On a lighter note, it's always hilarious to take a look inside people's password brainspace, and this article: 10 (or so) of the worst passwords exposed by the LinkedIn hack, gives us the rundown of the 10 worst. My personal favorite on this list has got to be "iwantanewjob." It's very zen isn't it? Typing and retyping that password every time you log in? Very positive reinforcement. Horrible password though. Here are some simple tips for good password/ passphrase security that way too many people are clearly ignoring.
Unfortunately for LinkedIn, when it rains it pours: Your iPhone calendar isn't private;at least if you use the LinkedIn app. Jumping back to Ars again, we find that the iPhone and Android versions of LinkedIn's app pull your calendar items back to their servers, even if they were created outside of your app.
Moving away from Linkedin for a bit, it's back to the other big Infosec news item of the last few weeks: Flame. The monkeyfeed has had a great deal of Flame and Stuxnet but this new article from Securelist is jumping up the list as of this morning: Back to Stuxnet: the missing link. Kaspersky Labs is now claiming that these attacks are actually related, and this article does a great deal to explain the links. What say you, our esteemed Monkeynauts?
The other Pip hits for last week include:
When Is A Breach Not A Breach? - Dark Reading (Wendy Nather! I've met her!)
Finally, my favorite story of the week is this one from Naked Security: North Korea uses infected games to DDoS South Korea | Naked Security. This is a brilliant attack. Take South Korea and their love for video games, add in a distributor selling those games cheaper than the stores, and include a free virus in every order! The reason this is so brilliant, and scary, is that if there was suddenly a huge sale on Diablo 3 in this country, we'd have the same problem in a heartbeat.
That's it for this week. Remember, we're shifting my Monkeybloggings to Mondays going forward. Make sure to set your DVRs.