QPR attempt the Mannequin Challenge at their Harlington training ground. It’s quite a work of art. See also:Fit-again Bidwell back in QPR squadHolloway confirms Bidwell and Robinson newsQPR extend youngster Hamalainen’s contract’Semi-retired banker and Chelsea fan’ made director of QPR’s holding company Ads by Revcontent Trending Articles Urologists: Men, Forget the Blue Pill! This “Destroys” ED x ‘Genius Pill’ Used By Rich Americans Now Available In Netherlands! x One Cup of This (Before Bed) Burns Belly Fat Like Crazy! x Men, You Don’t Need the Blue Pill if You Do This x What She Did to Lose Weight Stuns Doctors: Do This Daily Before Bed! x Drink This Before Bed, Watch Your Body Fat Melt Like Crazy x Follow West London Sport on TwitterFind us on Facebook
cc licensed ( BY NC ) flickr photo by totumwebLinkedIn, a networking site for professionals, has confirmed that some of the passwords in a set of over six million hashed passwords uploaded to an online forum by a hacker, correspond to LinkedIn accounts (full story from PCMag).The security breach at “the world’s largest professional network on the Internet, with 161 million members in over 200 countries and territories” (link), provides an opportune moment for users to think about their personal password policy.If you use LinkedInIf you are a member of the LinkedIn network, you should change your password. If you use the same password on other sites, you should change your password on those sites, as well.If you don’t use LinkedInWhile the currently reported breach involves passwords from LinkedIn and eHarmony, all users should reflect on their current use of passwords. If you can answer yes to any of the following questions, you should change the passwords you are using:I use a common word for my password.My password is less than eight characters long.I use the same password on multiple sites.My password is among those most commonly used.Password tipsIn response to the password leak, LinkedIn has a blog post recommending users change their passwords that includes some account security and privacy best practices. Some recommendations when choosing a password:Longer passwords are better than shorter onesUse a variety of character types (e.g., uppercase, numbers, punctuation marks, etc.)Use a different password for each sitePeriodically change passwordsManaging passwordsRemembering a different complex password for each site you use is a challenge. There are password management tools available to help, ranging from built-in browser tools to stand-alone applications. Whether or not you can use these tools may depend on the policies of your employer. While writing down your passwords with pen and paper is not generally recommended, it may be preferable to using the same weak password on multiple sites.What was leaked?The data uploaded to a forum contained 6,458,020 hashed passwords, but the associated email addresses were not included. It’s not clear if the people in possession of the hashed passwords also have the email addresses, which would be necessary to use the passwords to log in.What’s a hashed password?Most systems don’t store a user’s password in plain text, but instead store a value that results from applying a cryptographic algorithm (hash) to the password. The resulting value is referred to as a “hashed password.”For example, the value “1234567890” when hashed with SHA-1 algorithm (the same algorithm used by LinkedIn) results in a hashed password of “01b307acba4f54f55aafc33bb06bbbf6ca803e9a”. When a user enters their password, it is hashed, and the hashed values are compared to determine if it is the correct password.Storing hashed passwords provides an additional layer of security, since a breach like this doesn’t result in the plain-text passwords being leaked. However, because the algorithm used to hash the passwords is known, it is possible for an attacker to create a table that contains possible passwords and their corresponding hashes. It is then a matter of looking for the hashed password in the table and matching it to the corresponding plain-text password.Since it would be difficult to construct a table of all possible passwords, these tables will typically be constructed using short and common passwords (one reason users should select long and complex passwords.)More informationPassword recommendations – CERN Computer Security Author: Stephen Judd (+Stephen Judd, @sjudd) This work is licensed under a Creative Commons Attribution 3.0 Unported License.