headers
Lloyd Kvam | 1 Jun 2012 13:39
Favicon

[GNHLUG] [DLSLUG-Announce] DLSLUG Monthly Meeting 2012-06-07

Next Meeting June 7

Gabe Weaver - Context-Free Grep
http://www.cs.dartmouth.edu/reports/TR2011-705.pdf

At:     Dartmouth College
        Haldeman 031

	Admission is free
	All are welcome

5:30  Pre-meeting dinner at Everything But Anchovies.  
      That's a pizza joint on Allen Street by the Dartmouth Bookstore.
      http://www.ebas.com/  
      RSVP and bring cash.

7:00  Sign-in, networking

7:10  Introductory remarks

7:15  Featured Presentation

--

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jonathan Linowes | 1 Jun 2012 15:35

Fwd: RailsCamp New England 2012!

FYI, a geeky fun weekend for New England Rails developers (and wannabees)


Begin forwarded message:

Subject: RailsCamp New England 2012!
Date: May 29, 2012 1:27:49 PM EDT
To: undisclosed-recipients:;

Hey guys,

Sorry if you already got this but I figure many people don't have the
email for the RailsCamp list turned on.

Anyway, tickets are now available. It will be happening June 22 - 25
in Bryant Pond, ME.

Looking forward to seeing everyone!

http://guestlistapp.com/events/106653

- Brian




-- jonathan linowes
    parkerhill technology group llc
    office: 603-838-2884



_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@...
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply | 0 comments |
headers
Joshua Judson Rosen | 3 Jun 2012 02:07

Open, non-DRM HD consumer video standard project on Kickstarter

Given some of the conversations we've had here--like how the reason
`Linux support for making/watching DVDs sucks' is because groups behind
the standards have made the legality of us supporting them questionable
at best..., e.g.:

   http://comments.gmane.org/gmane.org.user-groups.linux.gnhlug/19085

I figure some of you would want to support Lib-Ray, but may not have heard
of it; the Kickstarter campaign has already exceeded its initial
funding target, but it's open through tonight (until 9:00 Sunday morn),
so there's still a little time to chip in and sign up for goodies
in return:

    http://www.kickstarter.com/projects/2144275086/lib-ray-non-drm-open-standards-hd-video-format

Creative Commons, QuestionCopyright.org, and a number of other notable
people and groups are all supporting it and asking others to do so,
e.g.:

    http://identi.ca/notice/94108963

    http://questioncopyright.org/libray_kickstart

After reading the FAQ, I've decided to chip in.

--

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."

_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss <at> mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply | 0 comments |
headers
Lloyd Kvam | 6 Jun 2012 15:36
Favicon

[GNHLUG] [DLSLUG-Announce] DLSLUG Monthly Meeting 2012-06-07 (TOMORROW)

Next Meeting June 7

Gabe Weaver - Context-Free Grep
http://www.cs.dartmouth.edu/reports/TR2011-705.pdf

At:     Dartmouth College
        Room to be determined

	Admission is free
	All are welcome

5:30  Pre-meeting dinner at Everything But Anchovies.  
      That's a pizza joint on Allen Street by the Dartmouth Bookstore.
      http://www.ebas.com/  
      RSVP and bring cash.

7:00  Sign-in, networking

7:10  Introductory remarks

7:15  Featured Presentation

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug

--

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug

_______________________________________________
DLSLUG-Announce mailing list
DLSLUG-Announce@...
http://dlslug.org/mailman/listinfo/dlslug-announce
_______________________________________________
gnhlug-announce mailing list
gnhlug-announce@...
http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce/
Permalink | Reply | 0 comments |
headers
Lloyd Kvam | 7 Jun 2012 13:33
Favicon

Wall Street Journal reports security breach against LinkedIn passwords

Today's WSJ reported in the Digits column that encrypted LinkedIN
passwords had been leaked.  Decryption efforts have been successful
against some subset of these passwords.

I was disappointed to see no acknowledgement on the LinkIn site.  (I
just found it buried in the clutter.  Its a link to CBS news??)

The passwords may not be attached to account names.  Still they will
likely be added to the lists of passwords in cracking tool-kits.

(I know a lot of people on this list use LinkedIn so I figure this is
relevant.)  

--

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug
Permalink | Reply | 8 comments |
headers
Brian St. Pierre | 7 Jun 2012 14:36

Re: Wall Street Journal reports security breach against LinkedIn passwords

On 06/07/2012 07:33 AM, Lloyd Kvam wrote:
> Today's WSJ reported in the Digits column that encrypted LinkedIN
> passwords had been leaked.  Decryption efforts have been successful
> against some subset of these passwords.
>
> I was disappointed to see no acknowledgement on the LinkIn site.  (I
> just found it buried in the clutter.  Its a link to CBS news??)

Bottom line: go change your LinkedIn password right now.

This post is all I've seen from LinkedIn:

 
http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/

This project on github has what appears to be a list of 6.4M password 
hashes and a small bit of code to check if your password hash is in the 
list. My (~20 char random string unique to linkedin) password's hash was 
in the list, so it appears to be genuine.

     https://github.com/hungtruong/LinkedIn-Password-Checker

It's not really surprising that the hashes were leaked, but it is sort 
of (ok, not really) surprising to me that a big site like LinkedIn can 
be storing passwords so poorly: they were just hashed with SHA-1 and no 
salt.

-Brian
Permalink | Reply | 7 comments |
headers
Joshua Judson Rosen | 7 Jun 2012 15:15

Re: Wall Street Journal reports security breach against LinkedIn passwords

"Brian St. Pierre" <brian <at> bstpierre.org> writes:
>
> On 06/07/2012 07:33 AM, Lloyd Kvam wrote:
> > Today's WSJ reported in the Digits column that encrypted LinkedIN
> > passwords had been leaked.  Decryption efforts have been successful
> > against some subset of these passwords.
> >
> > I was disappointed to see no acknowledgement on the LinkIn site.  (I
> > just found it buried in the clutter.  Its a link to CBS news??)
>
> Bottom line: go change your LinkedIn password right now.
[...]
> It's not really surprising that the hashes were leaked, but it is sort 
> of (ok, not really) surprising to me that a big site like LinkedIn can 
> be storing passwords so poorly: they were just hashed with SHA-1 and no 
> salt.

Have they actually fixed the problem yet? If they haven't, you'll
probably have to (want to) change your password *again* when they do....

--

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."

_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss <at> mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply | 0 comments |
headers
Tom Buskey | 7 Jun 2012 15:19

Re: Wall Street Journal reports security breach against LinkedIn passwords



On Thu, Jun 7, 2012 at 8:36 AM, Brian St. Pierre <brian-T19J0QkMyrXNLxjTenLetw@public.gmane.org> wrote:
On 06/07/2012 07:33 AM, Lloyd Kvam wrote:
> Today's WSJ reported in the Digits column that encrypted LinkedIN
> passwords had been leaked.  Decryption efforts have been successful
> against some subset of these passwords.
>
> I was disappointed to see no acknowledgement on the LinkIn site.  (I
> just found it buried in the clutter.  Its a link to CBS news??)

Bottom line: go change your LinkedIn password right now.


This kind of thing will happen again.  It's important to use different passwords for each site/account you have.  I recommend using a "password safe" of some sort with long, random passwords.  If you must, a card in your wallet will work unless you lose your wallet often.

There are rainbow tables out there with every combination of 8 character passwords.  You type in the hash & it spits back the password that generated it.

I use KeypassX.  It runs on Linux, Windows, Macintosh, iphone, android and there's a blackberry app that gives read only access.

If you're a Google user, there's a 2 factor system called Google Authenticator.  It's like the RSA SecureID with an app that runs on all of the above.  It can also use SMS or even call your phone and read the number to you.


_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@...
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply | 5 comments |
headers
John Abreau | 7 Jun 2012 20:00
Picon
Favicon
Gravatar

Re: Wall Street Journal reports security breach against LinkedIn passwords

I normally use "apg -m 14" to generate random 14-character passwords
so I have a unique password for each and every website I register with.

apg is in the Fedora yum repo and the CentOS EL repo; its website is at

    http://www.adel.nursat.kz/apg/

I would imagine it's also available for debian, ubuntu, etc.

On Thu, Jun 7, 2012 at 9:19 AM, Tom Buskey <tom@...> wrote:
>
>
> On Thu, Jun 7, 2012 at 8:36 AM, Brian St. Pierre <brian@...>
> wrote:
>>
>> On 06/07/2012 07:33 AM, Lloyd Kvam wrote:
>> > Today's WSJ reported in the Digits column that encrypted LinkedIN
>> > passwords had been leaked.  Decryption efforts have been successful
>> > against some subset of these passwords.
>> >
>> > I was disappointed to see no acknowledgement on the LinkIn site.  (I
>> > just found it buried in the clutter.  Its a link to CBS news??)
>>
>> Bottom line: go change your LinkedIn password right now.
>>
>
> This kind of thing will happen again.  It's important to use different
> passwords for each site/account you have.  I recommend using a "password
> safe" of some sort with long, random passwords.  If you must, a card in your
> wallet will work unless you lose your wallet often.
>
> There are rainbow tables out there with every combination of 8 character
> passwords.  You type in the hash & it spits back the password that generated
> it.
>
> I use KeypassX.  It runs on Linux, Windows, Macintosh, iphone, android and
> there's a blackberry app that gives read only access.
>
> If you're a Google user, there's a 2 factor system called Google
> Authenticator.  It's like the RSA SecureID with an app that runs on all of
> the above.  It can also use SMS or even call your phone and read the number
> to you.
>
>
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss@...
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>

--

-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr@... / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
Permalink | Reply | 4 comments |
headers
Joshua Judson Rosen | 7 Jun 2012 20:07

Re: Wall Street Journal reports security breach against LinkedIn passwords

John Abreau <jabr <at> blu.org> writes:
>
> I normally use "apg -m 14" to generate random 14-character passwords
> so I have a unique password for each and every website I register
> with.

Isn't knowing what the class of password we need to guess
half the battle?

--

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."

_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss <at> mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Permalink | Reply | 3 comments |

Gmane