Fixing the petname-as-my-password dogma.

Popular pet names Rover, Cheryl and Kate could be a thing of the past. Banks are now advising parents to think carefully before naming their child’s first pet. For security reasons, the chosen name should have at least eight characters, a capital letter and a digit. It should not be the same as the name of any previous pet, and must never be written down, especially on a collar as that is the first place anyone would look. Ideally, children should consider changing the name of their pet every 12 weeks.

Hilarious! Be sure to read the full article, as it contains more gimmickry.

Children warned name of first pet should contain 8 characters and a digit →


Today, 6.5million LinkedIn password hashes leaked. These hashes are unsalted SHA-1 hashes and can be found online. If you happen to have the file lingering around, use grep "yourhash" combo_not.txt to check your hash is in it. Also check with the hash in which you replaced the first 5 characters by 00000.

If you’re not savvy enough, or don’t have the list, you can use LeakedIn

My old LinkedIn password was in the list (I changed it about a month ago). Best is to change it now, and change it again after LinkedIn has fixed the hole. Also, it’s — again — yet another reason to use different passwords for each site on the internet.

Bad day for LinkedIn: 6.5 million hashed passwords reportedly leaked →
LeakedIn: is your password safe? →

Intercepting LinkedIn Passwords

At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used.

Not that wow imho, as it’s basically a man in the middle attack using a self-signed (thus forged) certificate (on which the browser will give you a notification). Quite sure lots of sites are “hackable” in this manner.