LinkedIn confirms that user passwords were compromised
LinkedIn has confirmed that some of the more than six million password hashes which were stolen and published online correspond to accounts belonging to its members. The professional social networking web site has now disabled the passwords for affected accounts.
Affected users should receive an email from LinkedIn with instructions explaining how to reset their passwords. LinkedIn Director Vicente Silveira says that these initial password reset emails will not contain any links. This is most likely being done to protect users against possible phishing attacks in which attackers could, for example, send emails with instructions to reset passwords and links to web sites constructed to impersonate LinkedIn, in order to trick people into providing private information. Read more...
Facebook file-sharing could be security, piracy nightmare
Facebook has started to roll out a new file-sharing capability -- and Dropbox shouldn't be the only worried party. The addition of a low-security file-sharing tool to the world's most popular social networking site could open a world of security pain on businesses and home users alike.
Facebook's new file-sharing feature enables members of Facebook Groups to upload and download files as large as 25MB, with only two file-type restrictions: no music files (such as MP3s) and no executables (files ending with ".exe"). Beyond that, everything is fair game. Facebook won't police the file swap either; it's entirely up to users to report content that's pirated or dangerous. Additionally, there are no security controls for permitting limited or full access, as you might find on Dropbox. Read more...