http://www.informationweek.com/news/security/attacks/240002005 By Mathew J. Schwartz InformationWeek June 13, 2012 Did LinkedIn drop the ball on information security? In the wake of a breach of LinkedIn users' passwords that first came to light last week--after a subset of those passwords were uploaded to an online password-cracking forum--security pundits have been asking how much LinkedIn's business practices might have been at fault. Multiple commentators have noted the absence of a chief security officer (CSO) or chief information security officer (CISO) on the LinkedIn organizational chart, with some inferring that the breach could thus be traced to a "lax security" attitude at the social network, because "no one was responsible for IT security," according to TechWireAsia. But LinkedIn has defended its security posture and response to the breach, noting that after the password theft came to light early last week, by Thursday it had disabled the passwords on all accounts that were known to have been compromised by attackers. "At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft," according to a Tuesday LinkedIn blog post, which further noted that the company was "continuing to work with law enforcement as they investigate this crime." [...] -- Certified Ethical Hacker, ISSMP, ISSAP, CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best programs, best prices. http://www.ExpandingSecurity.com/PainPillReceived on Thu Jun 14 2012 - 04:56:33 PDT
This archive was generated by hypermail 2.2.0 : Thu Jun 14 2012 - 04:48:22 PDT