[LINK] Millions of LinkedIn passwords leaked online
Rick Welykochy
rick at vitendo.ca
Wed Jun 13 15:21:13 AEST 2012
Fernando Cassia wrote:
> Because:
> 1. It's hosted by a software firm. Not an anonymous individual.
> 2. It was mentioned on Twitter by IT writer Esther Schindler, whom I know
> since the 1990s, and she added that its javascript source code (which
> anyone can view using the web browser' s "view source") was "audited" and
> "apparently safe".
Yup. I had a look at the source code. Try it yourself.
You will find some Javascript that calls an SHA1 hash function.
It then submits the hashed password that you type into the box
using AJAX to the web site. Not a worry.
cheers
rick
--
------------------------------------
Rick Welykochy || Vitendo Consulting
I don't wanna live on in my work,
I wanna live on in my apartment.
-- Woody Allen
More information about the Link
mailing list