By timothy from Slashdot's risky-busy-ness department
As reported here recently, millions of LinkedIn password hashes have been leaked online
. An anonymous reader writes "Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: 'New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'"
was was one of several to also point out that dating site eHarmony got the same treatment
as LinkedIn.Read Replies (0)
By timothy from Slashdot's oh-sure-that's-easy department
theodp writes "Remember the Pre-Cogs in Minority Report? Slate's Will Oremus does, and wonders if Google could similarly help the police apprehend criminals based on foreknowledge collected from searches. Oremus writes: 'At around 3:45 a.m. on March 24, someone in Fort Lauderdale, Fla., used a mobile phone to Google "chemicals to passout a person." Then the person searched Ask.com for "making people faint." Then Google again, for "ways to kill people in their sleep," "how to suffocate someone," and "how to poison someone." The phone belonged to 23-year-old Nicole Okrzesik. Later that morning, police allege, she and her boyfriend strangled 19-year-old Juliana Mensch as she slept on the floor of their apartment.' In theory, Oremus muses, Google or Ask.com could have flagged Okrzesik's search queries as suspicious and dispatched cops to the scene before Mensch's assailants had the chance to do her in."
I bet you're already thinking of just a few reasons why this might not such a good idea.Read Replies (0)