The next time you hear a company say, "We take your privacy very seriously," try to stifle that guffaw that wants to escape from your belly.
I know it will be hard, because between
Facebook's prying and
Google's spying, it doesn't seem like any large organization gives a damn about your personal privacy.
This week brings us several examples of corporations treating their customers' personal information like confetti at a ticker tape parade.
A few days ago some
6.5 million LinkedIn passwords were stolen and put on display on a Russian hacker forum, along with another
1.5 million for the eHarmony dating service and an unknown number from
music sharing network Last.fm.
These stolen passwords had at least two things in common: They were protected using an MD5 hash, but not very well (obviously).
In all of these cases, the sites failed to "salt" the hash by tossing random characters into the mix, making the encryption much more susceptible to a brute-force attack.
In brute-force attacks,
code crackers throw random password phrases at each hash until a match is found.
So far, more than half of the LinkedIn hashes have been unhashed.
Nice.
