The LinkedIn hack: what the experts think

Reaction to the LinkedIn hacking

Carl Leonard, senior security research manager EMEA, Websense

The compromise of a LinkedIn account has three important ramifications. First, the key concern is the bad actors taking advantage of trust. If you are 'linked' to a trusted colleague you are more likely to click on a malicious link sent from them, which may open the door to targeted attacks and confidential data theft.

Second, because many LinkedIn accounts are tied to other social media services, such as Facebook or Twitter, posts with malicious links can also be propagated to a larger audience.

And lastly, many of us are creatures of habit and have the same password for multiple accounts. The consequences of a breached password could be extrapolated across email, social media, banking accounts, and mobile phone data.

Orlando Scott-Cowley, Mimecast

While a data leak of this kind would be very worrying for individuals, a security issue with LinkedIn could also be very potentially damaging for businesses. With many users seeing the site as an extension of their business communications, rather than as a personal tool, employers need to be aware about the possible threat to corporate data that a LinkedIn breach could represent.

Now is a great time to educate your users on the benefits of password complexity and good password policies.

David Emm, senior security researcher at Kaspersky Lab

While LinkedIn says that they are notifying anyone with a compromised password that they need to change their password, we would recommend that anyone with a LinkedIn account takes the precaution of changing their password immediately.

Unfortunately, many people use the same password for multiple online accounts. This practice brings with it the risk that a compromise of one account puts all accounts at risk. We would urge everyone to use a unique, complex password for all online accounts, i.e. one that is at least eight characters and mixes letters, numbers and symbols.

John Yeo, Director at Trustwave SpiderLabs EMEA

It is important for all users of the social network to immediately change their password, not just on LinkedIn, but any other social network where the same password has been used. Perhaps more importantly however, users should also change any passwords to their corporate networks where they have used the same password.

Recent research conducted by Trustwave SpiderLabs found that in over 2.5 million passwords (in use within the workplace) that were analysed, variations on the word "password" made up more than 5% of passwords, and the most common password used by global businesses is "Password1" because it satisfies the default Microsoft Active Directory complexity setting. In approximately 15% of physical security tests, written passwords were found on and around workstations.

And finally… Vicente Silveira, LinkedIn

We want to provide you with an update on this morning's reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.

Linkedin hacked. Photograph, Getty Images.

Steve Evans is the deputy web editor of Computer Business Review.

Getty.
Show Hide image

The Brexit Beartraps, #2: Could dropping out of the open skies agreement cancel your holiday?

Flying to Europe is about to get a lot more difficult.

So what is it this time, eh? Brexit is going to wipe out every banana planet on the entire planet? Brexit will get the Last Night of the Proms cancelled? Brexit will bring about World War Three?

To be honest, I think we’re pretty well covered already on that last score, but no, this week it’s nothing so terrifying. It’s just that Brexit might get your holiday cancelled.

What are you blithering about now?

Well, only if you want to holiday in Europe, I suppose. If you’re going to Blackpool you’ll be fine. Or Pakistan, according to some people...

You’re making this up.

I’m honestly not, though we can’t entirely rule out the possibility somebody is. Last month Michael O’Leary, the Ryanair boss who attracts headlines the way certain other things attract flies, warned that, “There is a real prospect... that there are going to be no flights between the UK and Europe for a period of weeks, months beyond March 2019... We will be cancelling people’s holidays for summer of 2019.”

He’s just trying to block Brexit, the bloody saboteur.

Well, yes, he’s been quite explicit about that, and says we should just ignore the referendum result. Honestly, he’s so Remainiac he makes me look like Dan Hannan.

But he’s not wrong that there are issues: please fasten your seatbelt, and brace yourself for some turbulence.

Not so long ago, aviation was a very national sort of a business: many of the big airports were owned by nation states, and the airline industry was dominated by the state-backed national flag carriers (British Airways, Air France and so on). Since governments set airline regulations too, that meant those airlines were given all sorts of competitive advantages in their own country, and pretty much everyone faced barriers to entry in others. 

The EU changed all that. Since 1994, the European Single Aviation Market (ESAM) has allowed free movement of people and cargo; established common rules over safety, security, the environment and so on; and ensured fair competition between European airlines. It also means that an AOC – an Air Operator Certificate, the bit of paper an airline needs to fly – from any European country would be enough to operate in all of them. 

Do we really need all these acronyms?

No, alas, we need more of them. There’s also ECAA, the European Common Aviation Area – that’s the area ESAM covers; basically, ESAM is the aviation bit of the single market, and ECAA the aviation bit of the European Economic Area, or EEA. Then there’s ESAA, the European Aviation Safety Agency, which regulates, well, you can probably guess what it regulates to be honest.

All this may sound a bit dry-

It is.

-it is a bit dry, yes. But it’s also the thing that made it much easier to travel around Europe. It made the European aviation industry much more competitive, which is where the whole cheap flights thing came from.

In a speech last December, Andrew Haines, the boss of Britain’s Civil Aviation Authority said that, since 2000, the number of destinations served from UK airports has doubled; since 1993, fares have dropped by a third. Which is brilliant.

Brexit, though, means we’re probably going to have to pull out of these arrangements.

Stop talking Britain down.

Don’t tell me, tell Brexit secretary David Davis. To monitor and enforce all these international agreements, you need an international court system. That’s the European Court of Justice, which ministers have repeatedly made clear that we’re leaving.

So: last March, when Davis was asked by a select committee whether the open skies system would persist, he replied: “One would presume that would not apply to us” – although he promised he’d fight for a successor, which is very reassuring. 

We can always holiday elsewhere. 

Perhaps you can – O’Leary also claimed (I’m still not making this up) that a senior Brexit minister had told him that lost European airline traffic could be made up for through a bilateral agreement with Pakistan. Which seems a bit optimistic to me, but what do I know.

Intercontinental flights are still likely to be more difficult, though. Since 2007, flights between Europe and the US have operated under a separate open skies agreement, and leaving the EU means we’re we’re about to fall out of that, too.  

Surely we’ll just revert to whatever rules there were before.

Apparently not. Airlines for America – a trade body for... well, you can probably guess that, too – has pointed out that, if we do, there are no historic rules to fall back on: there’s no aviation equivalent of the WTO.

The claim that flights are going to just stop is definitely a worst case scenario: in practice, we can probably negotiate a bunch of new agreements. But we’re already negotiating a lot of other things, and we’re on a deadline, so we’re tight for time.

In fact, we’re really tight for time. Airlines for America has also argued that – because so many tickets are sold a year or more in advance – airlines really need a new deal in place by March 2018, if they’re to have faith they can keep flying. So it’s asking for aviation to be prioritised in negotiations.

The only problem is, we can’t negotiate anything else until the EU decides we’ve made enough progress on the divorce bill and the rights of EU nationals. And the clock’s ticking.

This is just remoaning. Brexit will set us free.

A little bit, maybe. CAA’s Haines has also said he believes “talk of significant retrenchment is very much over-stated, and Brexit offers potential opportunities in other areas”. Falling out of Europe means falling out of European ownership rules, so itcould bring foreign capital into the UK aviation industry (assuming anyone still wants to invest, of course). It would also mean more flexibility on “slot rules”, by which airports have to hand out landing times, and which are I gather a source of some contention at the moment.

But Haines also pointed out that the UK has been one of the most influential contributors to European aviation regulations: leaving the European system will mean we lose that influence. And let’s not forget that it was European law that gave passengers the right to redress when things go wrong: if you’ve ever had a refund after long delays, you’ve got the EU to thank.

So: the planes may not stop flying. But the UK will have less influence over the future of aviation; passengers might have fewer consumer rights; and while it’s not clear that Brexit will mean vastly fewer flights, it’s hard to see how it will mean more, so between that and the slide in sterling, prices are likely to rise, too.

It’s not that Brexit is inevitably going to mean disaster. It’s just that it’ll take a lot of effort for very little obvious reward. Which is becoming something of a theme.

Still, we’ll be free of those bureaucrats at the ECJ, won’t be?

This’ll be a great comfort when we’re all holidaying in Grimsby.

Jonn Elledge edits the New Statesman's sister site CityMetric, and writes for the NS about subjects including politics, history and Brexit. You can find him on Twitter or Facebook.