Coulda, Woulda, Shoulda.
If you have a LinkedIn account, you probably noticed the news that 6.5 million of their passwords were leaked. While the passwords were encrypted, it's still a major problem for all LinkedIn users. In his column in the latest issue of ACM Queue, LinkedIn Password Leak: Salt Their Hide, security expert Poul-Henning Kamp, explains the flaws in LinkedIn's password management process and the simple steps that can make it much more secure.
Of course, this is more than just about LinkedIn. Similar password leaks from eHarmoney and last.fm were reported this week. If you use any of these popular Web services, you probably should change your password, especially if you use the same password on other Internet sites and services.
If you find this interesting, you should check out the monthly ACM Queue magazine. It is a good resource for people interested in computing and software engineering. Here's how it describes its mission.
"Queue is the ACM's magazine for practicing software engineers. Written by engineers for engineers, Queue focuses on the technical problems and challenges that loom ahead, helping readers to sharpen their own thinking and pursue innovative solutions. Queue does not focus on either industry news or the latest "solutions." Rather, Queue takes a critical look at current and emerging technologies, highlighting problems that are likely to arise and posing questions that software engineers should be thinking about."
Update 6/9: The League of Legends reports that their password database was compromised. It’s not clear how they were storing the passwords.