If you use the professional social networking site Linkedin–which I recommend, albeit now with caveats–you need to be aware that someone stole at least part of its passwords database and leaked it onto the Web. You should assume your password is among the stolen passwords and change it.
The passwords are, unfortunately, just straight MD5 or SHA-1 encryption with no salts–somebody missed a basic security certification question–so it’s only a matter of time before someone decrypts all of them. That’s why you need to change your password, and you should do it now.
So…. As long as you change your password now and change it again next quarter, I recommend Linkedin. In my field at least, the pool of local professionals isn’t all that big. Name a company, and someone I know has worked there. Plus, every recruiter worth talking to mines the place for talent on a regular basis, so having a Linkedin account is cheap job insurance.
Hopefully Linkedin will do something about salting its password files very soon. Because if they don’t, they’re likely to lose a bunch of accounts belonging to security professionals like me, and that’s a red-hot field right now. A CISSP with the “looking for opportunities” flag set on a job site gets more phone calls than a high school prom queen.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.