TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Well, from the little I've read, their security scheme was not well conceived or implemented.
I agree, there'll always be holes, but there's a difference between having an obscure error or oversight unearthed, and simply leaving the barn doors wide open.
All authentication and security parameters for services, like LinkedIn and the various services that Amazon provides, should be protected behind encryption, and each service compartmentalized from others. The database(s) should be encrypted. The individual records should be encrypted. When a record is needed, it should be decrypted only into short-term, volatile memory, used, then actively deleted the moment it's not needed. Ideally, the encrypt/decrypt sign/verify and validation operations should take place inside dedicated hardware security modules, and not in the same computers/servers that are providing the services.
Yes, my employer does make and sell HSMs and HSM servers. I'm currently writing and re-writing docs to address virtualized environments and cloud-ish-ness in general.
From: Gene Kim-Eng [mailto:techwr -at- genek -dot- com]
Sent: June-07-12 2:09 PM
To: McLauchlan, Kevin
Cc: William Gaffga; TECHWR-L Writing
Subject: Re: LinkedIn phishing?
Then you'll be waiting forever. Somebody will just open a new hole that nobody has thought of before.
On Thu, Jun 7, 2012 at 10:11 AM, McLauchlan, Kevin <Kevin -dot- McLauchlan -at- safenet-inc -dot- com<mailto:Kevin -dot- McLauchlan -at- safenet-inc -dot- com>> wrote:
See, this is where procrastination can pay off.
I've been 'meaning to' start a LinkedIn account for
the past two or three years. Now I'll hold off just
a tad longer, until I get the all-clear, "LinkedIn
has tightened their security and closed all those holes"
from somebody I trust - notably, not LinkedIn and not
The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.
Create and publish documentation through multiple channels with Doc-To-Help. Choose your authoring formats and get any output you may need.
Try Doc-To-Help, now with MS SharePoint integration, free for 30-days.