

Check if your LinkedIn password has been cracked - eddieplan9
http://crackedin.s3-website-us-east-1.amazonaws.com/

======
wtvanhest
Why is it: <http://crackedin.s3-website-us-east-1.amazonaws.com/>

Is the east-1 a way they know where I am?

~~~
bandy
No, it's because the author didn't have a domain lying around to point at it.
This is Amazon's name of the website.

------
morisy
What a phenomenal way to gather a list of passwords to brute force the hashed
files with.

~~~
bandy
You're speaking in the theoretical sense, as you looked at the page source and
noticed that the password is hashed with SHA1 locally before being compared
against the database, right?

~~~
jack-r-abbit
Even better. After they hash it they are sending the hash with the first 38
chars trimmed off and (presumably) getting a result set of only the hashes (or
maybe one hash... not sure) that match the ending. Then comparing locally the
full hash to the result set. I'd say that was a pretty smart way to do this.

Edit: the author explains it a little more here:
<http://news.ycombinator.com/item?id=4075767>

