

LeakedIn - Check if you LinkedIn Password is Leaked - sathyabhat
http://shiflett.org/blog/2012/jun/leakedin

======
jmathai
A couple points here. You can enter the sha1 hash of your password or your
password in plaintext. In the latter case the sha1 is calculated on the client
(using JS) before being sent to the server.

Now that we got that out of the way the more interesting pattern here is how
easily people will put the plaintext password for a specific site into a
webpage that sprung up overnight.

* I know Chris Shiflett is at least trusted in the tech community (has written books and talks at conferences, etc) so it's not about trusting the site but the larger social implications of user behavior.

------
michaelcampbell
Who here _didn't_ do a view source immediately just to make sure nothing was
being sent to the server? =)

------
aeurielesn
Don't forget to clean your .bash_history.

~~~
inportb
... or prefix your commands with whitespace to skip ~/.bash_history
altogether.

~~~
aeurielesn
... or $ unset HISTFILE

~~~
ibotty
or put it in a file so it will never be in ps and use sha1sum < file

~~~
z_
or just change your passwords and be done with it.

