With all the excitement about state-sponsored superworms, cyberspying by government agencies, and legislation designed to take away all our freedoms in the cause of making sure Bono gets his royalties, we shouldn't overlook the fact that hackers are going about their business as usual.
Today's examples range from the potentially serious to the ridiculous. Let's take the fun stuff first.
Mitt Romney's hotmail account was reportedly hacked by someone who correctly answered the security question: "What is your favorite pet's name?" Now, as everyone knows, Mitt Romney's favorite pet is his dog, Seamus. He loves him so much that lets him have the privileged view from the car roof when the family goes on holiday.
Joking aside, there is a lesson to be learnt here. There's no sense to having a security question, the answer to which is common public knowledge. The account address must have been easy to guess -- firstname.lastname@example.org -- and answering the security question allowed the hacker to create a new password. Such are the iron defenses to the private thoughts of one of our leading statesmen.
The purloined emails were used by The Wall Street Journal to illustrate Romney's active and enthusiastic support for healthcare reform during his Massachusetts governorship -- an episode his presidential campaign has sought to play down. This hardly counts as a major revelation, and the most damaging effect of the hack might be reminding people how Seamus likes to travel.
Altogether more grim is the breaking news that some 6.5 million LinkedIn emails have been posted to a Russian hacker site. Although confirmation of the hack is not yet official, some users have confirmed finding their passwords in the list. The passwords are hashed, but unsalted, and it's thought that many easier ones may be easy to decrypt.
This is the continuation of a bad week for the company, following the revelation that the calendar feature of the LinkedIn mobile app grabs, not only meeting dates, but copious information about the subject of the meeting and the attendees -- including their email addresses -- and transmits it over clear, unencrypted channels. Emphasizing that the calendar is an opt-in feature, LinkedIn has insisted that it does not retain this data on its servers, and that it's sent securely over SSL.
The calendar disclosure is trivial, however, in comparison to the apparent password catastrophe, with some commenters advising us all to "change our passwords right now." I don't know: I guess if a hacker wants to access my LinkedIn account and enhance my resumé, they're welcome.
Oh wait -- did someone mention Scott Thompson?
— Kim Davis , Community Editor, Internet Evolution