LinkedIn endangers brands and business owners accounts
Two cookie vulnerabilities have been exposed on LinkedIn, which could prove damaging to the site as well as its business users
Two LinkedIn cookie vulnerabilities exposed
Tuesday, May 24 2011 by Catherine Ferguson
Two vulnerabilities have been exposed across LinkedIn, which could prove damaging to the business social networking site’s website promotion as well as its users.
Hackers Locked security consultant Rishi Narang published details of the vulnerability on his personal weblog Order In Chaos. He claims that hackers can exploit this cookie handling flaw by hijacking accounts and modifying user information without the consent of the profile owner.
This is the last thing that any business owner or brand using LinkedIn for website promotion wants to hear.
By making cookies available after a session has ended, users have the luxury of not having to log in over and over again. Mr Narang points out that LinkedIn cookies persist for a year rather than being deleted after a session has terminated. By comparison, most websites will delete cookies just 15 minutes after they have been created.
Another discovery by Mr Narang was that a secure socket layers (SSL) cookie was used without being fully secured, which increases the risk of them being captured and used maliciously.
In response to the findings, LinkedIn acknowledged the problem and committed to reducing the lifespan of its cookies from 12 months to 90 days.
The social networking site is also working to extend the use of SSL for encryption purposes.
A statement released by the company in response to the issue yesterday said: “We are accelerating our existing plans to extend that SSL support across the entire site on an opt-in basis. And, we are going to reduce the lifespan of the cookies in question from 12 months to 90 days.
“LinkedIn takes the privacy and security of our members seriously, while also looking to deliver a great site experience, and we believe these two changes will allow us to strike that balance.”
Living Streams “Improving clients’ profitability through better use of the internet”.
Search Engine Optimisation Companies
Seo Web Design Company
Pay Per Click Services
Social media monitoring
Email Marketing Solutions