Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

LinkedIn security vulnerability

LinkedIn is the social network of the business world. Many people use it as an online resume or as an adjunct to any offline CV they keep updated. Last week, the company went public In an event that saw the value of its shares more than double evoking worries amongst technology experts and the stock exchange that this ongoing proof of another dot.com bubble. The last bubble was in the late 1990’s.

No sooner had the dust settled over the stock price then the announcement was made that the professional networking website has security flaws that makes users’ accounts vulnerable to attack by hackers. Rishi Narang, a security researcher from near New Delhi in India reported that an intruder could gain access to a users data without needing a password if the cookie could be obtained.

Using cookies to maintain a users session but usually expire quite quickly but the LinkedIn cookie stats valid for a whole year. After a user enters the proper username and password to access an account, LinkedIn’s system creates a cookie “LEO_AUTH_TOKEN” on the user’s computer that serves as a key to gain access to the account.

The company issued a statement saying that it already takes steps to secure the accounts of its customers.

“LinkedIn takes the privacy and security of our members seriously,” the statement said.

“Whether you are on LinkedIn or any other site, it’s always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible.”

The company said that it currently supports SSL, or secure sockets layer, technology for encrypting certain “sensitive” data, including account logins.

But those access token cookies are not yet scrambled with SSL. That makes it possible for hackers to steal the cookies using widely available tools for sniffing Internet traffic, Narang said.

Advertisements

One response to “LinkedIn security vulnerability

  1. Pingback: Recent Tech articles – 22nd-29th May « Ramblings of this guy you know!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: