Tuesday, May 24, 2011

LinkedIn is vulnerable to attack, expert says


Even LinkedIn is free of vulnerabilities. Last Saturday, the specialist in digital security Indian Rishi Narang reported being able to access the pages for some users through a security breach of the professional networking site. The problem, in the case of LinkedIn, is linked to a cookie LEO_AUTH_TOKEN.


It is no wonder that sites use cookies to temporarily store user information. In most cases, the files are generated after inserting the login and password are stored on users' computers by up to 24 hours. The big problem for LinkedIn is that your cookies have a life span of a year.

According reported in his blog, Narang says he was able to exploit this vulnerability, unable to access the accounts of users after downloading four cookies a developer forum and verify the information contained in the files.

In a statement, LinkedIn states that the safety of its users is a priority, and to suggest that access is always done through encrypted Wi-Fi networks, or VPNs, and state that it has a secure connection via SSL on login page, although the cookie is not encrypted. However, LinkedIn officials refused to comment on the discovery by Narang.

The vulnerability has surfaced just days after the actions of LinkedIn Corp. premiere with a strong increase in the stock market in New York, whose recovery was 90.86%, up from $ 45 to U.S. $ 85.89.

This was just another case of a security breach involving large companies. Recently we had the attack on the network's online PlayStation 3, PSN, players that left thousands of orphans around the world for about a month.