There is a potential problem at LinkedIn – a social networking site bringing professionals together for creating and networking with business contacts, and for furthering one’s career prospects and opportunities.
There’s a claim that a liability with LinkedIn’s authentication cookie creates a breach potential. A New Delhi researcher, Rishi Narang, claims hackers can exploit LinkedIn’s storage of authentication information in a cookie that doesn’t expire for an entire year, from date of creation.
Further, LinkedIn, according to him, does not ask whether you’d like to store this information, as does Google and many other sites. For that matter, Google and other sites only store cookies’ information for a few weeks.
Anyone breaking the cookie can gain access to a user’s account. Given the liability of a year’s expiration, that use could obviously continue for a year. Particularly for people who use public computers, such as those at libraries, or even devices in a work environment, they could be leaving themselves open to identity theft.
Narang has reported his findings to Reuters news agency, as well as posting details on his blog:
“There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying the user information without the consent of the profile owner.”
According to LinkedIn’s own site statistics, one million new members join each week; faster than one per second. With more than 100 million members in over 200 countries and territories, it is the world’s largest professional network, and just recently became the first U.S. social networking company to go public.
LinkedIn has said that it takes the privacy and security of its members seriously.
On this day: In 1701, Captain Kidd was hung after conviction for piracy and murder, in London.