The Business-Technology Weave

May 23 2011   11:58AM GMT

LinkedIn: Linking to Insecurity?



Posted by: David Scott
Tags:
cookies
cookies expiration
hacking
identity theft
linkedin
LinkedIn security
LinkedIn security flaw
security flaw LinkedIn

 

There is a potential problem at LinkedIn – a social networking site bringing professionals together for creating and networking with business contacts, and for furthering one’s career prospects and opportunities.

 

There’s a claim that a liability with LinkedIn’s authentication cookie creates a breach potential.  A New Delhi researcher, Rishi Narang, claims hackers can exploit LinkedIn’s storage of authentication information in a cookie that doesn’t expire for an entire year, from date of creation. 

 

Further, LinkedIn, according to him, does not ask whether you’d like to store this information, as does Google and many other sites.  For that matter, Google and other sites only store cookies’ information for a few weeks.   

 

Anyone breaking the cookie can gain access to a user’s account.  Given the liability of a year’s expiration, that use could obviously continue for a year.  Particularly for people who use public computers, such as those at libraries, or even devices in a work environment, they could be leaving themselves open to identity theft.

 

Narang has reported his findings to Reuters news agency, as well as posting details on his blog:

 

“There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying the user information without the consent of the profile owner.”

According to LinkedIn’s own site statistics, one million new members join each week; faster than one per second.  With more than 100 million members in over 200 countries and territories, it is the world’s largest professional network, and just recently became the first U.S. social networking company to go public. 

LinkedIn has said that it takes the privacy and security of its members seriously.

 

 

On this day:  In 1701, Captain Kidd was hung after conviction for piracy and murder, in London.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: