LinkedIn is worth a bajillion dollars now - but does it suffer from blatant security flaws?

by Knowlton Thomas | Research

LinkedIn, which debuted on the New York Stock Exchange to extreme hype and a staggering 150% stock price jump (it has since settled somewhat), may be suffering from security flaws that will tarnish its current glow.

According to an independent Internet security researcher named Rishi Narang, the professional networking website has security flaws that makes user accounts susceptible to attack by hackers who can break in—without needing passwords.

He told Reuters that this problem is a result of the way LinkedIn manages its cookie data.

Quoth The Province:

After a user enters the proper username and password to access an account, LinkedIn's system creates a cookie "LEO-AUTH-TOKEN" on the user's computer that serves as a key to gain access to the account. Lots of websites use such cookies, but what makes the LinkedIn cookie unusual is that it does not expire for a full year from the date it is created, Narang said.

Most commercial websites would typically design their access token cookies to expire in 24 hours, or even earlier if a user were to first log off the account, Narang said. There are some exceptions: Banking sites often log users off after five or 10 minutes of inactivity. Google gives its users the option of keeping cookies that for several weeks, but it lets the user decide first.

LinkedIn issued a statement saying it "takes the privacy and security of our members seriously," but was unable to directly address Rishi's concern, merely suggesting that users "choose trusted and encrypted Wi-Fi networks or VPNs."

LinkedIn currently supports secure sockets layer, which encrypts sensitive data such account log-ins, but access token cookies are not yet scrambled with SSL.

Rishi has more details on the security issue on his blog.

Photo credit: CTV

Toronto, Ontario, Canada

LinkedIn is an interconnected network of experienced professionals from around the world, representing 150 industries and 200 countries. You can find, be introduced to, and collaborate with qualified professionals that you need to work with to accomplish your goals. more

blog comments powered by Disqus

Knowlton Thomas

Knowlton Thomas

Knowlton is the managing editor of Techvibes and author of Tempest Bound. Based in Vancouver, Knowlton has been published in national publications and has also appeared on television and radio. Previously he was an editor for New Westminster weekly The Other Press and served on its board of directors. When not working, Knowlton enjoys hiking, tennis, and martial arts. more

Who's Hiring

Recent Comments

Powered by Disqus