InfoAnda - LinkedIn site has security vulnerabilities: expert |

Pakistanis angry over detentions in Times Sq. case
Monday, May 24, 2010
ISLAMABAD – Relatives of three men detained by Pakistan for alleged links to the suspect in the attempted Times Square bombing say the men are innocent.
They

Taiwan denies boycotting Australian film festival
Thursday, August 6, 2009

AFP - Thursday, August 6TAIPEI (AFP) - - Taiwan's Beijing-friendly government on Wednesday denied boycotting an Australian film festival amid a row over the e

Merkel's support dips, regional ally resigns International
Thursday, September 3, 2009

By Sarah Marsh and Noah Barkin

BERLIN (Reuters) - Chancellor Angela Merkel suffered a double blow on Thursday as a senior party ally in east German

Minister seeks closure of anti-Berlusconi websites
Wednesday, December 16, 2009
ROME (AFP) - – The Italian government moved Tuesday to close down Internet sites encouraging further violence against Prime Minister Silvio Berlusconi, who

Asian markets mixed after Wall Street rally
Wednesday, March 18, 2009

By ELAINE KURTENBACH,AP Business Writer AP - Wednesday, March 18SHANGHAI - Asia's stock market rally seemed to be running out of steam Wednesday, despite an

Haiti heads for elections, police keep marches apart | | 26 November 2010
UN to meet on Pakistan as fears mount for survivors | 19 August 2010
Reports: SKorea to invest in Canadian gas fields | 1 March 2010

Over 1,000 fish species 'threatened with extinction' | 3 November 2009

Forum Views () Forum Replies ()

Read more with google mobile : LinkedIn site has security vulnerabilities: expert |

Edition: U.S. Article Comments (0) Follow Reuters Facebook Twitter RSS YouTube Read Powerful tornadoes kill at least 31 in Midwest | 3:01am EDT Egypt sentences policeman to die for protest deaths 22 May 2011 Pile of debt would stretch beyond stratosphere 19 May 2011 Q+A: Pakistan's nuclear weapons, safe or not? 1:24am EDT At least 30 killed by tornado in Missouri - coroner 22 May 2011 Discussed 323 Obama and Netanyahu face tense meeting on Mideast 111 As hours tick by, ”Judgment Day” looks a dud 102 Broadcaster silent as Judgment Day hours tick by Watched Arnold Schwarzenegger's mystery woman identified Thu, May 19 2011 Iceland volcano erupts Sat, May 21 2011 Plankers get fired for stunt Sun, May 22 2011 LinkedIn site has security vulnerabilities: expert Tweet Share this By Jim Finkle BOSTON (Reuters) - LinkedIn's professional networking website has security flaws that makes users' accounts vulnerable to attack by hackers who could break in without ever needing passwords, according to a security researcher who... Email Print Related News Hackers hit Sony sites raising more security issues Fri, May 20 2011 Sony may resume U.S.-based online games on Tuesday: report Fri, May 20 2011 LinkedIn share price more than doubles in NYSE debut Thu, May 19 2011 Wall Street hits resistance; LinkedIn soars in debut Thu, May 19 2011 LinkedIn IPO prices at $45 per share, but risks real Wed, May 18 2011 Analysis & Opinion Tech wrap: Liberty Media eyes Nook e-reader Microsoft-Skype: inspirational or hype? Related Topics Technology » Media » By Jim Finkle BOSTON | Sun May 22, 2011 7:18pm EDT BOSTON (Reuters) - LinkedIn's professional networking website has security flaws that makes users' accounts vulnerable to attack by hackers who could break in without ever needing passwords, according to a security researcher who identified the problem. News of the vulnerability surfaced over the weekend, only days after LinkedIn Corp went public last week with a trading debut that saw the value of its shares more than double, evoking memories of the dot.com investment boom of the late 1990s. Rishi Narang -- an independent Internet security researcher based near New Delhi, India, who discovered the security flaw -- told Reuters on Sunday that the problem is related to the way LinkedIn manages a commonly used type of data file known as a cookie. After a user enters the proper username and password to access an account, LinkedIn's system creates a cookie "LEO_AUTH_TOKEN" on the user's computer that serves as a key to gain access to the account. Lots of websites use such cookies, but what makes the LinkedIn cookie unusual is that it does not expire for a full year from the date it is created, Narang said. He detailed the vulnerability in a posting on his blog at www.wtfuzz.com on Saturday. Most commercial websites would typically design their access token cookies to expire in 24 hours, or even earlier if a user were to first log off the account, Narang said. There are some exceptions: Banking sites often log users off after 5 or 10 minutes of inactivity. Google gives its users the option of using cookies that keep them logged on for several weeks, but it lets the user decide first. The long life of the LinkedIn cookie means that anybody who gets hold of that file can load it on to a PC and easily gain access to the original user's account for as much as a year. The company issued a statement saying that it already takes steps to secure the accounts of its customers. "LinkedIn takes the privacy and security of our members seriously," the statement said. "Whether you are on LinkedIn or any other site, it's always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible." The company said that it currently supports SSL, or secure sockets layer, technology for encrypting certain "sensitive" data, including account logins. But those access token cookies are not yet scrambled with SSL. That makes it possible for hackers to steal the cookies using widely available tools for sniffing Internet traffic, Narang said. LinkedIn said in its statement that it is preparing to offer "opt-in" SSL support for other parts of the site, an option that would cover encryption of those cookies. The company said it expected that to be available "in the coming months." But LinkedIn officials declined to respond to Narang's critique of the company's use of a cookie with a one-year expiration. Narang said that problem is particularly acute because LinkedIn's users are not aware of the problem and have no idea that they should be protecting those cookies. He said he found four cookies with valid LinkedIn access tokens had been uploaded to a LinkedIn developer forum by users who were posting questions about their use. He said he downloaded those cookies and was able to access the accounts of the four LinkedIn subscribers. (Reporting by Jim Finkle; Editing by Tim Dobbyn) Technology Media Related Quotes and News Company Price Related News Tweet this Link this Share this Digg this Email Reprints We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. Comments (0) Be the first to comment on reuters.com. Add yours using the box above. Social Stream (What's this?) © Copyright 2011 Thomson Reuters Editorial Editions: Africa Arabic Argentina Brazil Canada China France Germany India Italy Japan Latin America Mexico Russia Spain United Kingdom United States Reuters Contact Us Advertise With Us Help Journalism Handbook Archive Site Index Video Index Reader Feedback Mobile Newsletters RSS Podcasts Widgets Your View Analyst Research Thomson Reuters Copyright Disclaimer Privacy Professional Products Professional Products Support Financial Products About Thomson Reuters Careers Online Products Acquisitions Monthly Buyouts Venture Capital Journal International Financing Review Project Finance International PEhub.com PE Week FindLaw Super Lawyers Attorney Rating Service Reuters on Facebook Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests. NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.

Other News on Monday, 23 May 2011
At least 4 killed in attack on Pakistani naval base |
Dozens wounded as Moroccan police beat protestors |
Georgia opposition calls for Day of Rage protest |
Syrian protesters, mourners demand Assad overthrow |
Foxconn confirms 3rd death at plant linked to iPad |
Marvell to invest $200 million in Israeli R&D |
Terrence Malick epic wins Palme d'Or in Cannes |
Von Trier actress wins in Cannes after director ban |
Pirates sets sail with $90 million at box office |
Malick's The Tree of Life wins Palme d'Or at Cannes |
Pakistan naval base siege close to an end |
Libya oil chief may have quit Gaddafi government: Tunisia |
Europe on alert for Icelandic volcano ash cloud |
Yemen's Saleh refuses to sign deal to step down |
Chinese forces detain 300 Tibetan monks for a month: sources |
Special Report: Sony stumbles: Did Stringer's makeover fail? |
LinkedIn site has security vulnerabilities: expert |
Eminem, Justin Bieber scoop Billboard Music Awards |
Malick win and Von Trier ban share Cannes limelight |
Study ties new al Qaeda chief to murder of journalist Pearl |
Kim Jong-il tours east China |
Roadside bomb kills 4 NATO soldiers in Afghan east |
Right-wing Keiko Fujimori leads race in Peru polls |
Syrian protesters, mourners demand Assad overthrow |
EU significantly extends sanctions against Iran |
Sony to post $3.2 billion annual loss on tax write-offs |
Britain's battle over privacy law descends to farce |
Microsoft's EU battle drawing to close with hearing |
Toyota cars to be driver's friend in social network service |
Malick win and Von Trier ban share Cannes limelight |
Greece at new risk of being pushed off euro
Bodies of missing Tenn. mom, Jo Ann Bain, and daughter found
Female Breasts Are Bigger Than Ever
AMD Trinity Accelerated Processing Units Now in Volume Production
The Avengers (2012 film), made the second biggest opening- and single-day gross of all-time
AMD to Start Production of piledriver
Ivy Bridge Quad-Core, Four-Thread Desktop CPUs
Islamists Protest Lady Gaga's Concert in Indonesia
Japan Successfully Broadcasts an 8K Signal Over the Air
ECB boosts loans to 1 trillion Euro to stop credit crunch
Egypt : Mohammed Morsi won with 52 percent
What do you call 100,000 Frenchmen with their hands up
AMD Launches AMD Embedded R-Series APU Platform
Fed Should not Ignore Emerging Market Crisis
Fed casts shadow over India, emerging markets
Why are Chinese tourists so rude? A few insights

USD EUR - 1 year graph	VPN on MacOSX	BlogMeter 1.01