This April Only: Save 30% on PRO with code ROCKETSCIENCE »

Real-World Education for Modern Marketers

Join Over 625,000 Marketing Professionals

Start here!
N E X T
Text:  A A

5 Tips to Keep LinkedIn From Becoming HackedIn

by   |    |  9 views

A guest post by Andrew Parker of IntaForensics.

A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.

He claims that LinkedIn is keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user's account. Narang reported this finding on his own blog .

LinkedIn creates a cookie called "LEO_AUTH_TOKEN" after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages, and even post a status update. Scary stuff.

Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don't use encryption---but it has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar, and click "Start Capturing" and then a list of all the accounts that aren’t encrypted appears in the sidebar.

Wi-Fi has always been known for its less than impressive record of security, so it is essential that, if you must use a wireless connection, you follow basic safety guidelines:

1. Use passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.

2. Use the SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.

3. Enable WPA encryption. Immediately look in your owner's manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.

4. Enable a firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.

5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.

Now, back to the initial LinkedIn problem ... In addition to carrying out the above Wi-fi safety tips, manually deleting cookies in order to save space or to address privacy issues is highly recommended. Just delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options.” You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.

Andrew Parker is a copywriter for computer forensics and online security experts IntaForensics.


Security issue: LinkedIn or HackedIn?


A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.


He claims that LinkedIn are keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user's account. Narang reported this finding on his own blog - http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability.


LinkedIn creates a cookie called "LEO_AUTH_TOKEN" after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages and even post a status update. Scary stuff.


Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don't use encryption – but has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar and click "Start Capturing" and then a list of all the accounts that aren’t encrypted appear in the sidebar.

Wi-Fi has always been known for its less than impressive record of security – so it is essential, if you must use a wireless connection, that you follow basic safety guidelines.

1. Passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.


2. SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.


3. WPA encryption. Immediately look in your owner's manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.


4. Firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.


5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.


Now, back to the initial LinkedIn problem...as well as obviously carrying out the above Wi-fi safety ips, manually deleting cookies in order to save space or to address privacy issues is highly recommended – so delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options”. You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.



Andy Parker is a copywriter for computer forensics and online security experts Intaforensics.








Join over 625,000 marketing professionals, and gain access to thousands of marketing resources! Don't worry ... it's FREE!

WANT TO READ MORE?
SIGN UP TODAY ... IT'S FREE!

We will never sell or rent your email address to anyone. We value your privacy. (We hate spam as much as you do.) See our privacy policy.

Sign in with one of your preferred accounts below:

Loading...

Rate this  

Overall rating

  • Not rated yet.

Add a Comment

Comments

  • by Ramiro Rodriguez Thu Jun 2, 2011 via blog

    I just started using LinkedIn a little more after watching a webinar on the site and this is good information that supplements my LinkedIn training!

    Thanks!

  • by Dave Thompson Fri Jun 3, 2011 via blog

    Great tip, but professional networking sites like Fuseloop (http://fuseloop.com) don't have this problem!

  • by mark evertz Fri Jun 3, 2011 via blog

    Great post Andrew,
    I hope LinkedIn acts on this. Seems like companies who don't immediately notice Credit Card data or some other "valuable" info like #SSN being impacted they tend to blow this stuff off until it's both a PR nightmare and then a realization of "Oh yeah, we do have executive accounts, recruiters and small businesses who do pay for this with a credit card...oops!" Just fix it and move on.

    Would also be interested in your take on opportunistic "Discoverers" of these security holes looking for a payday and/or marketing juice for their companies or personal skills. Pretty sure they are not doing this to make the internet a safer place to play.

    Keep writing.
    Mark
    @MarkAEvertz

MarketingProfs uses single
sign-on with Facebook, Twitter, Google and others to make subscribing and signing in easier for you. That's it, and nothing more! Rest assured that MarketingProfs: Your data is secure with MarketingProfs SocialSafe!