A guest post by Andrew Parker of IntaForensics.
A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.
He claims that LinkedIn is keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user's account. Narang reported this finding on his own blog .
LinkedIn creates a cookie called "LEO_AUTH_TOKEN" after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages, and even post a status update. Scary stuff.
Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don't use encryption---but it has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar, and click "Start Capturing" and then a list of all the accounts that aren’t encrypted appears in the sidebar.
Wi-Fi has always been known for its less than impressive record of security, so it is essential that, if you must use a wireless connection, you follow basic safety guidelines:
1. Use passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.
2. Use the SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.
3. Enable WPA encryption. Immediately look in your owner's manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.
4. Enable a firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.
5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.
Now, back to the initial LinkedIn problem ... In addition to carrying out the above Wi-fi safety tips, manually deleting cookies in order to save space or to address privacy issues is highly recommended. Just delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options.” You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.
Andrew Parker is a copywriter for computer forensics and online security experts IntaForensics.
You may like these other MarketingProfs articles related to Marketing Strategy:
- Avoid These Six 'Kisses of Death' in Business Development to Keep Your Marketing Funnel Alive
- A Privacy-First World Won't Hurt Your Customer Relationships, It Will Transform Them: Kipp Bodnar on Marketing Smarts [Podcast]
- What B2B Tech Marketers Are Doing in 2022 [Infographic]
- How to Use Buyer Reviews in B2B Marketing
- Event-Led Growth, A Powerful B2B Marketing Strategy: Mark Kilens on Marketing Smarts [Podcast]
- NFTs: From Collectibles to Brand Engagement