A guest post by Andrew Parker of IntaForensics.

A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.

He claims that LinkedIn is keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user's account. Narang reported this finding on his own blog .

LinkedIn creates a cookie called "LEO_AUTH_TOKEN" after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages, and even post a status update. Scary stuff.

Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don't use encryption---but it has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar, and click "Start Capturing" and then a list of all the accounts that aren’t encrypted appears in the sidebar.

Wi-Fi has always been known for its less than impressive record of security, so it is essential that, if you must use a wireless connection, you follow basic safety guidelines:

1. Use passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.

2. Use the SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.

3. Enable WPA encryption. Immediately look in your owner's manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.

4. Enable a firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.

5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.

Now, back to the initial LinkedIn problem ... In addition to carrying out the above Wi-fi safety tips, manually deleting cookies in order to save space or to address privacy issues is highly recommended. Just delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options.” You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.

Andrew Parker is a copywriter for computer forensics and online security experts IntaForensics.


Security issue: LinkedIn or HackedIn?


A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.


He claims that LinkedIn are keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user's account. Narang reported this finding on his own blog - https://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability.


LinkedIn creates a cookie called "LEO_AUTH_TOKEN" after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages and even post a status update. Scary stuff.


Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don't use encryption – but has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar and click "Start Capturing" and then a list of all the accounts that aren’t encrypted appear in the sidebar.

Wi-Fi has always been known for its less than impressive record of security – so it is essential, if you must use a wireless connection, that you follow basic safety guidelines.

1. Passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.


2. SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.


3. WPA encryption. Immediately look in your owner's manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.


4. Firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.


5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.


Now, back to the initial LinkedIn problem...as well as obviously carrying out the above Wi-fi safety ips, manually deleting cookies in order to save space or to address privacy issues is highly recommended – so delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options”. You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.



Andy Parker is a copywriter for computer forensics and online security experts Intaforensics.








Enter your email address to continue reading

5 Tips to Keep LinkedIn From Becoming HackedIn

Don't worry...it's free!

Already a member? Sign in now.

Sign in with your preferred account, below.

Did you like this article?
Know someone who would enjoy it too? Share with your friends, free of charge, no sign up required! Simply share this link, and they will get instant access…
  • Copy Link

  • Email

  • Twitter

  • Facebook

  • Pinterest

  • Linkedin


ABOUT THE AUTHOR