1. Click Subscription of Mr.Chris Farrell Membership $4.95 7 day Trial For Newbies/Dummies - Not Criminal IM Coach/Mentor.
2. Click DirecTV For US Satellite TV Subscription. Also Dish Network Call Now Toll Free : 877-287-3983 for an Obligation Free Chat.
3. Click 100DayLoans.com for cash advance payday loan 100 days repayment,SUBJEST to your State Laws Also Credit Reports and Scores
4. CLICK Coupon Codes & My Web Hosting Reviews/Recommendation
affiliate_link__affiliate_link__ ______

Friday, May 27, 2011

LinkedIn Access Cookie Opens Users to Security Breaches, says Security Analyst

By Justin Lee,May 24, 2011
(WEB HOST INDUSTRY REVIEW) -- A security analyst says that professional networking website LinkedIn (http://www.linkedin.com/) is open to security flaws that could potentially allow hackers to breach users' accounts without the need for their passwords, according to a Reuters report.

The news comes only a couple days after LinkedIn went public which resulted in the value of its stock more than doubling.

New Dehli, India-based security researcher Rishi Narang reported about the vulnerability on his blog (http://www.wtfuzz.com/) Saturday where he explained that the flaw is connected to the way LinkedIn handles its cookies.

When members fill in their correct username and password at the login screen, LinkedIn's system automatically creates a cookie "LEO_AUTH_TOKEN" on the user's computer that allows the individual to  access the account.

While its a common practice for websites to use cookies for their user login, Narang said the LinkedIn cookie  differs from these sites in that it does not expire for an entire year after it is created.

Narang said that most websites could easily design these cookies to last for just 24 hours or less time from when users access their accounts.

The LinkedIn cookie's year-long expiration time means that anybody who attains the file can upload it to his or her computer and access the user's account.

LinkedIn said it is currently securing their customers' accounts, adding that the website supports secure sockets layers.

However, Narag said the company's access token cookies are not currently with SSL which means that attackers could easily steal the cookies using tools for monitoring Internet traffic.

LinkedIn said that it will "opt-in" SSL support for other areas of the website, which would apply to the access cookies, "in the coming months."

Since most LinkedIn users are completely oblivious to this security problem and why it is important to protect these cookies, Narang said the flaw is particularly troubling.

Article Source http://www.thewhir.com/web-hosting-news/052411_LinkedIn_Access_Cookie_Opens_Users_to_Security_Breaches_says_Security_Analyst permits  to repubish here

<<<<<<<<<<<<<
Click Most Updated Discount Coupon Codes & My Personal Web Hosting Recommendations if you are interested in those.
Stay Tuned!
<<<<<<<<<<<<
   affiliate_link