LinkedIn is Linked in to Poor Security

LinkedIn, as you know, is the best social networking site EVER for business networking and so-forth. The site is a massive juicy platform that is regularly used by people in neck-ties to connect and make contact to fellow business men and woman whom could benefit their business if you develop an online relationship.

Of course, this being the fast moving 21st century, we like to check our emails and LinkedIn messages while on the move …or just simply in different areas of the office or home, which is achieved via Wi-Fi internet connections. However, using this method of “getting online” has security issues, which have yet to be properly addressed and resolved to provide as much safety as a normal broadband connection.

This security issue with LinkedIn has been recently proven on a blog by online security expert Rishi Narang called LinkedIn SSL Cookie Vulnerability – which states that LinkedIn accounts are potentially very vulnerable to attacks from hackers (HackedIn?) due to the length of time that LinkedIn are keeping cookies active for. Hackers exploit lapse security measures on a Wi-Fi network to hack into your account.

Cookies are used to track sessions on the site by loading a text file onto the site visitor’s browser. Currently LinkedIn uses a “LEO_AUTH_TOKEN” file after a user successfully logs into a LinkedIn account. This cookie enables users to gain access to the account in the future without logging in. This would be perfect…if it wasn’t for hackers looking to take advantage of security flaws.

There are established tools available for hackers, such as Firesheep, that is so easy to use that ANYONE can become a hacker by using it…even YOU!  You just need to click on a “Start Capturing” button to reveal all the accounts in that Wi-Fi network that aren’t encrypted. The add-on extension is regularly used on other social media platforms like Facebook and Twitter, as hackers can use it to read your private messages, can see all your friends, and actually post status updates.

Firesheep was basically created by a programmer called Eric Butler to highlight the dangers of not using encryption – but has since been taken up by the hacking community due to its effectiveness.  Mozilla Add-ons are unwilling to ban it, as they see it as a legitimate method for site-owners to check and test the security of their own websites.

Therefore using Wi-Fi technology calls for even more care to be taken by web surfers with regards to better online security. I recommend the following steps when using wireless connections;

  1. Set-up a brand new password. Your wireless router will come with a password – but this password isn’t unique, so you need to change the password. Hackers know the passwords to new wireless routers, which means that this action is essential.
  2. Set-up a new SSID name. This is simply a name that identifies a particular 802.11 wireless LAN – which doesn’t need to be remembered, so it can be a very complex series of letters, characters and numbers. This new SSID name must be set-up on both the router and all the computers on your network.
  3. Turn on your WPA encryption. Switch on your WPA encryption on both the router and computers.
  4. Turn on the Firewall. Switch on your Firewall if your wireless router has one.
  5. Delete cookies. Regularly deleting cookies is a recommended online safety tip.
  6. Switch off your computer/device. If you are not online, hackers can’t touch you! If you leave your computer on hibernate – then hackers will be able to attack.

Please ensure that you carry out the above Wi-fi safety tips to ensure Linkedin isn’t HackedIn.

Andy Parker works at Dreamscape Design (Web Design Coventry) and is also online security copywriter for computer forensics specialists Intaforensics.

Be Sociable, Share!

    Leave a Comment

    CAPTCHA Image