Archive

Posts Tagged ‘linkedin’

The profiles of LinkedIn at risk hijacking

May 24th, 2011 No comments

LinkedInA security researcher has said that there are vulnerabilities in the way cookies are handled by the profiles LinkedIn and puts at risk of tampering with user profiles.

Rishi Narang, a former senior adviser said intercepting cookies that creates user sessions, profile could be hijacked. An attacker could maintain access to an account on the site, despite the password reset because the cookies will still be valid after the change.

Cookies are vulnerable to attack man-in-the-middle because the site is restored after connecting with https with http protocol.

Xing did not find changes to the information in the cookies created by valid session, Narang wrote on his blog: “In only 15 minutes, I was able to log on successfully to more active accounts belonging to people from different places on the planet, many times in recent months are entered in their account, and their cookies were still valid.

An attacker can sniff the session cookies from a plain text and then use them to authenticate their sessions. He can therefore affect and change the information available to the user profile page. Even if the domain that issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use the links of the form https://www.linkedin.com and run the same attack”

LinkedIn said it is considering the implementation of opt-in that parts of web pages with support HTTPS to avoid these problems.

“Whether you're on LinkedIn, or any other site, is always a good idea to choose to connect to WiFi networks or encrypted [Virtual Private Networks], whenever possible,” the company said in a statement.

“LinkedIn takes the privacy and security of our members seriously, as [secure sockets layer] for logins and other confidential web pages. In addition, we're looking at opt-in with support SSL for other parts of the site will be available in the coming months to avoid these security problems in the future”.

Categories: linkedin, Security, ssl Tags: , ,

GitHub Connect to LinkedIn

March 10th, 2011 2 comments

Today we are pleased to announce a new application that we have added to the platform LinkedIn: GitHub per LinkedIn.

Add GitHub for LinkedIn

GitHub is a fantastic way for developers to collaborate with other developers on various software projects. It hosts code for many open-source projects leading, including LinkedIn. With more than 600.000 developers and over 1,8 million project, GitHub is essential for developers and professionals around the world.

Software developers know that the code you have written is one of the most important parts of their professional identity. It shows their involvement, interest and dedication to their work. Now developers can submit their projects on LinkedIn – the largest community of professionals from the world.

Read more…

Categories: github, linkedin Tags: ,

Linkedin: the new connection request in facebook style

December 28th, 2010 No comments

Linkedin is a social networking service on the network used primarily for the professional network. Although since I joined , now 3 years, I have not received any offer of employment continue to use it because you can contact and know many colleagues who are my own work.

Moreover, unlike the more famous FaceBook being specialized in employment and in particular the work that revolve around the technology, has not yet invaded by the entire “spam”/trash style FaceBook. This morning, while requesting the connection (Facebook is in the friendship) with a colleague, I noticed that has changed in this way:

Read more…

Categories: facebook, linkedin, social network Tags: , ,