Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Social Networks IT

Researcher Hijacks LinkedIn Profiles Using Cookie 49

Posted by Unknown Lamer from the xeroxing-your-business-cards dept.
mask.of.sanity writes "A security researcher has demonstrated holes in the way cookies are handled on LinkedIn profiles by hijacking profiles. The session cookies are sent over unsecured HTTP and remain active for up to a year."
This discussion has been archived. No new comments can be posted.

Researcher Hijacks LinkedIn Profiles Using Cookie More

Researcher Hijacks LinkedIn Profiles Using Cookie

Comments Filter:

  • Re:Bit offtopic but facebook defaults to http now (Score:2, Informative)

    by Anonymous Coward on Monday May 23, 2011 @08:43PM (#36223716)

    HTTPS is not the default standard because it requires cryptographic overhead. Your Apache web server is throwing up a bazillion pages each minute, but now has to do the same task, but while individually negotiating a secure encrypted tunnel with each client being served. It SHOULD be the default standard, but most people don't know/care what an SSL certificate is, how to actually check if their connection is secure, etc.

Slashdot Top Deals

"I've seen it. It's rubbish." -- Marvin the Paranoid Android

Close