Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Social Networks IT

Researcher Hijacks LinkedIn Profiles Using Cookie 49

Posted by Unknown Lamer from the xeroxing-your-business-cards dept.
mask.of.sanity writes "A security researcher has demonstrated holes in the way cookies are handled on LinkedIn profiles by hijacking profiles. The session cookies are sent over unsecured HTTP and remain active for up to a year."
This discussion has been archived. No new comments can be posted.

Researcher Hijacks LinkedIn Profiles Using Cookie More

Researcher Hijacks LinkedIn Profiles Using Cookie

Comments Filter:

  • Newsworthy? (Score:2, Insightful)

    by bradgoodman ( 964302 ) on Monday May 23, 2011 @04:55PM (#36221744) Homepage
    Every time someone hijacks an unsecured HTTP session by stealing a cookie - this is news?

    BULLETIN: Guy leaves keys in running, unlocked card - gets stolen. News at 11.

  • Yeah, no shit. (Score:5, Insightful)

    by Anonymous Coward on Monday May 23, 2011 @04:59PM (#36221776)

    About a month ago my mom was asking me why she was able to add connections to MY LinkedIn profile. Obviously I'd logged in once on her computer and the cookie had been active ever since.

    I'd have less of a concern with it if the cookies didn't last so FUCKING long. In fact... you should only have one active login session at a time, unless they want to create the notion of a "trusted" computer whose login cookie lasts forever. But if I don't click "remember me on this computer", having the login cookie persist for long periods of time is just dumb.

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close