Security Professional Discovers Vulnerability on Professional Networking Site

Recently, a security researcher identified vulnerability associated with cookie management by LinkedIn.

Albuquerque, NM (prHWY.com) May 23, 2011 - Albuquerque, NM, United States - Over the recent years, social media sites have grown in popularity and usage. Professionals and businesses are also leveraging the benefits offered by these sites to promote their professional and business interests. However, the popularity and loads of information available on these sites has made them one of the favorite targets for cybercriminals. Attackers take advantage of user negligence and security vulnerabilities on the sites to gain access to confidential information, spread spam and mislead users. Recently, a security researcher identified security vulnerabilities on LinkedIn's website. LinkedIn is one of the popular networking sites used by professionals. The vulnerability could allow attackers to gain access to user accounts without providing login credentials. Reuters first reported the security flaw, identified by Rishi Narang, an independent security researcher based in India. The vulnerability is associated with cookie management by LinkedIn. Cookies are files placed on a user's computer system by websites. These files may contain information regarding the sites visited by Internet users. Usually, session cookies expire within a reasonable period depending on the log in activity, while persistent cookies remain for a longer duration on a user's computer system. In the case of LinkedIn, the researcher identified that cookies do not expire for a period of one year from their creation. If attackers gain access to cookies stored for user authentication, they may misuse the same for gaining unauthorized to user accounts on a website. A user account may contain sensitive data such as names, date of births, photographs, e-mail addresses, and contact numbers, list of friends, hobbies or areas of expertise and employment details. Attackers may extract or alter contents of the compromised user account, send arbitrary messages impersonating as a legitimate user, extract details from accounts of user's friends listed on the site, spread spam messages and malicious links.

Social media sites are prone to regular attacks by cybercriminals. Facebook and Twitter, in particular have been the favorite targets of attackers. With increase in popularity of other sites, cybercriminals may attempt to exploit weaknesses and security flaws to defraud users. As such, social media sites must be proactive in identifying and mitigating threat vectors through regular security audits by professionals qualified in penetration testing and masters of security science.

Internet users must use strong and unique passwords, and be wary of divulging personal and financial information on social media sites. Social media sites may encourage safe usage of the sites by users by sending e-flyers, security alerts, scam alerts, and creating awareness on privacy threats, and proper use of privacy settings.

Organizations must advise employees on the precautions to be adhered while accessing social media sites on work computers. They may limit the information divulged on the professional networking sites as cybercriminals may use social engineering techniques to extract privileged business information from employees. Mandatory e-learning and online degree programs on cyber security may help employees understand security threats and implement safe online computing practices.

Security professionals may benefit from online university degree programs to update themselves on best information security and website security mechanisms and strengthen the defenses of the organizations against vibrant threats emanating from the cyber space.

Contact Press

EC-Council
Website: http://www.eccuni.us
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

###

Tag Words: cookie management, user, authentication details, professional networking, vulnerabilities, unauthorized access, login credentials, reuters, linkedin

Categories: Security

Link To This Press Release:

URL HTML Code