A security flaw on popular networking site LinkedIn has left accounts wide open to hackers, according to online security researcher Rishi Narang.
He claims that LinkedIn is keeping cookies active for too long, which means that anyone who can get access to the file (particularly on a Wi-Fi network) can easily gain access to a user’s account. Narang reported this finding on his own blog .
LinkedIn creates a cookie called “LEO_AUTH_TOKEN” after a user enters the proper username and password to access an account, which later serves as a key to gain access to the account. This can be a problem if you are using a public (or even private) Wi-Fi network. Software like Firesheep has previously been used to hijack other social media platforms like Facebook and Twitter, enabling hackers to see all the account holder’s friends, read their private messages, and even post a status update. Scary stuff.
Firesheep is a Firefox add-one that was basically created to check for security holes in websites that don’t use encryption—but it has since been (inevitably) used by hackers and online scammers. All the hackers have to do is download and install the add-on, open the Firesheep sidebar, and click “Start Capturing” and then a list of all the accounts that aren’t encrypted appears in the sidebar.
Wi-Fi has always been known for its less than impressive record of security, so it is essential that, if you must use a wireless connection, you follow basic safety guidelines:
1. Use passwords. Your wireless router will come with a generic password for that brand that restricts access to its settings, so you will instantly need to create a strong password of your own. This can help prevent an outsider reconfiguring your router maliciously via the network. You can read a simple Change Router Passwords article available online to see how this is done.
2. Use the SSID name. This is the unique name for your network can be up to 32 characters long and may contain any symbols. This doesn’t have to be remembered, so it can be as complex (obviously not featuring words) as you like. This must then be set on both the router and all the computers on your network.
3. Enable WPA encryption. Immediately look in your owner’s manual to discover how to enable and configure WPA encryption for your device. Again, this must then be set on both the router and all the computers on your network.
4. Enable a firewall. Some wireless routers come with a built-in firewall, which you should check are enabled to prevent attacks.
5. Switch off. Turning off your wireless router and computer when not in use should always be carried out, as hackers can’t get at you if you are not online.
Now, back to the initial LinkedIn problem … In addition to carrying out the above Wi-fi safety tips, manually deleting cookies in order to save space or to address privacy issues is highly recommended. Just delete the LinkedIn ones after each visit. Click on “tools” in your browser and “Internet options” or “Options.” You will be able to delete all cookies or individual cookies from there to avoid being literally “LinkedIn” to the hackers.