Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

  • 19 June 2014
  • 3 replies
  • 464 views

Userlevel 7
Badge +62
Wednesday, June 18, 2014 Swati Khandelwal[img]https://uploads-us-west-2.insided.com/webroot-en/attachment/11404iED401279E40CEB32.jpg[/img]
Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users’ account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson from it. WHAT IS MAN-IN-THE-MIDDLE (MitM) ATTACKBefore moving on to the story, let us discuss some emerging and common threats against the social networking sites nowadays. If we talk about less publicized but more danger, then Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions. Full Article:  http://thehackernews.com/2014/06/millions-of-linkedin-users-at-risk-of.html

3 replies

Userlevel 7
By Darren Pauli, 20 Jun 2014
 
LinkedIn accounts can be hijacked through simple man in the middle (MITM) attacks due to a failure to promptly fix a SSL stripping vulnerability .
The flaw described ambitiously as a zero-day vulnerability allowed attackers to gain full control of a user's account after they had logged in via SSL.
 Attackers could jump between the user and the service and replace the secure protocol with HTTP allowing access to their account.
User IDs, passwords and all LinkedIn data could then be siphoned off by attackers
 
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/06/20/antipodean_linkedin_accounts_open_to_mitm_hijacking/
 
 
 
 
Userlevel 7
If correct, that is simply incredible, and without logic.
Userlevel 7
@DavidP1970 wrote:
If correct, that is simply incredible, and without logic.
and I'll add "scary"  to @  's list.
 
After watching the 2-minute video — and add another 5-minutes to blow out my history and cache — I made the recommended changes to my account. I even went so far as to opt for the two-step login process. I'm still debating whether or not to share the news article on my LinkedIn profle. :@
 
Thank you @  !!

Reply