light bulb

Did You Know?



Reply
Posts: 4,997
Topics: 83
Kudos: 3,899
Registered: ‎11-27-2013

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

Wednesday, June 18, 2014 

Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users’ account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson from it.
 
WHAT IS MAN-IN-THE-MIDDLE (MitM) ATTACK
Before moving on to the story, let us discuss some emerging and common threats against the social networking sites nowadays. If we talk about less publicized but more danger, then Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.
 
Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.1), IPads, PCs,W7Pro & W 8.1 R Pro. Windows 7 Pro on Lenovo & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview
Posts: 3,150
Topics: 1,923
Kudos: 2,241
Blog Posts: 0
Registered: ‎06-02-2014

LinkedIn ignored SIX WARNINGS about account-hijacking bug

By Darren Pauli, 20 Jun 2014

 

LinkedIn accounts can be hijacked through simple man in the middle (MITM) attacks due to a failure to promptly fix a SSL stripping vulnerability .

The flaw described ambitiously as a zero-day vulnerability allowed attackers to gain full control of a user's account after they had logged in via SSL.

 

Attackers could jump between the user and the service and replace the secure protocol with HTTP allowing access to their account.

User IDs, passwords and all LinkedIn data could then be siphoned off by attackers

 

The Register/ Full Read Here/ http://www.theregister.co.uk/2014/06/20/antipodean_linkedin_accounts_open_to_mitm_hijacking/

 

 

 

 

Community Leader

Posts: 5,698
Kudos: 4,599
Registered: ‎10-28-2012

Re: LinkedIn ignored SIX WARNINGS about account-hijacking bug

If correct, that is simply incredible, and without logic.


David, (shorTcircuiT)

      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"

WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Sr. Community Guide
Posts: 406
Registered: ‎04-11-2014

Re: LinkedIn ignored SIX WARNINGS about account-hijacking bug


DavidP1970 wrote:

If correct, that is simply incredible, and without logic.


and I'll add "scary"  to @DavidP1970  's list.

 

After watching the 2-minute video — and add another 5-minutes to blow out my history and cache — I made the recommended changes to my account. I even went so far as to opt for the two-step login process. I'm still debating whether or not to share the news article on my LinkedIn profle. :smileyfrustrated:

 

Thank you @Antus67  !!

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader