LinkedIn outage prompts security concerns

The website's domain name was temporarily redirected to a different server

By Lucian Constantin, IDG News Service |  Security

"As the hijack took place at the DNS level, chances are that the cookies have been sent to the wrong website if the user has not enabled the SSL security feature via the LinkedIn Account Settings," he said via email.

Unlike other online service providers such as Google or Twitter, which use HTTPS (HTTP Secure) by default for all connections and therefore encrypt them with SSL, LinkedIn supports SSL only as an option.

Cookies have an attribute called "Secure" that can be used to instruct the browser to only transmit them over secure, HTTPS connections. However, if SSL is not used, cookies have the Secure value set to false and can be sent in plain text over HTTP, Botezatu said.

"Since LinkedIn cookies appear to have a lifespan of roughly three months and we don't know whether they have been collected by the rogue end-website, changing the account password would be the wisest choice now," he said.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness