The security risks occured in following two features:
The first flaw affected the "Add Connection" feature, which allows users to connect individually with one another.
Weaknesses in the site's cross-site scripting protections, which prevent commands from being transferred from one page to another, allowed potential hackers to misdirect users to false LinkedIn login pages.
From here, the hackers could push harmful HTML (the programming language that builds websites) onto users, steal cookies or phish for passwords and other private information.
The second issue affected LinkedIn groups rather than individual users.
Groups are not as tight, security-wise, as individual pages, and allowed information thieves to pose as LinkedIn users and target hundreds or even thousands of users at once.
Since users allow LinkedIn email permissions when joining groups, hackers could create pages and, with a little judicious HTML application, send emails directly to other group members that would lead those users to infected websites.Since the problems have been corrected, there's not much for the end-user to do except be wary of any emails received from LinkedIn groups before today. Making sure your mobile LinkedIn apps are up-to-date as well couldn't hurt.
via Tech News
We are also on Facebook
0 comments:
Post a Comment