LinkedIn said it would reduce the persistence of cookies it uses to identify users of the business-focused social networking site following the discovery of security issues with the site that create a possible means for fraudsters to hijack profiles. Security researcher Rishi Narang discovered that LinkedIn session cookies are …
Token gesture ?
Maybe it is (and yes, I did see what you did there), but unlike Sony, they are 1) acknowledging that there is a problem, and 2) actually attempting a first-level reaction that does have an impact.
Sure, it's not perfect, and it is not a solution either, but it's a heck of a lot better than Sony.
I bet this is what happened with facebook...
Why their and others' sites said users need to change their passwords to rid these horrid, privacy-threatening cookies.
I think -suspect- that fb is not the only site susceptible to this...
Wow, the addressed a security flaw? Maybe next they'll stop sending me reams of unsolicited spam.
Cookies should a lifespan of the session length *at most* except when used to store user preferences. There is some mismatch between cookies on The Reg as some definitely timeout (ability to post) whereas others (logged in status) don't seem to.
EU Cookie law starts going into force tomorrow.