Facebook-for-bosses website LinkedIn has fixed a security vulnerability that potentially allowed anyone to swipe users' OAuth login tokens. The flaw came to light after British software developer Richard Mitchell discovered part of the LinkedIn's customer help website handed out the private OAuth token of the logged-in user. …
"It's great that the farmer lets us pigs stay in his barn for free, but it's really nice he brings that free food round every day"
If you're using it and you're not paying for it, you're not the customer, you're the product being sold. WHich is even more true on LinkedIn!
Re: Social Media
Except for when people pay for it?
Re: Social Media
you're not wrong there - The whole reason behind LinkedIn is to sell yourself shirely?
Using user-generated headers/tokens for security purposes.... Noooooooooo!
"The fix involved disabling requests without HTTP referrers, according to Mitchell."
Errrrm, I don't see how this helps!
Don't see how it helps?
Why - it makes them go to the actual bother of spoofing the referer properly rather than just suppressing it. Adds whole seconds to the miscreant's timeline.
" I fixed LinkedIn OAuth security bug and all I get is this lousy T-shirt" LOL
Look behind you! A three-headed monkey!
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16