LinkedIn accounts can be hijacked through simple man in the middle (MITM) attacks due to a failure to promptly fix a SSL stripping vulnerability . The flaw described ambitiously as a zero-day vulnerability allowed attackers to gain full control of a user's account after they had logged in via SSL. Attackers could jump between …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 20th June 2014 06:33 GMT Will Godfrey

Just trying to spread the love

Even crims can have a LinkedIn account.

1 0
1. Friday 20th June 2014 08:17 GMT Pascal Monett
  
  And given the importance of white-collar crime (think Bernie Madoff), many crims do.
  
  Okay, okay, I'm going already.
  
  0 0
Friday 20th June 2014 08:25 GMT Mike Smith

FAO hackers - a simple request

I've recently updated my LinkedIn account with some major core skills - breaking wind, picking my nose, losing arguments with myself and so on - and no-one's bothered to endorse me for them. Miserable lot, pearls before swine, etc.

I hope that anyone breaking into LinkedIn will find my account and do the needful. I want to apply for a senior manager's position soon.

2 0
1. Friday 20th June 2014 09:37 GMT VinceH
  
  Re: FAO hackers - a simple request
  
  I updated mine last year with a similar set of core skills, and I've also yet to be endorsed for any of them. :(
  
  I note that one of mine is slightly more specialised than those you list above: Breaking wind in lifts.
  
  0 0
2. Friday 20th June 2014 15:11 GMT Refugee from Windows
  
  Re: FAO hackers - a simple request
  
  The other working member of the household, because she's on the safety list at one of her places of work, has an email address. For a bit of a laugh I put her profile on LinkedIn. She's had offers of jobs all over the place, some local and one at Network Rail in Milton Keynes. However she'll happily persuade stray sheep to return to pasture and chase rabbits for mere biscuits.
  
  Stray Livestock Control Operative. Hmmm. Skills include herding and livestock management! Upgraded from sheep to cows to boot as well.
  
  She gets better offers than me. It's not fair.
  
  1 0
Friday 20th June 2014 09:26 GMT Anonymous Coward

We avoid it

We have a professional obligation for discretion, so broadcasting to the world (and, more specifically, to any US three latter agency) who we work for and with is, well, let's say "ill advised".

When we deal with CEOs and show them just how much can be done with mining LinkedIn, they tend to strip their profiles too - high value relationships need a lot of control, especially since someone else can otherwise ride on being "in your circle". LinkedIn too can be abused and used against you.

So, in short, LinkedIn's problems only matter to use to keep profiles from being defaced, not because of relationship data leaking..

0 1
Friday 20th June 2014 10:10 GMT Anonymous Coward

more secure than a recruitment agency.

The worrying fact is LinkedIn is probably a more targeted approach than sending your CV to a recruitment agency, definitely more secure.

2 0
Friday 20th June 2014 12:24 GMT Jamie Jones

Amateurs?

"When the victim types email and password, it’ll be sent over the network in an unencrypted form that can be easily read by any attacker – even the most amateur ones."

I assume they are talking about an open wi-fi - tapping a wired/fibre link is not automatically easy for 'any amateur attacker'

0 2