Security Researcher Discovers Flaw on Professional Networking Website
Over the recent years, social media sites have grown in popularity and usage. Professionals and businesses are also leveraging the benefits offered by these sites to promote their professional and business interests. However, the popularity and loads of information available on these sites has made them one of the favorite targets for cybercriminals. Attackers take advantage of user negligence and security vulnerabilities on the sites to gain access to confidential information, spread spam and mislead users. Recently, a security researcher identified security vulnerabilities on LinkedIn's website. LinkedIn is one of the popular networking sites used by professionals. The vulnerability could allow attackers to gain access to user accounts without providing login credentials. Reuters first reported the security flaw, identified by Rishi Narang, an independent security researcher based in India. The vulnerability is associated with cookie management by LinkedIn. Cookies are files placed on a user's computer system by websites. These files may contain information regarding the sites visited by Internet users. Usually, session cookies expire within a reasonable period depending on the log in activity, while persistent cookies remain for a longer duration on a user's computer system. In the case of LinkedIn, the researcher identified that cookies do not expire for a period of one year from their creation. If attackers gain access to cookies stored for user authentication, they may misuse the same for gaining unauthorized to user accounts on a website. A user account may contain sensitive data such as names, date of births, photographs, e-mail addresses, and contact numbers, list of friends, hobbies or areas of expertise and employment details. Attackers may extract or alter contents of the compromised user account, send arbitrary messages impersonating as a legitimate user, extract details from accounts of user's friends listed on the site, spread spam messages and malicious links.
Social media sites are prone to regular attacks by cybercriminals. Facebook and Twitter, in particular have been the favorite targets of attackers. With increase in popularity of other sites, cybercriminals may attempt to exploit weaknesses and security flaws to defraud users. As such, social media sites must be proactive in identifying and mitigating threat vectors through regular security audits by professionals qualified in penetration testing and masters of security science.
Internet users must use strong and unique passwords, and be wary of divulging personal and financial information on social media sites. Social media sites may encourage safe usage of the sites by users by sending e-flyers, security alerts, scam alerts, and creating awareness on privacy threats, and proper use of privacy settings.
Organizations must advise employees on the precautions to be adhered while accessing social media sites on work computers. They may limit the information divulged on the professional networking sites as cybercriminals may use social engineering techniques to extract privileged business information from employees. Mandatory e-learning and online degree programs on cyber security may help employees understand security threats and implement safe online computing practices.
Security professionals may benefit from online university degree programs to update themselves on best information security and website security mechanisms and strengthen the defenses of the organizations against vibrant threats emanating from the cyber space.