AN INDEPENDENT insecurity researcher says there are multiple security vulnerabilities in the business social network Linkedin, due to the way it handles and transmits cookies over SSL.
In a blog post, Rishi Narang claimed that a worst case scenario would see a hacker capturing your web browsing cookies in traffic and hijacking your account. Cookies are snippets of text that are sent to your web browser and retained in disk files, and they are used to do things like retain your account numbers, personalise information and help with services like Amazon.

He said that even if you change the password and all settings, the old cookie will be valid and will grant the attacker access to your account.

One of the problems is the availability of cookies sent in plain text over unencrypted channels of communication, posted Narang. He said this is due to SSL cookies not having a secure flag set, as well as appearing to contain session tokens.

The link for this article located at The Inquirer is no longer available.