Which SSL Reviews

SSL Certificates

LinkedIn Patches XSS Vulnerabilities

September 30, 2013 | By  

Linkedin PatchesMajor websites are busy patching vulnerabilities while browsers are releasing new versions in order to cope up with the growing security needs. Recently, LinkedIn the popular professional networking website patched their XSS vulnerabilities. The bug is a simple issue which if found by a hacker can be turned into a serious security threat because the third party will be able to even read personal profiles besides gaining the control over the website to make changes according to their requirement.

Earlier, weeks before the website officially started working on a patch and update that will curb this issue and now it has been officially rolled out.In the wake of digital attacks carried out by the Syrian army, Google Chrome established strict guidelines on SSL Certificates and started denying websites which use 128 bit encryption solutions which is considered vulnerable besides being easy to crack.

XSS Vulnerabilities

Because of the XSS vulnerabilities found in LinkedIn website, analysts state that the a hacker who managed to identify this issue can inject HTML or malicious script code. This will exploit the entire network and allow the third party to steal users cookies which in other words will reveal their personal information. Once infected, the attacker can choose to get mailing address of a huge list of real users on LinkedIn website and send them links which will redirect them to another infected website.

Their user credentials will be stolen in this process or malware will be injected into their computers, sometimes even an entire network because the website is all about professional contacts. This makes it easy for them to reach corporations and business organizations making the attack more productive than targeting individual users. SSL certificates can safeguard data packers while this patch will secure the individual website.

Share an update field is considered to be primarily targeted by these rogue attackers and injected codes. There are multiple XSS bugs found in the website including the second and third bugs which will be focused on Groups you may be interested in option. The attacker can find an empty open group, create a discussion and insert the code before sharing this message. This is all that is needed before someone uses the board to reply or click on the link provided. Most users will considered clicking it because LinkedIn has a good reputation among professionals. The professional network will fix all these bugs, revise SSL certificates integration and check other areas to implement more security fixes.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL Certificates

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory