Security flaws forces LinkedIn to cut short a cookie’s life
Business networking site LinkedIn said the it will minimize the problems that arise from cookies which the site uses to locate users.
Security analysts earlier found that cookies which are sent from the website are not secure and often create problems for users, even when sent via the secure SSL protocol. The cookies stay active for a year and if hackers get hold of them, it becomes easy for them to gain access to users' accounts. A study by the company said Hackers may use applications such as Firesheep to get hold of the cookies.
A certain LEO_AUTH_TOKEN cookie provides entry to accounts whether or not the user is logged in. The cookie remains active until users modify their passwords, the company said. LinkedIn has retaliated to the problem by cutting a cookie’s life to three months. Previously it was a year.
© Copyright IBTimes 2024. All rights reserved.