Researcher finds LinkedIn security flaw

New Delhi-based security expert says LinkedIn access cookie only expires after one year, potentially allowing hacker access to user accounts without need for passwords, according to news report [read more].

The first time I read it through, I thought, is this serious? Is it real? And the next steps was to evaluate what the articles said and the results quite surprising. It is for real I can still use the same cookie and login from different machine although I've remove all histories or cookies in the browser.

Next question is how can we solve this? The article only raise the question/issue/problem but never propose any solutions. There are ways to overcome this. First and foremost, of course LinkedIn should implement restriction whereby it should impose limitation on the cookie activation to maximum of 2 weeks (Yahoo mail allowed that). Next is to implement another security mechanism for example trust and privacy which has becoming a widely standard for internet applications.

There are not many institution focus on this but the impact of having this as part of security mechanism was significant enough to protect and prevent losses. At Malaysia, only MIMOS focusing on having trust and privacy as part of their R&D area and had been producing numbers of technologies based on that. For more information, check it out at the website here.