{"id":2684,"date":"2013-06-20T16:11:55","date_gmt":"2013-06-20T20:11:55","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2684"},"modified":"2013-06-20T16:11:55","modified_gmt":"2013-06-20T20:11:55","slug":"linkedin-outage-prompts-security-concerns","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/06\/20\/linkedin-outage-prompts-security-concerns\/","title":{"rendered":"LinkedIn outage prompts security concerns"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2042506\/linkedin-outage-prompts-security-concerns.html\"><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/06\/linkedin_nan_palmer-100006334-gallery.jpg\" \/><\/a><\/p>\n<p>LinkedIn\u2019s domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put user accounts at risk of compromise.<br \/>\nUptime monitoring service Pingdom recorded that LinkedIn was unavailable between 2:21 a.m. and 6:16 a.m. U.K. time. Some users trying to access the website saw a domain parking page offering the domain for sale, according to user reports on Hacker News.<br \/>\nDuring the outage, LinkedIn\u2019s customer service team said on Twitter that the problem was caused by a DNS (Domain Name System) issue, but did not specify why it occurred.<br \/>\nBryan Berg, co-founder of the App.net social feed service, described the issue as a DNS hijacking and said that LinkedIn\u2019s traffic was directed to the network of a company called Confluence Networks. Because LinkedIn does not use SSL by default, users who tried to access the site during the incident might have exposed their session cookies in plain text to another server, he said.<br \/>\nSession cookies are text files containing unique IDs that websites set in browsers in order to remember authenticated users. Attackers who steal a user\u2019s session cookie can put it into their own browser and access that user\u2019s account.<br \/>\n\u201cStarting few hours ago, we received reports about some sites (including linkedin.com) pointing to IPs [Internet Protocol addresses] allotted to our ranges,\u201d Confluence Networks said in a notice published on its website. \u201cWe are in touch with the affected parties &amp; our customer to identify the root cause of this event.\u201d<br \/>\nConfluence Networks describes itself as a colocation and network services provider that has business relationships with data centers in various geographical regions.<br \/>\nIn a later update, the company noted that it received verification that the issue was caused by human error and was not security related.<br \/>\nThe company did not immediately respond to a request for comment seeking more information about the incident and the names of other websites that have been redirected to its network.<br \/>\n\u201cFor a short time early on Thursday morning, linkedin.com was not accessible to a majority of our members,\u201d LinkedIn spokesman Darain Faraz said via email. \u201cWe have been told by the company that manages our domain that this was due to an error made on their end. Our team was able to quickly address the issue, and the site is returning to normal.\u201d<br \/>\nFrom a technical standpoint, the incident could have security implications for LinkedIn users, according to Bogdan Botezatu, a senior e-threat analyst at security vendor Bitdefender.<br \/>\n\u201cAs the hijack took place at the DNS level, chances are that the cookies have been sent to the wrong website if the user has not enabled the SSL security feature via the LinkedIn Account Settings,\u201d he said via email.<br \/>\nUnlike other online service providers such as Google or Twitter, which use HTTPS (HTTP Secure) by default for all connections and therefore encrypt them with SSL, LinkedIn supports SSL only as an option.<br \/>\nCookies have an attribute called \u201cSecure\u201d that can be used to instruct the browser to only transmit them over secure, HTTPS connections. However, if SSL is not used, cookies have the Secure value set to false and can be sent in plain text over HTTP, Botezatu said.<br \/>\n\u201cSince LinkedIn cookies appear to have a lifespan of roughly three months and we don\u2019t know whether they have been collected by the rogue end-website, changing the account password would be the wisest choice now,\u201d he said.<br \/>\nIn an updated statement sent via email LinkedIn said that the incident occurred Wednesday evening, that it wasn\u2019t caused by malicious activity and that it doesn\u2019t believe any LinkedIn member data was compromised in any way.<br \/>\nvia <a href=\"http:\/\/www.pcworld.com\/article\/2042506\/linkedin-outage-prompts-security-concerns.html\" target=\"_blank\">LinkedIn outage prompts security concerns | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>LinkedIn\u2019s domain name was temporarily redirected to a third-party server Thursday, which resulted in a service outage and potentially put [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[293,618],"class_list":["post-2684","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-dns-hijacking","tag-linkedin"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Hi","jetpack-related-posts":[{"id":7276,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/29\/sony-playstation-network-is-back-online-now-really\/","url_meta":{"origin":2684,"position":0},"title":"Sony: PlayStation Network is back online now, really","author":"NCCT","date":"December 29, 2014","format":false,"excerpt":"After giving gamers false hope on Saturday, Sony now says its PlayStation Network has been fully restored after a Christmas Day attack that knocked it offline for about three days. At around 1 a.m. U.S. Eastern Time on Sunday, Sony declared its online gaming platform fixed and, as it had\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7063,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/10\/pirate-site-the-pirate-bay-goes-down-then-sails-for-costa-rica\/","url_meta":{"origin":2684,"position":1},"title":"Pirate site The Pirate Bay goes down, then sails for Costa Rica","author":"NCCT","date":"December 10, 2014","format":false,"excerpt":"The original home of The Pirate Bay, probably the Web\u2019s highest-profile site for copyrighted movies, music, and software, is no longer online. However, at least a placeholder is alive on a Costa Rican domain\u2014though not much more than that. TorrentFreak first noted the outage. The site\u2019s reporters said that they\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":2684,"position":2},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7345,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/01\/07\/netflix-begins-blocking-users-who-bypass-region-locks\/","url_meta":{"origin":2684,"position":3},"title":"Netflix begins blocking users who bypass region locks","author":"NCCT","date":"January 7, 2015","format":false,"excerpt":"Netflix has begun blocking users' access to the service when it detects that a geolocation bypassing utility, such as a proxy or VPN, is being used. Although these blocks are currently limited in scope, it could be a precursor to a wider crackdown by the popular streaming service. Over the\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8857,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/03\/07\/these-are-the-worst-domains-for-harboring-malware\/","url_meta":{"origin":2684,"position":4},"title":"These are the worst domains for harboring malware","author":"NCCT","date":"March 7, 2016","format":false,"excerpt":"By Lucian Constantin | IDG News Service | PCWorld Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones. Spamhaus, an organization that monitors spam, botnet and malware activity\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7480,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/01\/20\/nsa-secretly-hijacked-existing-malware-to-spy-on-n-korea-others\/","url_meta":{"origin":2684,"position":5},"title":"NSA secretly hijacked existing malware to spy on N. Korea, others","author":"NCCT","date":"January 20, 2015","format":false,"excerpt":"A new wave of documents from Edward Snowden's cache of National Security Agency data published by Der Spiegel demonstrates how the agency has used its network exploitation capabilities both to defend military networks from attack and to co-opt other organizations' hacks for intelligence collection and other purposes. In one case,\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/01\/grand-peoples-study-house-computer-lab-640x436.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/01\/grand-peoples-study-house-computer-lab-640x436.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/01\/grand-peoples-study-house-computer-lab-640x436.jpg?resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2684"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2684\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}