Skip to main content

LinkedIn ignored security flaw from researcher who hacked Zuckerberg’s Facebook wall

posted onDecember 15, 2017
by l33tdawg

Khalil Shreateh, a self-professed IT expert from Palestine, hit the headlines four years ago when he hacked Facebook CEO Mark Zuckerberg’s wall. Shreateh was frustrated that Facebook was ignoring a big security flaw, so demonstrating it on Zuckerberg’s own Facebook wall was an easy way to get the company to act. Shreateh discovered a security flaw in LinkedIn last month, and he reached out to The Verge after becoming frustrated that the company was ignoring his report — just like four years ago.

The flaw worked by smuggling more complex code into images hosted on the service. By altering the source value of a posted image, an attacker could execute a remote script when the user clicked on the picture. In the most troubling version of the exploit, the attacker could disguise that script as a LinkedIn authentication prompt, which could potentially trick users into sharing their password. The authentication prompt would even automatically pop up if a LinkedIn user simply visited the post and was logged out of the service. LinkedIn patched the flaw after being contacted by The Verge.




You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th