Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

LinkedIn patches five nasty security bugs in its software

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 25, 2017

LinkedIn said this morning it has patched five nasty security flaws in its software that could have allowed users' phone numbers, email addresses and resumés to be downloaded.

Additionally, the security holes could allow the deletion of all connection requests, on top of the many privacy issues the whole thing could represent.

The security issues were discovered by the first human-bot hacking hybrid, the brainchild of Indian security research Rahul Sasi.

Sasi revealed his project dubbed Cloud-AI at the Nullcon Hacking Conference in Goa, India.

At the time, he explained his intention to build a security bug finder that can blend intuition with automated efficiency.

"Cloud Artificial Intelligence (CAI) is currently a rather large dataset of how humans have interacted with the internet so far," Sasi asserted.

"Our team is currently training CAI to be capable of doing more complex interactions and will soon come up with APIs that will let individuals automate their tasks using CAI technology."

Sasi and his team at CloudSek 'trained' his software against popular cloud applications including LinkedIn and Facebook, finding no less than ten dangerous and insecure direct object reference security vulnerabilities in the former, a bug class normally identified through manual human analysis and missed by several automated scanners in the past.

He also found that Linkedin's recruiter profiles would leak email addresses of profiles shared in messages to other users. The personal data was hidden in response when the member request identification number was swapped to the victim's identity number.

Sasi's beta software also uncovered an additional security flaw that would leak phone numbers, along with email addresses, for users who had applied for jobs through the website.

Another security bug allowed all connection requests on LinkedIn to be deleted through the mere manipulation of a single request identification number.

Other various flaws allowed some video transcripts and exercise files to be downloaded without authentication or the necessary premium membership.

Sasi also disclosed the security holes to the LinkedIn team which fixed the critical vulnerabilities within a day of his report, something that is reassuring to some.

CAI is explained in his 2016 paper, and he says it's designed on machine learning and natural language processing, and uses vector space models to convert word strings to numbers, naive bays machine learning classifiers, and cosine similarity to improve training.

All those techniques result in a machine that can navigate naturally around the web and identify the parts of a site that a hacker would most likely target for the quickest returns.

In practice however, that requires the tool be able to follow dynamic user instructions so it fully understands that phrases like 'sign me up', 'let's go' and so forth all signify a new account registration.

Source: Rahul Sasi.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer