Zuk Avraham, founder and CEO of Zimperium, alleges in new report that LinkedIn has left its users exposed to potential exploitation, due to the way the site uses Secure Sockets Layer (SSL) encryption. – Zimperium’s technology, zANTI,is a security research tool that allows IT managers to test for vulnerabilities in their network, such as SSLstrip. zANTI also checks for several other types of malicious behavioral attacks. SSLstrip helps an attacker perform a man-in-the-middle (MITM) attack against a user who thinks they are being protected by SSL. As a result of SSL stripping, user information from LinkedIn could potentially be intercepted by a MITM attack.
LinkedIn spokesperson Nicole Leverich confirmed to eWEEK that Zimperium did contact LinkedIn. She noted that LinkedIn responded to Zimperium with updates about the status of the HTTPS/SSL rollout on LinkedIn.
“In December 2013 we started transitioning the LinkedIn site to default HTTPS and just last week announced that we are serving all traffic to all users in the U.S. and E.U. by default over HTTPS,” Leverich said. “This issue does not impact the vast majority of LinkedIn members, given our ongoing global release of HTTPS by default.”