Security researchers warn of LinkedIn exploit
Sometimes, it pays not to be linked in. Ignorance is bliss.
Security researchers are reporting a public exploit has been designed that could take advantage of critical security flaws in the LinkedIn Internet Explorer Toolbar.
The vulnerabilities do not apply to the Linkedin.com Web site, only the LinkedIn IE toolbar.
Users of the LinkedIn social-networking site that have the IE toolbar installed on their computers could be at risk of a remote attack, should they visit a malicious Web site, according to a posting by VDA Labs' Jared DeMott and Justin Seitz, who discovered the flaws.
The security flaws stem from an error within the IEToolbar.IEContextMenu.1, when it handles the search method, noted security researcher Secunia, which listed the vulnerabilities "extremely critical" in its advisory.
The security flaws are found in LinkedIn version 3.0.2.1098, but other versions may also be affected, Secunia warns.
Users can try setting the kill-bit for the affected ActiveX control as one means to solve the problem.
A spokeswoman for LinkedIn says the social networking site takes public exploit seriously and the company is working on a solution. She notes there are currently no reports of malicious exploits.
UPDATED: Thursday, 2:18 p.m.
LinkedIn has issued a security patch for the LinkedIn Internet Explorer Toolbar. The patch was automatically pushed to users' systems.
Dawn Kawamoto covers enterprise security and financial news relating to technology for CNET News. E-mail Dawn. 



There's lots out there, FireFox, Safari, Opera just to name a few (try
a web search for "free browser"). Get one of them working and keep
it updated (they have bugs too, but they actually FIX them when
they're found).
Now use the "kill-bit" in IE, which (to me) means quit IE and stop
using it entierely. It's a security nightmare that will never be fixed.
http://support.microsoft.com/kb/240797
My advice is not to install Toolbars as they are not in-vulnerable, as has been demonstrated by this exploit and exploits in other Toolbars.
Oh btw, CNET, can you kindly stop dumping a DATA MINING COOKIE on machines when requiring people to have cookies & scripting enabled on this site?!?!?!
- LinkedIn IE Toolbar vulnerability has been fixed
- by mariosundar July 26, 2007 1:15 PM PDT
- I'm the Community Evangelist at LinkedIn. We released a fix yesterday that was pushed out to all of our users. The fix is required for users otherwise the toolbar shuts down.
- Like this Reply to this comment
-
(5 Comments)Also, there were no reports of malicious exploits.
Let me know if you've any questions.