Security researchers warn of LinkedIn exploit

Sometimes, it pays not to be linked in. Ignorance is bliss.

Security researchers are reporting a public exploit has been designed that could take advantage of critical security flaws in the LinkedIn Internet Explorer Toolbar.

The vulnerabilities do not apply to the Linkedin.com Web site, only the LinkedIn IE toolbar.

Users of the LinkedIn social-networking site that have the IE toolbar installed on their computers could be at risk of a remote attack, should they visit a malicious Web site, according to a posting by VDA Labs' Jared DeMott and Justin Seitz, who discovered the flaws.

The security flaws stem from an error within the IEToolbar.IEContextMenu.1, when it handles the search method, noted security researcher Secunia, which listed the vulnerabilities "extremely critical" in its advisory.

The security flaws are found in LinkedIn version 3.0.2.1098, but other versions may also be affected, Secunia warns.

Users can try setting the kill-bit for the affected ActiveX control as one means to solve the problem.

A spokeswoman for LinkedIn says the social networking site takes public exploit seriously and the company is working on a solution. She notes there are currently no reports of malicious exploits.

UPDATED: Thursday, 2:18 p.m.

LinkedIn has issued a security patch for the LinkedIn Internet Explorer Toolbar. The patch was automatically pushed to users' systems.

[Eddie-c]

Setting "kill-bit"?

Given that plenty of users of LinkedIn are not tech-savvy - or at least not to the extent of knowing how to set kill-bits - instead of simply quoting the solution "advised" by Secunia how about actually posting details on how to set it, or a link to instructions? I guess this is too much to ask eh?

[Dalkorian]

"kill-bit"

Simple. If you have no other browser for the internet, get one.
There's lots out there, FireFox, Safari, Opera just to name a few (try
a web search for "free browser"). Get one of them working and keep
it updated (they have bugs too, but they actually FIX them when
they're found).

Now use the "kill-bit" in IE, which (to me) means quit IE and stop
using it entierely. It's a security nightmare that will never be fixed.

[Eddie-c]

Kill-bits in IE

Being productive instead of saying "use a real browser"......

http://support.microsoft.com/kb/240797


My advice is not to install Toolbars as they are not in-vulnerable, as has been demonstrated by this exploit and exploits in other Toolbars.

Oh btw, CNET, can you kindly stop dumping a DATA MINING COOKIE on machines when requiring people to have cookies & scripting enabled on this site?!?!?!

[mariosundar]

LinkedIn IE Toolbar vulnerability has been fixed

I'm the Community Evangelist at LinkedIn. We released a fix yesterday that was pushed out to all of our users. The fix is required for users otherwise the toolbar shuts down.

Also, there were no reports of malicious exploits.

Let me know if you've any questions.