Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » 'Sign in with LinkedIn' spoof allows baddies to penetrate Slashdot, NASDAQ.com and more

'Sign in with LinkedIn' spoof allows baddies to penetrate Slashdot, NASDAQ.com and more

2014/12/05

The Register - (International) Researchers with IBM identified and reported a vulnerability that could have allowed attackers to gain access to Web sites that use MyDigiPass to enable logins using social media accounts due to LinkedIn and Amazon allowing the use of accounts without confirmed email addresses. The issue was closed before the findings were disclosed and affected Web sites including NASDAQ.com, Slashdot, Crowdfunder, and among many others.

Source: http://www.theregister.co.uk/2014/12/05/top_sites_massive_potential_security_flaw_highlighted/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:22:41