LinkedIn Security Blog

  • Open Sourcing Jaqen, A Tool For Developing DNS Rebinding PoCs

    July 27, 2017

    Editor’s note: Members of the information security team at LinkedIn have an opportunity to work on research topics under a well-defined framework that allows them to evaluate new products and technologies, as well as explore the related threat surface. The team strives to find new and innovative ways to help simplify and strengthen security and contribute back...

  • Same Origin Method Execution Diagram

    Finding Same Origin Method Execution Vulnerabilities

    October 19, 2016

    This summer I had the privilege of interning on LinkedIn’s House Security team. During this period I was tasked to analyze the details of a relatively new class of vulnerabilities, and create a BurpSuite extension that would help identifying problematic sites. In addition to open-sourcing the extension, we want to shed some more light on Same Origin Method...

  • Who Are You? A Statistical Approach to Protecting LinkedIn Logins

    January 22, 2016

    Can you can spot your LinkedIn password in the above image? Is your password on LinkedIn the same as another website? Have you been a victim of a phishing attempt? If so, your username and password might be in an attacker’s database without you even knowing it! Not to fear though — LinkedIn works hard to protect member accounts against attackers who have your...

  • Abusing CSS Selectors to Perform UI Redressing Attacks

    November 23, 2015

    Earlier this year, we received an interesting security advisory from Ruben van Vreeland regarding an issue discovered within our...

  • Removing Fake Accounts from LinkedIn

    November 20, 2015

    Integrity of the platform is of the utmost importance to LinkedIn. When members interact with other members on LinkedIn, they expect...

  • Introducing QARK

    August 17, 2015

    Last week, at DefCon 23 and BlackHat USA 2015, LinkedIn's House Security team announced the release of an alpha version of QARK, the...