Intercepting LinkedIn Passwords

1 Comment on Intercepting LinkedIn Passwords

At the Microsoft TechDays 2012 in Belgium, white hat Paula Januszkiewicz shows how the tool Fiddler can be used to intercept the password of a LinkedIn user. The reason is because the password is not being encrypted by LinkedIn, although https is being used.

Not that wow imho, as it’s basically a man in the middle attack using a self-signed (thus forged) certificate (on which the browser will give you a notification). Quite sure lots of sites are “hackable” in this manner.

Published by Bramus!

Bramus is a frontend web developer from Belgium, working as a Chrome Developer Relations Engineer at Google. From the moment he discovered view-source at the age of 14 (way back in 1997), he fell in love with the web and has been tinkering with it ever since (more …)

Join the Conversation

1 Comment

  1. Reply

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.