password to access an account, LinkedIn's system creates a cookie "LEO_AUTH_TOKEN" on the user's computer that serves as a key to gain access to the account. Lots of websites use such cookies, but what makes the LinkedIn cookie unusual is that it does not expire for a full year from the date it is created, Narang said. He detailed the vulnerability in a posting on his blog at www.wtfuzz.com on Saturday. Most commercial websites would typically design their access token cookies to expire in 24 hours, or even earlier if a user were to first log off the account, Narang said. There are some exceptions: Banking sites often log users off after 5 or 10 minutes of inactivity. Google gives its users the option of using cookies that keep them logged on for several weeks, but it lets the user decide first. The long life of the LinkedIn cookie means that anybody who gets hold of that file can load it on to a PC and easily gain access to the original user's account for as much as a year. The company issued a statement saying that it already takes steps to secure the accounts of its customers. "LinkedIn takes the privacy and security of our members seriously," the statement said. "Whether you are on LinkedIn or any other site, it's always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible." The company said that it currently supports SSL, or secure sockets layer, technology for encrypting certain "sensitive" data, including account logins. But those access token cookies are not yet scrambled with SSL. That makes it possible for hackers to steal the cookies using widely available tools for sniffing Internet trAlthough most investigators and credit card fraud teams focus on minimizing cybercrime and identity theft activities launched through spam attacks, the California teams discovered a network of businesses that developed complex fulfillment systems to prevent chargebacks and to encourage repeat business.Under this model, a team of spammers could make more money over time selling many of the same goods to repeat customers than by simply selling credit card account details to fraud rings. Out of 56 completed transactions during the study, only seven of the team's orders failed to arrive.Though top rated credit cards already offer significant consumer protection, few customers feel compelled to file transaction disputes after packages arrive from fulfillment centers in India, China, and even the United States.Visa, MasterCard could team up to block spam fundingEfforts by the technical community to block consumers' access to potentially fraudulent websites have often been thwarted by a combination of hacker attacks and customer frustration. The researchers suggest that American credit card issuers could help curb the growth of spam-sending botnets by choking off the supply of cash to merchants on a "financial blacklist."The team suggested that a partnership between credit card platform providers like Visa and MasterCard could eliminate many spammers' financial incentives, just as a similar enforcement action closed off most Americans' access to illegal online gambling operation