LinkedIn's Own CSS Abused For Clickjacking Attacks

An anonymous reader writes: LinkedIn has fixed a security bug that allowed attackers to use its own CSS code for clickjacking attacks. Basically attackers can create blog posts and load CSS classes from LinkedIn's own stylesheets. If a reader lands on that blog post, then a malicious link can be shown for the entire area of the page. Not something "unique" since this type of method is quite well-known, but you don't generally expect to find these kind of attacks on LinkedIn's own platform. (Here's a link to the LinkedIn security blog. Sorry for not linking to the particular blog — LinkedIn has a weird URL policy. It's the first one.)

Lol, "security"? Never heard of her?

[JustAnotherOldGuy]

"...a link to the LinkedIn security blog"

Oh The Irony, it's sooooooooo delicious.

Forgive me if I decline to click on a link that's on the very site that the security vulnerability story is about. I was born at night, but not last night.