If you're on LinkedIn, and you use a smart phone...
Jimmy Hess
mysidia at gmail.com
Sat Oct 26 06:06:51 UTC 2013
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc at gmail.com> wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers.
> [snip]
>
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
Webmail access to your corporate mail server from all of LinkedIn's IP
space to a "Honeypot" that will simply log usernames/credentials
attempted.
The list of valid credentials, can then be used to dispatch a warning to
the offender, and force a password change.
This could be a useful proactive countermeasure against the UIT
(Unintentional Insider Threat); of employees inappropriately entering
corporate e-mail credentials into a known third party service with
outside of organizational control.
Seeing as Linkedin almost certainly is not providing signed NDAs and
privacy SLAs; it seems reasonable that most organizations who
understand what is going on, would not approve of use of the service with
their internal business email accounts.
--
-JH
More information about the NANOG
mailing list