If you're on LinkedIn, and you use a smart phone...

Jimmy Hess mysidia at gmail.com
Sat Oct 26 06:06:51 UTC 2013


On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc at gmail.com> wrote:

> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers.
> [snip]
>

Perhaps a prudent countermeasure would be to redirect all  POP,  IMAP,  and
Webmail access to your corporate mail server from all of  LinkedIn's  IP
space to a  "Honeypot"   that will simply  log   usernames/credentials
attempted.

The list of valid credentials,  can then be used to  dispatch a warning to
the offender,  and force a password change.

This could be a useful proactive countermeasure against the  UIT
 (Unintentional Insider Threat);  of employees  inappropriately   entering
  corporate  e-mail credentials  into a known  third party service  with
 outside of organizational control.

Seeing as  Linkedin  almost certainly is not providing signed NDAs and
 privacy SLAs;   it seems reasonable that  most organizations who
understand what is going on,  would not approve  of use of the service with
their internal business email accounts.


-- 
-JH



More information about the NANOG mailing list