If you're on LinkedIn, and you use a smart phone...
Jason Hellenthal
jhellenthal at dataix.net
Sat Oct 26 06:16:05 UTC 2013
Well said
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
On Oct 26, 2013, at 2:06, Jimmy Hess <mysidia at gmail.com> wrote:
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc at gmail.com> wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers.
> [snip]
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
Webmail access to your corporate mail server from all of LinkedIn's IP
space to a "Honeypot" that will simply log usernames/credentials
attempted.
The list of valid credentials, can then be used to dispatch a warning to
the offender, and force a password change.
This could be a useful proactive countermeasure against the UIT
(Unintentional Insider Threat); of employees inappropriately entering
corporate e-mail credentials into a known third party service with
outside of organizational control.
Seeing as Linkedin almost certainly is not providing signed NDAs and
privacy SLAs; it seems reasonable that most organizations who
understand what is going on, would not approve of use of the service with
their internal business email accounts.
--
-JH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6118 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131026/67756384/attachment.bin>
More information about the NANOG
mailing list