If you're on LinkedIn, and you use a smart phone...

Wayne E Bouchard web at typo.org
Sat Oct 26 08:17:18 UTC 2013 

There's a reason I use an email alias if I sign up to places like
that and why I do not place much information on these sites...

There's a reason I maintain somewhere approaching 20 passwords in my
head too and why the password I use for accessing my own systems will
never be the password I use to access a system neither I nor my
employer control.

It's just common sense.

Remember, the greatest threat to your privacy and security is YOU! How
many of us go about detailing every aspect of our lives on facebook or
twitter or something and, if someone is of a mind to comb through it,
in the process self-disclose everything necessary for someone to
basically become us? The hackers/corporate scrapers don't even really
*HAVE* to try to thieve information anymore. We give it to them all
without them even asking!

-Wayne

On Sat, Oct 26, 2013 at 02:16:05AM -0400, Jason Hellenthal wrote:
> Well said
> 
> -- 
>  Jason Hellenthal
>  Voice: 95.30.17.6/616
>  JJH48-ARIN
> 
> On Oct 26, 2013, at 2:06, Jimmy Hess <mysidia at gmail.com> wrote:
> 
> On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc at gmail.com> wrote:
> 
> > Anyone who has access to logs for their email infrastructure ought
> > probably to check for authentications to user accounts from linkedin's
> > servers.
> > [snip]
> 
> Perhaps a prudent countermeasure would be to redirect all  POP,  IMAP,  and
> Webmail access to your corporate mail server from all of  LinkedIn's  IP
> space to a  "Honeypot"   that will simply  log   usernames/credentials
> attempted.
> 
> The list of valid credentials,  can then be used to  dispatch a warning to
> the offender,  and force a password change.
> 
> This could be a useful proactive countermeasure against the  UIT
> (Unintentional Insider Threat);  of employees  inappropriately   entering
>  corporate  e-mail credentials  into a known  third party service  with
> outside of organizational control.
> 
> Seeing as  Linkedin  almost certainly is not providing signed NDAs and
> privacy SLAs;   it seems reasonable that  most organizations who
> understand what is going on,  would not approve  of use of the service with
> their internal business email accounts.
> 
> 
> -- 
> -JH



---
Wayne Bouchard
web at typo.org
Network Dude
http://www.typo.org/~web/

More information about the NANOG mailing list