[166501] in North American Network Operators' Group
Re: If you're on LinkedIn, and you use a smart phone...
daemon@ATHENA.MIT.EDU (Laszlo Hanyecz)
Sat Oct 26 02:46:39 2013
From: Laszlo Hanyecz <laszlo@heliacal.net>
In-Reply-To: <CAPnfr8+d0xjsG3scq1zeSD10ks0KfGgW17ZSsSXfO5ysjeW-Sw@mail.gmail.com>
Date: Sat, 26 Oct 2013 05:44:33 +0000
To: Chris Hartley <hartleyc@gmail.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
When a user signs up for a social media account they generally do so by =
providing an email address like victim@freewebmailsite.com and selecting =
a password. The social media site can obviously probe =
freewebmailsite.com and attempt to authenticate using the same password =
that you just provided to them (for the purpose of logging into their =
social media site). I guess offering an email proxy or asking if it's =
ok to worm through your email for contacts is merely a formality. How =
many social media users do you guess would use the same password on the =
social media site as they would for freewebmailsite.com (and likely =
their employer's organization's email)? It's kind of like when google =
asks their users with android phones to provide their mobile phone =
number for SMS password recovery.
Laszlo
On Oct 25, 2013, at 11:43 PM, Chris Hartley <hartleyc@gmail.com> wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers. Likely, people in your organization are entering their
> credentials into linkedin to add to their contact list. Is it a
> problem if a social media company has your users' credentials? I
> guess it depends on your definition of "is." The same advice might
> apply to this perversion of trust as well, but I'm not sure how
> linkedin is achieving this "feat."
>=20
> On Fri, Oct 25, 2013 at 7:25 PM, Phil Bedard <bedard.phil@gmail.com> =
wrote:
>> I saw some antectdotal stuff on this yesterday but reading their
>> engineering blog entry makes me feel all warm and fuzzy inside. Oh
>> nevermind, that's just the alcohol. This is perhaps one of the worst
>> ideas I've seen concocted by a social media company yet.
>>=20
>>=20
>> -Phil
>>=20
>> On 10/25/13, 6:56 PM, "George Bakos" <gbakos@alpinista.org> wrote:
>>=20
>>> next thing you know, Google is going to be offering free email so =
they
>>> can do the same thing.
>>>=20
>>> On Fri, 25 Oct 2013 08:45:40 -0700
>>> Shrdlu <shrdlu@deaddrop.org> wrote:
>>>=20
>>>> I hate to do this, but it's something that anyone managing email
>>>> servers (or just using a smart phone to update LI) needs to know
>>>> about. I just saw this on another list I'm on, and I know that =
there
>>>> are folks on NANOG that are on LinkedIn.
>>>>=20
>>>> ++++++++++
>>>> http://www.bishopfox.com/blog/2013/10/linkedin-intro/
>>>>=20
>>>> LinkedIn released a new product today called Intro. They call it
>>>> ___doing the impossible___, but some might call it ___hijacking
>>>> email___.
>>>> Why do we say this? Consider the following:
>>>>=20
>>>> Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all =
of
>>>> your emails go through LinkedIn___s servers. You read that right. =
Once
>>>> you install the Intro app, all of your emails, both sent and =
received,
>>>> are transmitted via LinkedIn___s servers. LinkedIn is forcing all =
your
>>>> IMAP and SMTP data through their own servers and then analyzing and
>>>> scraping your emails for data pertaining to___whatever they feel =
like.
>>>>=20
>>>> ++++++++++
>>>>=20
>>>> Read the full article. If you're using LI via your smart phone, and
>>>> you have already installed this app, you probably need to save off
>>>> your contacts and data, and wipe the phone. I wouldn't trust
>>>> uninstalling as enough, myself. In the long run, I'll be deleting =
my
>>>> account.
>>>>=20
>>>> No, I don't use a smart phone to update any social media. No, I
>>>> especially do not trust LI (never have, never will). BTW, they're
>>>> currently adding back any contacts you've deleted. Thanks for
>>>> reminding me that Joe Barr, Len Sassaman, and Jay D Dyson are gone
>>>> from this world.
>>>>=20
>>>> --
>>>> Life may not be the party we hoped for, but while we are here,
>>>> we might as well dance.
>>>>=20
>>>>=20
>>>=20
>>>=20
>>> --
>>>=20
>>=20
>>=20
>>=20
>=20
