[166502] in North American Network Operators' Group
Re: If you're on LinkedIn, and you use a smart phone...
daemon@ATHENA.MIT.EDU (Wayne E Bouchard)
Sat Oct 26 04:17:53 2013
Date: Sat, 26 Oct 2013 01:17:18 -0700
From: Wayne E Bouchard <web@typo.org>
To: Jason Hellenthal <jhellenthal@dataix.net>
In-Reply-To: <DC311BD1-6258-4856-8660-022A58A17342@dataix.net>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There's a reason I use an email alias if I sign up to places like
that and why I do not place much information on these sites...
There's a reason I maintain somewhere approaching 20 passwords in my
head too and why the password I use for accessing my own systems will
never be the password I use to access a system neither I nor my
employer control.
It's just common sense.
Remember, the greatest threat to your privacy and security is YOU! How
many of us go about detailing every aspect of our lives on facebook or
twitter or something and, if someone is of a mind to comb through it,
in the process self-disclose everything necessary for someone to
basically become us? The hackers/corporate scrapers don't even really
*HAVE* to try to thieve information anymore. We give it to them all
without them even asking!
-Wayne
On Sat, Oct 26, 2013 at 02:16:05AM -0400, Jason Hellenthal wrote:
> Well said
>
> --
> Jason Hellenthal
> Voice: 95.30.17.6/616
> JJH48-ARIN
>
> On Oct 26, 2013, at 2:06, Jimmy Hess <mysidia@gmail.com> wrote:
>
> On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc@gmail.com> wrote:
>
> > Anyone who has access to logs for their email infrastructure ought
> > probably to check for authentications to user accounts from linkedin's
> > servers.
> > [snip]
>
> Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
> Webmail access to your corporate mail server from all of LinkedIn's IP
> space to a "Honeypot" that will simply log usernames/credentials
> attempted.
>
> The list of valid credentials, can then be used to dispatch a warning to
> the offender, and force a password change.
>
> This could be a useful proactive countermeasure against the UIT
> (Unintentional Insider Threat); of employees inappropriately entering
> corporate e-mail credentials into a known third party service with
> outside of organizational control.
>
> Seeing as Linkedin almost certainly is not providing signed NDAs and
> privacy SLAs; it seems reasonable that most organizations who
> understand what is going on, would not approve of use of the service with
> their internal business email accounts.
>
>
> --
> -JH
---
Wayne Bouchard
web@typo.org
Network Dude
http://www.typo.org/~web/
