[166510] in North American Network Operators' Group
Re: If you're on LinkedIn, and you use a smart phone...
daemon@ATHENA.MIT.EDU (Phil Bedard)
Sat Oct 26 21:43:05 2013
In-Reply-To: <526C4024.4010409@tomt.net>
From: Phil Bedard <bedard.phil@gmail.com>
Date: Sat, 26 Oct 2013 21:42:52 -0400
To: Andre Tomt <andre-nanog@tomt.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I don't see that happening. I have heard of a couple companies sending out e=
mails saying installing it violates company IT policies and I'm sure those u=
sing MDM will create policies to disable it. =20
It's one of those things which should probably just fade into history quietl=
y. Maybe LinkedIn should petition Apple to find a way to integrate the inf=
o. Windows Phone for instance already internally does exactly what Intro do=
es without scraping emails. =20
Phil
> On Oct 26, 2013, at 6:20 PM, Andre Tomt <andre-nanog@tomt.net> wrote:
>=20
>> On 26. okt. 2013 08:06, Jimmy Hess wrote:
>> Perhaps a prudent countermeasure would be to redirect all POP, IMAP, a=
nd
>> Webmail access to your corporate mail server from all of LinkedIn's IP
>> space to a "Honeypot" that will simply log usernames/credentials
>> attempted.
>>=20
>> The list of valid credentials, can then be used to dispatch a warning t=
o
>> the offender, and force a password change.
>>=20
>> This could be a useful proactive countermeasure against the UIT
>> (Unintentional Insider Threat); of employees inappropriately enterin=
g
>> corporate e-mail credentials into a known third party service with
>> outside of organizational control.
>>=20
>> Seeing as Linkedin almost certainly is not providing signed NDAs and
>> privacy SLAs; it seems reasonable that most organizations who
>> understand what is going on, would not approve of use of the service wi=
th
>> their internal business email accounts.
>=20
> Depends on linkedin beeing nice, but could this be an idea? In addition to=
the proposed network level controls of course. At least users could get a i=
nformative response rather than just some dumb error / "it doesnt work" if y=
ou block Intro.
>=20
> http://feedback.intro.linkedin.com/forums/227301-linkedin-intro-feedback/s=
uggestions/4801236-some-way-to-block-intro-per-domain
>=20
> Votes maybe?
>=20
> I considered proposing making it opt-in on the domain level, but that wont=
fly for them I'm sure.
>=20
