On further reflection:
It occurs to me that if a lone researcher conducted such an intrusion
against the security and privacy of email (and its contents) (and
its users), possible outcomes might include a raid by heavily-armed
authorities, confiscation of anything that even looks like an electron
Jimmy Hess wrote:
[...]
> This may be easier than you think, if remote account access is
allowed
> only using Web-based mail, and company managed mobile devices.
> Whitelist the cell carrier's mobile network, using ActiveSync.
>
> An IMAP connection attempt from anywhere is immediately suspec
On Sun, Oct 27, 2013 at 1:19 PM, Jay Ashworth wrote:
>
> Alas, it can't. Using it against LI would work, cause you have a hope of
> knowing what address space their proxies are in.
>
LI's behavior is unique. LI is probably the only one you need to detect.
> You can't do that generically, unl
It's opt-in in that if you bother to read the 240,405 pager of the
agreement when you install the 'upgrade' software, then you have in fact
opted in .. so legally (IANAL) you have opted in. BS!
Gary B
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Fingerprint: 9E4D 1B7C CB9F 9239
- Original Message -
> From: "Jimmy Hess"
> This could be a useful proactive countermeasure against the UIT
> (Unintentional Insider Threat); of employees inappropriately entering
> corporate e-mail credentials into a known third party service with
> outside of organizational control.
Al
I don't see that happening. I have heard of a couple companies sending out
emails saying installing it violates company IT policies and I'm sure those
using MDM will create policies to disable it.
It's one of those things which should probably just fade into history quietly.
Maybe LinkedIn
On 26. okt. 2013 08:06, Jimmy Hess wrote:
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
Webmail access to your corporate mail server from all of LinkedIn's IP
space to a "Honeypot" that will simply log usernames/credentials
attempted.
The list of valid crede
Scott Howard wrote:
Have you actually confirmed it's NOT opt-in? The screenshots on the
Linked-in engineering blog referenced earlier certainly make it look like
it is.
http://engineering.linkedin.com/sites/default/files/intro_installer_0.png
Of course, you could argue there's a difference be
On Sat, Oct 26, 2013 at 7:46 PM, Gary Baribault wrote:
> The other difference is that Google tells you up front, LinkedIn
> installed this out of the bleue without any real permissions. Of course
> if this where an opt in thing, nobody would be opting in! Well, I never
> did install their app and
The other difference is that Google tells you up front, LinkedIn
installed this out of the bleue without any real permissions. Of course
if this where an opt in thing, nobody would be opting in! Well, I never
did install their app and most certainly never will, and am telling all
of my friends abou
Chris Hartley wrote:
Anyone who has access to logs for their email infrastructure ought
probably to check for authentications to user accounts from linkedin's
servers. Likely, people in your organization are entering their
credentials into linkedin to add to their contact list. Is it a
problem
d,
since they likely succumbed to that prompt. Another practice of theirs
I do not like.
Phil From: Laszlo Hanyecz
Sent: 10/26/2013 1:44
To: Chris Hartley
Cc: Phil Bedard; Nanog
Subject: Re: If you're on LinkedIn, and you use a smart phone...
When a user signs up for a social media accoun
(My apologies to those of you who are also on the mailop list and
have already seen these remarks.)
This isn't particularly surprising: LinkedIn are spammers. Have been
since forever. They hit real addresses, fake addresses, mailing lists,
spamtraps, never-existed addresses, everything.
And li
There's a reason I use an email alias if I sign up to places like
that and why I do not place much information on these sites...
There's a reason I maintain somewhere approaching 20 passwords in my
head too and why the password I use for accessing my own systems will
never be the password I use to
When a user signs up for a social media account they generally do so by
providing an email address like vic...@freewebmailsite.com and selecting a
password. The social media site can obviously probe freewebmailsite.com and
attempt to authenticate using the same password that you just provided t
Well said
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
On Oct 26, 2013, at 2:06, Jimmy Hess wrote:
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts fr
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley wrote:
> Anyone who has access to logs for their email infrastructure ought
> probably to check for authentications to user accounts from linkedin's
> servers.
> [snip]
>
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
We
Anyone who has access to logs for their email infrastructure ought
probably to check for authentications to user accounts from linkedin's
servers. Likely, people in your organization are entering their
credentials into linkedin to add to their contact list. Is it a
problem if a social media compa
And then of course there was this:
http://www.informationweek.com/social-business/social_networking_consumer/linkedin-responds-to-email-grabbing-suit/240161630
Linkedin denies the allegations, but I'm convinced there's something to
them. I was receiving a steady stream of linkedin invites on beha
On Fri, 25 Oct 2013 22:56:48 -, George Bakos said:
> next thing you know, Google is going to be offering free email so they
> can do the same thing.
The difference is that Google only does it to your @gmail.com address. It
doesn't snarf up all your outbound gba...@alpinista.org mail too.
p
Adding Zaid Ali Khan for feedback.
On Fri, Oct 25, 2013 at 10:45 AM, Shrdlu wrote:
> I hate to do this, but it's something that anyone managing email
> servers (or just using a smart phone to update LI) needs to know
> about. I just saw this on another list I'm on, and I know that there
> are f
I saw some antectdotal stuff on this yesterday but reading their
engineering blog entry makes me feel all warm and fuzzy inside. Oh
nevermind, that's just the alcohol. This is perhaps one of the worst
ideas I've seen concocted by a social media company yet.
-Phil
On 10/25/13, 6:56 PM, "George
next thing you know, Google is going to be offering free email so they
can do the same thing.
On Fri, 25 Oct 2013 08:45:40 -0700
Shrdlu wrote:
> I hate to do this, but it's something that anyone managing email
> servers (or just using a smart phone to update LI) needs to know
> about. I just sa
utions.net
Introducing Efficiency to Business since 1986.
-Original Message-
From: Network IPdog [mailto:network.ip...@gmail.com]
Sent: Friday, October 25, 2013 1:00 PM
To: 'Jim Shankland'; nanog@nanog.org
Subject: RE: If you're on LinkedIn, and you use a smart phone...
Als
e it regularly and don't share it.
-Original Message-
From: Jim Shankland [mailto:na...@shankland.org]
Sent: Friday, October 25, 2013 9:46 AM
To: nanog@nanog.org
Subject: Re: If you're on LinkedIn, and you use a smart phone...
Well, this concerned me at first, but then I read the desc
Well, this concerned me at first, but then I read the description of how
it's done
(http://engineering.linkedin.com/mobile/linkedin-intro-doing-impossible-ios):
We understand that operating an email proxy server carries great
responsibility.
We respect the fact that your email may cont
26 matches
Mail list logo
