Well said -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN
On Oct 26, 2013, at 2:06, Jimmy Hess <[email protected]> wrote: On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <[email protected]> wrote: > Anyone who has access to logs for their email infrastructure ought > probably to check for authentications to user accounts from linkedin's > servers. > [snip] Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and Webmail access to your corporate mail server from all of LinkedIn's IP space to a "Honeypot" that will simply log usernames/credentials attempted. The list of valid credentials, can then be used to dispatch a warning to the offender, and force a password change. This could be a useful proactive countermeasure against the UIT (Unintentional Insider Threat); of employees inappropriately entering corporate e-mail credentials into a known third party service with outside of organizational control. Seeing as Linkedin almost certainly is not providing signed NDAs and privacy SLAs; it seems reasonable that most organizations who understand what is going on, would not approve of use of the service with their internal business email accounts. -- -JH
smime.p7s
Description: S/MIME cryptographic signature
