On further reflection:
It occurs to me that if a lone researcher conducted such an intrusion
against the security and privacy of email (and its contents) (and
its users), possible outcomes might include a raid by heavily-armed
authorities, confiscation of anything that even looks like an
Jimmy Hess wrote:
[...]
This may be easier than you think, if remote account access is
allowed
only using Web-based mail, and company managed mobile devices.
Whitelist the cell carrier's mobile network, using ActiveSync.
An IMAP connection attempt from anywhere is immediately suspect.
- Original Message -
From: Jimmy Hess mysi...@gmail.com
This could be a useful proactive countermeasure against the UIT
(Unintentional Insider Threat); of employees inappropriately entering
corporate e-mail credentials into a known third party service with
outside of organizational
It's opt-in in that if you bother to read the 240,405 pager of the
agreement when you install the 'upgrade' software, then you have in fact
opted in .. so legally (IANAL) you have opted in. BS!
Gary B
Gary Baribault
Courriel: g...@baribault.net
GPG Key: 0x685430d1
Fingerprint: 9E4D 1B7C CB9F
On Sun, Oct 27, 2013 at 1:19 PM, Jay Ashworth j...@baylink.com wrote:
Alas, it can't. Using it against LI would work, cause you have a hope of
knowing what address space their proxies are in.
LI's behavior is unique. LI is probably the only one you need to detect.
You can't do that
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley hartl...@gmail.com wrote:
Anyone who has access to logs for their email infrastructure ought
probably to check for authentications to user accounts from linkedin's
servers.
[snip]
Perhaps a prudent countermeasure would be to redirect all POP,
Well said
--
Jason Hellenthal
Voice: 95.30.17.6/616
JJH48-ARIN
On Oct 26, 2013, at 2:06, Jimmy Hess mysi...@gmail.com wrote:
On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley hartl...@gmail.com wrote:
Anyone who has access to logs for their email infrastructure ought
probably to check for
When a user signs up for a social media account they generally do so by
providing an email address like vic...@freewebmailsite.com and selecting a
password. The social media site can obviously probe freewebmailsite.com and
attempt to authenticate using the same password that you just provided
There's a reason I use an email alias if I sign up to places like
that and why I do not place much information on these sites...
There's a reason I maintain somewhere approaching 20 passwords in my
head too and why the password I use for accessing my own systems will
never be the password I use
(My apologies to those of you who are also on the mailop list and
have already seen these remarks.)
This isn't particularly surprising: LinkedIn are spammers. Have been
since forever. They hit real addresses, fake addresses, mailing lists,
spamtraps, never-existed addresses, everything.
And
I had to answer the question of Why is LinkedIn asking for my GMail
account information to one of my parents recently. Oh it is so they
can access your information and use it It is how some random guys
I play tennis with in a league keep popping up as people I should add,
since they likely
Chris Hartley wrote:
Anyone who has access to logs for their email infrastructure ought
probably to check for authentications to user accounts from linkedin's
servers. Likely, people in your organization are entering their
credentials into linkedin to add to their contact list. Is it a
problem
The other difference is that Google tells you up front, LinkedIn
installed this out of the bleue without any real permissions. Of course
if this where an opt in thing, nobody would be opting in! Well, I never
did install their app and most certainly never will, and am telling all
of my friends
On Sat, Oct 26, 2013 at 7:46 PM, Gary Baribault g...@baribault.net wrote:
The other difference is that Google tells you up front, LinkedIn
installed this out of the bleue without any real permissions. Of course
if this where an opt in thing, nobody would be opting in! Well, I never
did
Scott Howard wrote:
Have you actually confirmed it's NOT opt-in? The screenshots on the
Linked-in engineering blog referenced earlier certainly make it look like
it is.
http://engineering.linkedin.com/sites/default/files/intro_installer_0.png
Of course, you could argue there's a difference
On 26. okt. 2013 08:06, Jimmy Hess wrote:
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and
Webmail access to your corporate mail server from all of LinkedIn's IP
space to a Honeypot that will simply log usernames/credentials
attempted.
The list of valid
I don't see that happening. I have heard of a couple companies sending out
emails saying installing it violates company IT policies and I'm sure those
using MDM will create policies to disable it.
It's one of those things which should probably just fade into history quietly.
Maybe
I hate to do this, but it's something that anyone managing email
servers (or just using a smart phone to update LI) needs to know
about. I just saw this on another list I'm on, and I know that there
are folks on NANOG that are on LinkedIn.
++
Well, this concerned me at first, but then I read the description of how
it's done
(http://engineering.linkedin.com/mobile/linkedin-intro-doing-impossible-ios):
We understand that operating an email proxy server carries great
responsibility.
We respect the fact that your email may
Also...
I got some sand in the desert for sale... act now I even throw in some
alligators
This is a limited time offer too...
Operators are standing by...
Ruff, Ruff...!
Network IPdog
Ephesians 4:32Cheers!!!
A password is like a... toothbrush ;^)
Choose a good one, change it
Here is the view from your new homesite
Aaron D. Osgood
Streamline Solutions L.L.C
P.O. Box 6115
Falmouth, ME 04105
TEL: 207-781-5561
MOBILE: 207-831-5829
ICQ: 206889374
GVoice: 207.518.8455
GTalk: aaron.osgood
aosg...@streamline-solutions.net
http://www.streamline-solutions.net
next thing you know, Google is going to be offering free email so they
can do the same thing.
On Fri, 25 Oct 2013 08:45:40 -0700
Shrdlu shr...@deaddrop.org wrote:
I hate to do this, but it's something that anyone managing email
servers (or just using a smart phone to update LI) needs to know
I saw some antectdotal stuff on this yesterday but reading their
engineering blog entry makes me feel all warm and fuzzy inside. Oh
nevermind, that's just the alcohol. This is perhaps one of the worst
ideas I've seen concocted by a social media company yet.
-Phil
On 10/25/13, 6:56 PM, George
Adding Zaid Ali Khan for feedback.
On Fri, Oct 25, 2013 at 10:45 AM, Shrdlu shr...@deaddrop.org wrote:
I hate to do this, but it's something that anyone managing email
servers (or just using a smart phone to update LI) needs to know
about. I just saw this on another list I'm on, and I know
On Fri, 25 Oct 2013 22:56:48 -, George Bakos said:
next thing you know, Google is going to be offering free email so they
can do the same thing.
The difference is that Google only does it to your @gmail.com address. It
doesn't snarf up all your outbound gba...@alpinista.org mail too.
And then of course there was this:
http://www.informationweek.com/social-business/social_networking_consumer/linkedin-responds-to-email-grabbing-suit/240161630
Linkedin denies the allegations, but I'm convinced there's something to
them. I was receiving a steady stream of linkedin invites on
Anyone who has access to logs for their email infrastructure ought
probably to check for authentications to user accounts from linkedin's
servers. Likely, people in your organization are entering their
credentials into linkedin to add to their contact list. Is it a
problem if a social media
27 matches
Mail list logo
