Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Social Networks Communications Privacy Your Rights Online

LinkedIn's New Mobile App Called 'a Dream For Attackers' 122

Posted by timothy from the throw-off-your-chains dept.
An anonymous reader writes with a link to the New York Times' summary of a security and privacy disaster that's been inspiring angry posts on various social networks, including LinkedIn itself: "Security researchers are calling LinkedIn's new mobile app, Intro, a dream come true for hackers or intelligence agencies... Intro redirects e-mail traffic to and from users' iPhones and iPads through LinkedIn's servers, then analyzes and scrapes those e-mails for relevant data and adds pertinent LinkedIn details... Researchers liken that redirection to a so-called man-in-the-middle attack in which hackers, or more recently, intelligence agencies, intercept Internet traffic en route to its destination and do what they will with it."
This discussion has been archived. No new comments can be posted.

LinkedIn's New Mobile App Called 'a Dream For Attackers' More

LinkedIn's New Mobile App Called 'a Dream For Attackers'

Comments Filter:

  • Re:Much too easy for this to happen (Score:2, Interesting)

    by Anonymous Coward on Friday October 25, 2013 @08:22PM (#45241625)

    Let me give you some friendly advice.

    1) Root it
    2) Install AFwall
    3) Configure AFwall to block most traffic

  • They dump your address book, so I'm not surprised (Score:5, Interesting)

    by Anonymous Coward on Friday October 25, 2013 @08:52PM (#45241805)

    The only thing I'm not surprised about is that this company hasn't been sued or hacked into the oblivion.

    I have a private email address. Only friends and family know about it. I don't use it to sign up for anything on the internet, I have other addresses for that. This particular address is the one I give out to people who might need to pull down a direct line of communication to me, wherever I am on the planet, assuming I have cellular and data connectivity. I also know precisely who has this address, and they are well aware that they're not to give it out to other people without my consent.

    One day I started getting spam from these LinkedIn assholes. The kind of spam that never stops, and just keeps badgering you to reply to it or click some stupid fucking button. If you want to "unsubscribe" from their awesome service, you have to go to a fucking website and enter in your email address. What the hell?

    Anyways, the person who's account started badgering me to confirm I know them... Never actually gave my email address to LinkedIn. He knew how much I despise modern day social networking and I trust him when he says he would never sign me up for something without my prior permission (why he would ever have a reason to sign me up for anything was beyond the both of us). Yet, there I was- getting spam from LinkedIn irregardless, with no way to stop it except to go to their idiot website and enter in my friggin' email address.

    The only conclusion that we could come to was that they leeched it from his phone or laptop *somehow*, because those were the only two places where my super private email address were being held. We later found out that a lot of other people on those address books started getting LinkedIn spam as well, so somehow, LinkedIn basically dumped his entire address book without his permission and started spamming everyone on it.

    As far as I'm concerned, LinkedIn can fuck off and go rot in hell. I told myself the next time they spammed me I'd start mailing C&D letters, because I'm sick and tired of having to unsubscribe from their bullshit pestering service every 3 months that I clearly did not sign up for (and if their EULA somehow makes it OK for them to spam me because my friend clicked OK, well, I'd be more then happy to take these fuckers to court over that).

  • Re:Who cares. (Score:5, Interesting)

    by Wycliffe ( 116160 ) on Friday October 25, 2013 @09:53PM (#45242101) Homepage

    Exactly. Nobody I know ever uses it for anything *but* that.

    Especially in certain parts of the IT industry. Keeping track of the ridiculous number of people you work with is impossible. Having a nice list - even if it spams your inbox with recruitment crap while you're not actively seeking employment opportunities - is a damned handy thing to have if you find yourself in a position to actually need to look for a job.

    I'm not for sure why any employer or anyone else trusts or cares about linkedin especially in the IT field.
    Most of the people on my linkedin profile who have vouched for my computer knowledge know nothing about
    computers. They've said I'm an expert at java, php, and any other language that linkedin suggests even
    if I know absolutely nothing about said language. To them it's all the same and it makes my linkedin profile
    utterly useless as I'm ranked higher in languages I don't know than I am in languages I actually do.

  • Makes it easier to scene IT candidates (Score:2, Interesting)

    by Anonymous Coward on Friday October 25, 2013 @10:22PM (#45242253)

    Anyone with the linked in app.. REJECTED. Your too fucking stupid to be in IT.

Slashdot Top Deals

BLISS is ignorance.

Close