Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Social Networks Communications Privacy Your Rights Online

LinkedIn's New Mobile App Called 'a Dream For Attackers' 122

Posted by timothy
from the throw-off-your-chains dept.
An anonymous reader writes with a link to the New York Times' summary of a security and privacy disaster that's been inspiring angry posts on various social networks, including LinkedIn itself: "Security researchers are calling LinkedIn's new mobile app, Intro, a dream come true for hackers or intelligence agencies... Intro redirects e-mail traffic to and from users' iPhones and iPads through LinkedIn's servers, then analyzes and scrapes those e-mails for relevant data and adds pertinent LinkedIn details... Researchers liken that redirection to a so-called man-in-the-middle attack in which hackers, or more recently, intelligence agencies, intercept Internet traffic en route to its destination and do what they will with it."
This discussion has been archived. No new comments can be posted.

LinkedIn's New Mobile App Called 'a Dream For Attackers'

Comments Filter:
  • by Anonymous Coward on Friday October 25, 2013 @07:08PM (#45241527)

    It amazes me that people still don't understand that social networks don't exist to provide services to users.... they exist to turn users into products that can be sold.

    They are going to keep getting more invasive as they figure out new ways to screw you over for a profit.

  • Re:Who cares. (Score:2, Insightful)

    by Anonymous Coward on Friday October 25, 2013 @07:12PM (#45241553)

    No even occasional sex with your manager ?

  • by icebike (68054) on Friday October 25, 2013 @07:49PM (#45241781)

    Pretty smug and self congratulatory.
    Everyone make sure you put Martin Kleppmann on your DO NOT HIRE list.

    I hope Apple steps up and kicks them out of the App Store.

  • by fuzzyfuzzyfungus (1223518) on Friday October 25, 2013 @08:04PM (#45241877) Journal
    It is admittedly a cute hack (presented in a smarmy tone); but the sheer tone-deafness and unwillingness or inability to recognize that you are proposing to subject potentially-hundreds-of-thousands of people's private information to your cute hack is sickening.

    That's what really gets me: If this were random geek giving a little chat about 'stupid IMAP regex tricks; the closest thing to greasemonkey for iOS mail!' and showing off an architecturally similar system for on-the-fly-rewrites of mail to add useful hooks to present features absent in the client, it'd be clever and endearing. But that isn't the game we are playing here. This is a slick, weaponized, weasel-worded-for-wide-deployment dangerous toy we are talking about here.

    Either he knows that, and just doesn't give a fuck (in which case he is somewhere beneath contempt and heading further down), or he's dangerously myopic to an almost unbelievable degree.
  • by markjhood2003 (779923) on Friday October 25, 2013 @08:30PM (#45242021)
    I'm not trying to troll here, but not being a Gmail user, I'm not sure how LinkedIn's scraping of email is any different than Google scraping it for advertising services. I understand that technically LinkedIn is acting as a proxy, and Google as an ISP, but how is the result any different?
  • by Hangtime (19526) on Friday October 25, 2013 @09:17PM (#45242231) Homepage

    I'm calling on Apple to kick 3rd party applications out of the ability to make a configuration like this. This appears to be a significant security threat to the iOS platform and should be treated as such. Applications should not be able to do this on their own and as we have seen with LinkedIn, it can lead to no good.

    For those sysadmins who would like to block this from occurring within their network or on their devices this was taken from Reddit. See the IMAP and SMTP configuration below and block it at the firewall.

    IMAP: imap.intro.linkedin.com
    SMTP: smtp.intro.linkedin.com
    From the Apple configuration profile:
    IncomingMailServerHostName imap.intro.linkedin.com IncomingMailServerPortNumber 143 .... OutgoingMailServerHostName smtp.intro.linkedin.com OutgoingMailServerPortNumber 587

  • by dcollins (135727) on Friday October 25, 2013 @09:58PM (#45242427) Homepage

    Nice link. Fascinating how they cream themselves for 2,000 words on the technical challenges they overcame to break into a system not meant for that, but only 3 short sentences that privacy is fine, they're serious, see this link. (At least until uproar made them add the italicized part at the end.) Very telling.

Heard that the next Space Shuttle is supposed to carry several Guernsey cows? It's gonna be the herd shot 'round the world.

Working...