category

LinkedIn Intro is dangerous. Don’t use it.

Credit: owasp.org

Credit: owasp.org

LinkedIn, which has a history of being lax on security, has just introduced a hideously insecure, intrusive new service called Intro. It routes iOS email, both incoming and outgoing, through their servers, reads all your email and even adds messages to it. All this is ostensibly done to add LinkedIn info into your iOS email.

“But that sounds like a man-in-the-middle attack!” I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.

Among other things, Intro probably blows up attorney-client privilege, breaks email security, stores all your email on its servers, changes your iOS device security profile, probably violates most company’s security policies, and has a weasel-worded privacy policy.

If I were the NSA…

…and I hear everyone’s mobile phones were routing their emails through LinkedIn…well I know where I’m having my next birthday party.

Comments are closed.

Powered by WordPress. Designed by WooThemes