Firewall Wizards mailing list archives
Re: Linked-in and its Phishing-like contacts option!
From: Magosányi Árpád <mag () magwas rulez org>
Date: Wed, 24 Apr 2013 20:40:51 +0200
On 04/23/2013 01:30 AM, Mathew Want wrote:
Hiya all. Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!
It's just plain bad luck. Not everyone uses outlook :) [...]
Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?
Indeed it is the corporate facebook. And it is a very good example to be used in a security awareness pamphlet. Nice opportunity to show the policy ("don't do that"), and the possible attack vectors associated with it (e.g. fake linkedin phising page). Providing your personal address book is a matter of trust between you and LinkedIn (I personally don't have that much in any online entity as a matter of principle). Providing the work one is a matter of trust between your employer and LinkedIn. Let's make the discussion relevant here: I guess this particular case could be yanked off with a simple url filter on the corporate firewall. Is there a public pattern database for these kind of URIs? I have failed to figure out from page source how the actual address book fetching works with a short look. I guess that would provide for smarter ways for blocking this kind of attacks. Any good ideas? _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Linked-in and its Phishing-like contacts option! Mathew Want (Apr 24)
- Re: Linked-in and its Phishing-like contacts option! Magosányi Árpád (Apr 25)
- Re: Linked-in and its Phishing-like contacts option! Bennett Todd (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Marcus Ranum (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Bennett Todd (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Bennett Todd (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Magosányi Árpád (Apr 25)
- Re: Linked-in and its Phishing-like contacts option! Michael D. Wood (Apr 25)
- Re: Linked-in and its Phishing-like contacts option! Gautier . Rich (Apr 25)
- Re: Linked-in and its Phishing-like contacts option! Paul D. Robertson (Apr 25)
- Re: Linked-in and its Phishing-like contacts option! Jim Seymour (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Bennett Todd (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Marcus Ranum (Apr 26)
- Re: Linked-in and its Phishing-like contacts option! Jim Seymour (Apr 26)