Some bloggers have hailed it as a smart play by LinkedIn to get more mobile action and to get users to stop thinking of the service as a static Web site they go to every couple of years to update their employment status. But security researchers have taken issue with the way the app works. Intro redirects e-mail traffic to and from users’ iPhones and iPads through LinkedIn’s servers, then analyzes and scrapes those e-mails for relevant data and adds pertinent LinkedIn details. Researchers liken that redirection to a so-called man-in-the-middle attack in which hackers, or more recently, intelligence agencies, intercept Internet traffic en route to its destination and do what they will with it. Iranian hackers used that tactic to intercept dissidents’ Gmail accounts in 2011, by hacking into DigiNotar, a Dutch certificate authority. The National Security Agency is accused of using man-in-the-middle attack tactics to snoop on Google traffic, according to recent revelations by Edward Snowden. Security researchers say LinkedIn essentially does the same thing in the name of a new mobile feature. ” ‘But that sounds like a man-in-the-middle attack!” I hear you cry,’ ” Bishop Fox, a security consulting group wrote in a blog post. “Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.”
Posted on: Mon, 28 Oct 2013 16:48:59 +0000
Trending Topics
Recently Viewed Topics
© 2015