![]() I know they don’t like this term but if it walks like a duck and it quacks like a duck, well, you know. In the security world we invest serious resources to protect against this form of attack – LinkedIn is actually asking you to opt into it. Make no mistake, this is exactly what an MitM is it is entirely dependent on introducing a third party into the middle of the communication between two other parties. Apple in no way facilitates this feature and indeed it’s Apple’s security model which is sound enough that the only way LinkedIn can actually provide this feature is to mount a Man in the Middle attack (henceforth referred to as an MitM attack). Let’s start here because one of the big questions I’m hearing is “Why would Apple allow this?” There’s an easy answer to that – they don’t. ![]() Let’s disassemble the thing, take an objective look at how it works and engage in some healthy speculation about what it means for privacy. What I haven’t seen yet though is an analysis of how the service is put together and what it actually means for your mail and your privacy. Surely this is some secret NSA plot to infiltrate private communications on a level never previously seen?! In short, you’re handing control of your email over to LinkedIn and allowing them to read and modify the contents at will as you send and receive it. Others have outlined all the reasons why this makes about as much sense as tits on a bull, one of the more cohesive ones is LinkedIn ‘Intro’duces Insecurity which outlines 10 key reasons why they consider the approach to be pure insanity. You probably didn’t know this, but apparently you want a third party to access your email, pull some data out of it, manipulate the contents then send it on for you. The general consensus of people I’ve spoken to is that it’s fundamentally stupid and about the worst thing you could consider doing with your privacy. ![]() LinkedIn Intro has already become known by many names: A dream for attackers, A nightmare for email security and privacy and A spectacularly bad idea to mention but a few. Update: : Sanity has prevailed and the service has now been pulled. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |