Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Linked-in and its Phishing-like contacts option!
From: Bruce Platt <bruce () ei3 com>
Date: Fri, 26 Apr 2013 07:41:19 -0400

I have a love/hate relationship with these as well.  I was only tempted
down this perfidious path a few years ago when a set of my Grandchildren
asked me to get a Facebook account so we could interact that way as they
live on the other coast from me.  I started disliking it within five
minutes when a former employer sent me a request to "friend" him.  Then it
became an issue of who can I not be "friends" with among my contemporaries.

Same with Linked-In, same with Twitter.

Up to this point I'm just addressing the personal inconvenience aspect of
it, which is why I chose Crispan's post to which to reply.

But, the larger issue is really the risk of exposing all sorts of personal
/  corporate information in a variety of unwitting ways.  This is the part
I hate.  We've had many discussions about the risks of allowing people to
use social media web sites from work.  It's a losing battle.  Entering
one's email password is just one, and Linked-In is not the only villain.  I
just made some flight reservations yesterday.  The airline website offered
to add the reservation to my Calendar.  Not let me download a .cal file,
but to directly insert it into my calendar.  Uh, no.  Not today.

But, this now get's added to our list of worst practices and meet's Paul's
criteria of being part of overall operational security.  I'm honestly not
sure how we could block this stuff in a web-proxy, or be alerted by an IDS
rule short of just blocking the sites.  (Maybe this will start more
discussion.  How would one try this?)

Mix these with BYOD, and it makes a daunting task indeed.


Bruce B. Platt, Ph.D.
V.P. Research
ei3 Corporation
136 Summit Avenue
Montvale, NJ 07645
Phone: +1-201-802-9080 ext. 404
Facsimile: +1-201-802-9099

On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin () crispincowan com>wrote:

I boycott all social media. I’m not opposed to social networking, but I am
opposed to some dot.com monetizing my relationships; I do all my social
networking via open protocols like e-mail, and having a beer with a friend

I broke this rule once, joining LinkedIn 5 years ago, because I needed a
job. LinkedIn was a total failure at getting a job, but attending ToorCon
and having a beer with someone I met there worked. I deleted my LinkedIn
account when I got tired of the “Foo wants to connect with you” spam. I’m
*still* getting LinkedIn spam.

Screw social networking web sites. I don’t have a FaceBook page or a
Twitter account, and never will.

Funny, I never envisioned myself as Clint Eastwood yelling at kids to get
off my lawn, but here I am 😊

Sent from Windows Mail

*From:* Gautier . Rich
*Sent:* ‎Thursday‎, ‎April‎ ‎25‎, ‎2013 ‎9‎:‎28‎ ‎PM
*To:* Firewall Wizards Security Mailing List

Thoughts? I’m wondering why User Operational Security falls under the
realm of Firewall Wizards..  Other than that, I’d say – They’re not alone
by any stretch of the imagination, and plenty of users seem to be perfectly
willing to accept the risk (or be unaware of it).  However, not much you
can do on the firewall side other than turning off webmail access...

*Richard Gautier, CISSP*

Enterprise Architect, Federal Group

[image: drc-logo]

650 Massachusetts Avenue NW

Suite 510

Washington, DC 20001

Office: (571) 226-8828  *|*  Cell: (703) 231-2156

rgautier () drc com  *|** * www.drc.com

*From:* firewall-wizards-bounces () listserv icsalabs com [mailto:
firewall-wizards-bounces () listserv icsalabs com] *On Behalf Of *Mathew Want
*Sent:* Monday, April 22, 2013 7:30 PM
*To:* Firewall Wizards Security Mailing List
*Subject:* [fw-wiz] Linked-in and its Phishing-like contacts option!

Hiya all.

Has anyone else noticed the option to see who else they know is connected
on Linked-in? Have you noticed that if you click on the outlook button it
asks you for your WORK EMAIL PASSWORD!!!!!

Bloody hell! It's not like the job of getting users to not submit this
information to other sites isn't already hard enough without this!!! The
"can't put brains in pumpkins " department must be having a field day over

Am I the only one that think this is a touch negligent on the part of
Linked-in? Or should I just accept that it is corporate facebook, accepts
that they have the dame moral fibre and move on?

Maybe I am expecting too much? Thoughts?



"Some things are eternal by nature,
others by consequence"
 This electronic message transmission and any attachments that accompany
it contain information from DRC® (Dynamics Research Corporation) or its
subsidiaries, or the intended recipient, which is privileged, proprietary,
business confidential, or otherwise protected from disclosure and is the
exclusive property of DRC and/or the intended recipient. The information in
this email is solely intended for the use of the individual or entity that
is the intended recipient. If you are not the intended recipient, any use,
dissemination, distribution, retention, or copying of this communication,
attachments, or substance is prohibited. If you have received this
electronic transmission in error, please immediately reply to the author
via email that you received the message by mistake and also promptly and
permanently delete this message and all copies of this email and any
attachments. We thank you for your assistance and apologize for any

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]