On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley <hartleyc@gmail.com> wrote:
Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. [snip]
Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and Webmail access to your corporate mail server from all of LinkedIn's IP space to a "Honeypot" that will simply log usernames/credentials attempted. The list of valid credentials, can then be used to dispatch a warning to the offender, and force a password change. This could be a useful proactive countermeasure against the UIT (Unintentional Insider Threat); of employees inappropriately entering corporate e-mail credentials into a known third party service with outside of organizational control. Seeing as Linkedin almost certainly is not providing signed NDAs and privacy SLAs; it seems reasonable that most organizations who understand what is going on, would not approve of use of the service with their internal business email accounts. -- -JH