(Image source: LinkedIn)


 

BY EVAN THOMAS

 

 

LinkedIn’s new Intro service adds content from its business-centric social network right to your emails — but it comes at a cost.

 

LinkedIn debuted the service last week for iPhone, touting its interactive profile information as a way to more easily navigate business contacts you’re emailing with.

 

To add these features, though, LinkedIn has to pass those emails through its own servers and analyze them.

 

The practice has generated strong objections, both from users and the security community. Tripwire quotes security analysts who say Intro is probably stripping the encryption from messages to do its work.

 

“But that sounds like a man-in-the-middle attack! Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.”

 

A writer for Forbes explains further. Intro itself isn’t malicious, but by using it, you’re trusting LinkedIn’s security to keep your email safe. If attackers compromise LinkedIn, they could get to your data.

 

In a blog post Saturday, LinkedIn addressed these concerns, saying it hoped to clear up misconceptions.

 

The company says Intro’s using its own more-isolated network to minimize third-party access. External auditors and internal testers have tracked down and patched security holes, and messages are never stored on the servers in unencrypted form.

 

Some users aren’t convinced. LinkedIn’s precautions don’t change the fact that it’s collecting and scraping through user emails.

 

“No, @linkedin, we don’t have ‘misconceptions’ about your irresponsible app. We get it perfectly, hence the pushback.” (Via Twitter / @jacobian)

 

People do have reason to be skittish around LinkedIn — its security track record isn’t stellar. Last year hackers stole and decrypted more than 6 million passwords, and the company’s iPhone app was found to be vacuuming up calendar data without user permission. (Via CNBCThe Next Web)

 

For what it’s worth, Intro is an opt-in service. For the moment, it’s iOS-exclusive, where it will handle iCloud, Gmail, Yahoo and AOL mail accounts — if you trust the service with your data.

LinkedIn's Intro Worries Users, Security Experts

by Evan Thomas
0
Transcript
Oct 27, 2013

LinkedIn's Intro Worries Users, Security Experts

(Image source: LinkedIn)


 

BY EVAN THOMAS

 

 

LinkedIn’s new Intro service adds content from its business-centric social network right to your emails — but it comes at a cost.

 

LinkedIn debuted the service last week for iPhone, touting its interactive profile information as a way to more easily navigate business contacts you’re emailing with.

 

To add these features, though, LinkedIn has to pass those emails through its own servers and analyze them.

 

The practice has generated strong objections, both from users and the security community. Tripwire quotes security analysts who say Intro is probably stripping the encryption from messages to do its work.

 

“But that sounds like a man-in-the-middle attack! Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.”

 

A writer for Forbes explains further. Intro itself isn’t malicious, but by using it, you’re trusting LinkedIn’s security to keep your email safe. If attackers compromise LinkedIn, they could get to your data.

 

In a blog post Saturday, LinkedIn addressed these concerns, saying it hoped to clear up misconceptions.

 

The company says Intro’s using its own more-isolated network to minimize third-party access. External auditors and internal testers have tracked down and patched security holes, and messages are never stored on the servers in unencrypted form.

 

Some users aren’t convinced. LinkedIn’s precautions don’t change the fact that it’s collecting and scraping through user emails.

 

“No, @linkedin, we don’t have ‘misconceptions’ about your irresponsible app. We get it perfectly, hence the pushback.” (Via Twitter / @jacobian)

 

People do have reason to be skittish around LinkedIn — its security track record isn’t stellar. Last year hackers stole and decrypted more than 6 million passwords, and the company’s iPhone app was found to be vacuuming up calendar data without user permission. (Via CNBCThe Next Web)

 

For what it’s worth, Intro is an opt-in service. For the moment, it’s iOS-exclusive, where it will handle iCloud, Gmail, Yahoo and AOL mail accounts — if you trust the service with your data.

View More
Comments
Newsy
www2