Technology News

latest updates from easySERVICE™

LinkedIn’s Intro feature to a man-in-the-middle attack, the company has hit back with claims saying it considered all the security implications before rolling it out.

spy

LinkedIn has responded to criticism over its new Intro product, stating that many things that have been said are “not correct or purely speculative”.

Last week, the company launched the service, which acts as a proxy service between a user and an email provider, intercepting emails in order to inject LinkedIn information for them.

The company’s senior manager for information security Cory Scott wrote on the company’s blog that the security team had challenged the idea internally in order to make sure it was implemented in a sound fashion.

This included bringing in an outside security firm, iSEC Partners, to audit every line of code written, ensuring that email does not persist on its servers, placing the proxy server in a separate network segment, and performing its own internal penetration tests.

Scott took particular issue with claims made by IT security firm Bishop Fox. After Intro was announced, Bishop Fox claimed that the installation of Intro changes users’ security profiles on their devices, and that such profiles could be used to “wipe your phone, install applications, delete applications, restrict functionality, and a whole heap of other things”.

Scott denied these claims, saying that its profile only adds an email account that communicates with its proxy server.

The post continued to fall back on its Pledge of Privacy (written specifically for Intro), and its existing privacy policy when tackling the issue of how data will be handled. The pledge in particular serves to allay user concerns over privacy, and describes why or how they should be able to trust the company.

Bishop Fox has made the recommendation not to introduce Intro into the work environment, and has banned it from its own devices. The company also believes that installing the feature would likely be a violation of any company policy that has a requirement for users not to share sensitive data with third parties.

LinkedIn is currently defending itself against a class-action lawsuit alleging that it breaks into the email accounts of members that upload their address books. It has denied claims that it hacks members’ accounts or accesses their emails without permission, and believes the lawsuit is without merit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: