Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - LinkedIn Defends Intro App, But Researcher Uses it for Phishing

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "LinkedIn stood up for its new Intro app for iOS by providing some high-level transparency into how it handles communication between devices and its network, and took time to call initial criticism of the app inaccurate and speculative.

In the meantime, one security researcher posted details online of how he was able to spoof the profile information LinkedIn drops into the iOS Mail app and the relative ease with which this facilitates a phishing attack.

None of that, however, deterred security researcher Jordan Wright, a security engineer at CoNetrix, from managing to spoof Intro profile information inserted into a Mail client message.

Wright posted some details on his blog. He started by intercepting the security profile sent to an Apple device that installs the new email account acting as a proxy that sits between LinkedIn’s IMAP and SMTP servers. From the profile, he was able to recover the username and password used to log into LinkedIn’s services. Using that information, he was able to see the content LinkedIn’s IMAP proxy injects into an email and ultimately hide the existing Intro data in favor of spoofed data he injected into the message."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

LinkedIn Defends Intro App, But Researcher Uses it for Phishing

Comments Filter:

Take your work seriously but never take yourself seriously; and do not take what happens either to yourself or your work seriously. -- Booth Tarkington