Showing posts with label CSIS Security Group. Show all posts
Showing posts with label CSIS Security Group. Show all posts

Wednesday, April 23, 2008

Freelance Security probes on LinkedIn - Rickrolled?

I got this email today . . . from CSIS Security Group [kas@csis.dk]





Dear LinkedIn user: Meet Mr. John Smith!

You have a profile on LinkedIn.com and you have chosen to connect with "John Smith". This itself is not a problem, if it wasn't for the fact, that John Smith doesn't really exist (in real life). The profile was invented as part of a security experiment in pitfalls of Social Networks to determine and illustrate potential risks using Social networks, such as LinkedIn. The presentation was just released on the Fraud Europe conference in Bruxelles today.


We decided not to release any detailed information about who and how John Smith got connected with in his network. However, we felt obligated to inform all Linkin accounts hooked up with John Smith about this piece of research and the release of the final edition of "Social Networking Risk - Who Do You Want to be Today?".

With the paper being released we will delete the "John Smith" profile!

If you've not already guessed it, you're receiving this e-mail because you are linked with john Smith. We hope this will be a leason learned and nothing else ...

All data harvested during the past year, will be deleted. We will also inform LinkedIn and asking them to remove the profile.

You can download the presentation given at Fraud Europe conference at the following URL:
http://www.csis.dk/dk/media/LinkedIn-Threats.pdf

The technical paper, used as background for this presentation and released in January 2008, can be downloaded here:
http://www.csis.dk/dk/media/LinkedIn-V2.pdf

Best regards,

Dennis Rand, Security- and Malware researcher CSIS Security Group http://www.csis.dk

---
CSIS Security Group
www.csis.dk


A Google search for "LinkedIn CSIS Security Group" found Martin Lynge Hansen at http://www.linkedin.com/in/lynge . . . maybe I should Rickroll him? I flagged him and linked to this post.

linkedin.john@gmail.com LinkedIn Profile: http://www.linkedin.com/in/linkjohnsmith

what do you think?

UPDATE: I posted it on my blog, and flagged the profile to linkedin as misrepresentation -- it's gone now, go figure.

Thanks LinkedIn, but with over 3,000 connections how many got the email and how many flagged the profile?

I found one other who posted this, see Uncommon Sense Security.

More on a search for linkedin.john@gmail.com:

http://www.linkedseo.com/list.php
http://www.meta-guide.com/malta/cse12.asp

Posted by Unknown at 3:30 PM 1 comments

Labels: , , , , , , , ,

Subscribe to: Posts (Atom)