Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Made any new friends lately? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Made any new friends lately?


Earlier this week, we were testing the security aspects of an application that integrates with LinkedIn. Given that I do not own a LinkedIn account, I had to create one temporarily, to be able to test. I used a throw-away email address, and did not add any personal data, but I happened to connect to LinkedIn from the business where we were performing the work.

When I connected back, two days later, from home, to delete the temporary account, I was surprised that LinkedIn suggested "people you could know". And lo and behold, I actually knew some of them. They were employees of the company where we had conducted the test.

The only conceivable link, as far as we could determine, is the IP address. Those other users, company employees, might have logged in to LinkedIn before from at work, and this seems to be a data point that LinkedIn remembers, and uses, in determining "connections" between members.

Nothing much wrong with that - LinkedIn is mostly transparent in their declaration of what data mining they do, the privacy policy clearly states "We collect information from the devices and networks that you use to access LinkedIn. This information helps us improve and secure our Services".  Of course the IP address is a data point that is visible to them, and it makes $$$ sense to store and use it. But, call me na├»ve, seeing it used so blatantly still caught me by surprise.

Lesson learned: If you create a LinkedIn account, don't do so from the public WiFi at the pub or brothel or bank branch that you frequent -- you might end up with friend suggestions that link you to unsavory characters ;).

Daniel

367 Posts
ISC Handler
This happened to someone I know when they set up their "chained-in" user account... If you want to have some fun, try using the Onion I did, nobody likes me. (I still snore at night over the news) :o

I guess I will go without the >500 connections.. boo-hoo!
ICI2Eye

52 Posts
I'm sure there are services that will report whether an an IP is a public hotspot, and hopefully LinkedIn makes use of something like this so it doesn't try to form lots of spurious links. There's no reason to believe that everyone who frequents the same Starbucks are colleagues.
Barmar

8 Posts

Sign Up for Free or Log In to start participating in the conversation!