Remember that LinkedIn appears to be actually a bunch (a *BUNCH*) of product teams, trying to present all of their projects as a coherent system/interface. When you have a bunch of groups trying to work together on something complex - things can tend to get a little crazy.
A privacy and personal data policy imposed from the top down inside the company might help a *little*, but eventually things are going to develop further, and exceptions are going to slip out again. I think that bootstrapping their widget off of CSS and a hover element is very creative, from a technical point of view, but the things I can imagine doing with it after the fact are kind of creepy as hell. ;-) You could, potentially, re-invent all sorts of Outlook-HTML-preview exploit madness with this technique. --e On Fri, Oct 25, 2013 at 9:43 AM, Brandon Allbery <[email protected]> wrote: > On Fri, Oct 25, 2013 at 10:40 AM, M^2 <[email protected]> wrote: >> >> The blog links to a LinkedIn engineering blog with enough technical data >> that I don't see any contradictions between the two sides on what can be >> done and how. > > > And, between past demonstrations of lack of clue about security around > LinkedIn and that linked blog entry featuring someone reading about man in > the middle attacks *and seeing it as a feature*, it's *really* hard to trust > LinkedIn on this. > > -- > brandon s allbery kf8nh sine nomine associates > [email protected] [email protected] > unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
