For many professionals, LinkedIn plays an important role in their ability to network and market themselves to others, but the primary business tool of choice for just about everyone is still email. Realizing this, LinkedIn has created an app (currently only for iOS) that puts a lot more LinkedIn into your email. The app, dubbed “Intro”, is designed to provide you LinkedIn profile information (if it exists) of your recipients while you are writing your email, as well as automatically inserting an “Intro” banner that includes your profile information into every email you send. It’s this latter function that has security analysts up in arms, because in order for Intro to do its thing, it requires the user to switch their email server from the provider to LinkedIn’s own mail servers, which in turn authenticate on the user’s behalf while inserting the Intro snippet into each email as it makes its way through LinkedIn’s service. You read that right: every email you send using Intro goes through LinkedIn’s servers as well.
What this means for you:
For decades now, hackers have used a similar technology process to compromise security systems: the “Man in the Middle” attack basically tricks a computer into sending information to an alternate destination, which then forwards on the information to the intended destination, all the while pretending to be the original sender, with neither endpoint being the wiser. In this manner, the “man” in question is able to collect any information passing between the two points, including passwords and other sensitive information. Obviously, LinkedIn’s Intro app is purposefully inserted into the middle of a user’s email by the user himself, but the principle remains the same, and, at minimum, complicates security. Think of it as an email “love triangle.”
On top of this concern, security analysts have already figured out a way to spoof the information Intro inserts into your emails, essentially “weaponizing” Intro’s banner to carry any sort of payload the hacker would like, including links to hijacked websites. Imagine if you sent your client an email with a compromised LinkedIn Intro banner that led to them getting infected and their information destroyed by a virus. For now, I’d recommend sticking to inserting your own signatures into your email (which can include a link to your LinkedIn profile) and waiting a few months to see if LinkedIn has worked out all the security concerns in their new app.
Microsoft is (re)launching Outlook.com and consolidating its various “free” email service domains under the Outlook.com brand in an effort to regain the former glory it once held with Hotmail.com which has since fallen to a distant third behind Google’s Gmail and Yahoo Mail. Microsoft estimates it will be spending anywhere from $30 to $90 million in marketing in all the major media over the next 3 months on a combination of attack ads aimed at Gmail users as well as informational campaigns they hope will help persuade users to switch (back, in many cases) to Microsoft.
What this means for you:
If you already have a Hotmail.com or MSN.com email address and you haven’t already converted over, you’ll be migrated over to Outlook.com gradually as Microsoft consolidates the services under the new brand. If you are considering switching (or opening another webmail account), the only feature Outlook.com is offering that differs from the competition is Contacts stored in your online address book will automatically update information based upon information available on social media platforms like Facebook, Twitter and LinkedIn. Gmail does this with G+ but you have to resort to third-party extensions and services to mine the other social media sites for this information. Beyond this feature, Outlook.com is mostly playing catch-up to Gmail, though their marketing dollars may steal some of Yahoo’s marketshare despite the company’s revamp of its webmail service a little over a year ago.