RE: LinkedIn phishing?

Subject: RE: LinkedIn phishing?
From: "McLauchlan, Kevin" <Kevin -dot- McLauchlan -at- safenet-inc -dot- com>
To: Gene Kim-Eng <techwr -at- genek -dot- com>
Date: Thu, 7 Jun 2012 14:43:30 -0400

Well, from the little I've read, their security scheme was not well conceived or implemented.

I agree, there'll always be holes, but there's a difference between having an obscure error or oversight unearthed, and simply leaving the barn doors wide open.

All authentication and security parameters for services, like LinkedIn and the various services that Amazon provides, should be protected behind encryption, and each service compartmentalized from others. The database(s) should be encrypted. The individual records should be encrypted. When a record is needed, it should be decrypted only into short-term, volatile memory, used, then actively deleted the moment it's not needed. Ideally, the encrypt/decrypt sign/verify and validation operations should take place inside dedicated hardware security modules, and not in the same computers/servers that are providing the services.

Yes, my employer does make and sell HSMs and HSM servers. I'm currently writing and re-writing docs to address virtualized environments and cloud-ish-ness in general.

From: Gene Kim-Eng [mailto:techwr -at- genek -dot- com]
Sent: June-07-12 2:09 PM
To: McLauchlan, Kevin
Cc: William Gaffga; TECHWR-L Writing
Subject: Re: LinkedIn phishing?

Then you'll be waiting forever. Somebody will just open a new hole that nobody has thought of before.

Gene Kim-Eng

On Thu, Jun 7, 2012 at 10:11 AM, McLauchlan, Kevin <Kevin -dot- McLauchlan -at- safenet-inc -dot- com<mailto:Kevin -dot- McLauchlan -at- safenet-inc -dot- com>> wrote:
See, this is where procrastination can pay off.

I've been 'meaning to' start a LinkedIn account for
the past two or three years. Now I'll hold off just
a tad longer, until I get the all-clear, "LinkedIn
has tightened their security and closed all those holes"
from somebody I trust - notably, not LinkedIn and not

The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.

Create and publish documentation through multiple channels with Doc-To-Help. Choose your authoring formats and get any output you may need.

Try Doc-To-Help, now with MS SharePoint integration, free for 30-days.


You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit for more resources and info.

Looking for articles on Technical Communications? Head over to our online magazine at

Looking for the archived Techwr-l email discussions? Search our public email archives @

LinkedIn phishing?: From: Mark Giffin
Re: LinkedIn phishing?: From: William Gaffga
RE: LinkedIn phishing?: From: McLauchlan, Kevin
Re: LinkedIn phishing?: From: Gene Kim-Eng

Previous by Author: RE: LinkedIn phishing?
Next by Author: documenting in the cloud (was RE: Back on topic please
Previous by Thread: Re: LinkedIn phishing?
Next by Thread: Hot Spot Graphics?

What this post helpful? Share it with friends and colleagues:

Sponsored Ads