Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is your corporation going to fire the users who use this? If not, why not? They are aiding and abetting an outside attacker.


No, in the same way we don't fire people for getting viruses on their computer. Without a reason to believe the action was intentionally designed to cause harm to the business, like cstrat said, education is the best way to handle it. It would be hard to prove malicious intent in a case like this. LinkedIn would be attacking us, the user would just be an attack vector. It's akin to getting phished.


I agree, and I think the major email providers should block it. Maybe Google can just cut off their API access and stop using LinkedIn for recruiting. That ought to get their attention.


Given that a lot of users are technically unaware of what they are doing, it would be akin to firing someone for falling for one of those pop ups that offers to do a free virus scan. If you are a pharmaceutical sales rep and you read that LI blog post, you probably think it is perfectly safe...

I would think the responsibility falls back onto IT to educate users - and to block connections from LI to the mail server.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: