Security « IT Security Geeks

Sophos Partnership

We’ve been quiet for a while and that’s because we’re working hard on ways to improve the services that we offer and the ways that we help to identify and mitigate our clients’ threats and risks.

We’re proud to announce that IT Security Geeks is now a Sophos Silver Partner.
Effectively this means that we can now sell and recommend Sophos products to our clients.

Okay, but why Sophos? You may be wondering…

We do a lot of product testing here at ITSG and the Sophos Synchronised Security approach works really well and we feel that our clients can benefit immensely from this new partnership.

We will be writing additional blog posts surrounding our Sophos partnership and some of the exciting products/solutions that Sophos has to offer.

If you have any questions, please feel free to drop us a line.

Filed under: ITSG,News,Partners— Tags: ,

LinkedIn vulnerability.

We have tried to contact LinkedIn via two mediums, their social media service and twitter. We have as yet received no response regarding our communications. We have subsequently decided that we ought to alert people to this.

On the morning of 07/06/2012 an I.T. Security geeks team member changed his LinkedIn password.

The changes were implemented via a web browser.

Several hours later the user received an app store notification of a LinkedIn app update for an IOS device; and proceeded with the  update to LinkedIn version 5.0.3 dated 06/06/12.

User was however still able to view and functionally use the LinkedIn app despite not being authenticated with the new password on his mobile device.

It appears that when passwords are changed on site, the revocation of access and subsequent re-authentication of all previously authenticated devices in the user’s access matrix does not occur.


To test the theory again, user logged back into LinkedIn via web browser, changed his password and then used the IOS device in question to post a test status to his own profile and to send a message to a connection.

Despite 2 password changes, the IOS device still maintains its active session and allowed full compromise to the users account.


This poses a high risk to users.


Personal Data may be compromised.

Users cannot effectively revoke access to their profiles by changing passwords in the event of their devices being lost or stolen. If you have in the past attempted to lock out unauthorised user access on a lost or stolen device by changing your password, please be aware that this does not seem to work. Try to contact LinkedIn to assist. Our best possible advice is to uninstall the LinkedIn IOS application until further notice.