I think that both the thread on OOO replies and the Digital Impact one are
now closed. I knew they would both drift off-topic, but decided to allow
them because the initial discussion did have to do with security.
On a side note, I'm surprised that nobody mentioned the social engineering
side-effect of OOO replies. Some of the ones I get when I post to the
list have detailed information on who to contact while the person is away,
including office phone #'s, cell #'s, pager #'s and so on. Some even go
so far as to say where the person is going to be while they're away.
Never underestimate information disclosure. I once had a poster to this
list ask me to remove a post they had made from the list archive. Seems
the pen-testers their company hired used info from the post to compromise
the network...
Cheers,
Marc Fossi
Symantec Corp.
www.symantec.com
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
now closed. I knew they would both drift off-topic, but decided to allow
them because the initial discussion did have to do with security.
On a side note, I'm surprised that nobody mentioned the social engineering
side-effect of OOO replies. Some of the ones I get when I post to the
list have detailed information on who to contact while the person is away,
including office phone #'s, cell #'s, pager #'s and so on. Some even go
so far as to say where the person is going to be while they're away.
Never underestimate information disclosure. I once had a poster to this
list ask me to remove a post they had made from the list archive. Seems
the pen-testers their company hired used info from the post to compromise
the network...
Cheers,
Marc Fossi
Symantec Corp.
www.symantec.com
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
[ reply ]