Security Incidents mailing list archives
Re: Administrivia: Good mailing list social graces.
From: Leif Ericksen <leife () dls net>
Date: Fri, 18 Mar 2005 12:59:14 -0600
Clap, Clap, Clap... I see two main issues with the auto responders letting people know that the recipient is away on vacation or out at a conference while subscribed to the list. This can be used as a form of social engineering, or worse. As stated, it can give alternate contacts or points of access into your company. Yes the flood of emails is bothersome and I just delete them. However, when I get some that are written in a language other than English I have to look at it carefully and decide if it is spam or not. Another point to consider is how good is the security system at your home? Yes I said your home. If you name is in a phone directory or some other directory what is the likely hood that you could be targeted for a burglary? I will admit that saying somebody might use the list to determine whose home to go and burglarize, but being security concise requires a certain level of paranoia. Bottom line it only takes a few moments to un-subscribe/subscribe to the list so if your auto responder does not allow you to ignore the list, you should remove yourself from the list. That is just my thoughts on the matter. Now where are my burglary and lets see how my auto responses I get that are close enough to make it worth while! J/K but I hope that it makes a point. -- Leif Ericksen On Thu, 2005-03-17 at 10:06 -0700, Daniel Hanson wrote:
I've posted some guidelines like this before, apparently I have to do it again. Leaving auto-responders on mailing list messages is not good social behaviour. One or two auto-responses may not seem to be a huge problem, but when a contributor to the list receives a mass of auto-response messages, it dissuades the person from posting in the future. We have over 10,000 subscribers, if 1% of them have auto-responders, that is 100 messages, Do you like receiving 100 unsolicited messages in a 10 minute period in the middle of your work day? Perhaps someone seeking assistance or advice won't be dissuaded by this flood of email, but the people who reply and try to help (we have some frequent contributors that do this an awful lot, thank you to all of you), are a lot less motivated to put up with this. Yet again, someone forwarded me an auto-reply that resulted because some lazy site administrator decided to send all security mailing list traffic to a a customer care email address that auto-replies to EVERY POST ALL THE TIME. As I have done before, and will continue to do, I will unsubscribe addresses that do this. People on this list should be interested in making the Internet a safer and more useable place, auto-replies because you are too lazy to turn them off for mailing lists is not the way to do this. As an aside, for all you corporate security administrators who seem to use your vacation messages when you go away to conferences... If I were interested to find the lazy administrators, and target the most lucrative companies. I would pick a conference like blackhat or CanSecWest, send an email to the list, and see who's away at the conference, and who "concerns" should be addressed to while that person is away. D
-- Leif Ericksen <leife () dls net>
Current thread:
- Administrivia: Good mailing list social graces. Daniel Hanson (Mar 17)
- Re: Administrivia: Good mailing list social graces. Leif Ericksen (Mar 18)