Penetration Testing mailing list archives
Re: Risk of Redirecting Email.
From: JoePete <joepete () joepete com>
Date: Fri, 03 Apr 2009 23:01:55 -0400
On Tue, 2009-03-31 at 17:54 +0200, M.D.Mufambisi wrote:
I have seen on some clients of mine, that when an employee leaves the organisation, they request IT to redirect their emails to a particular email address....personal. What are the risks of this? I can only think of company information being directed to this individual....which could be bad if he/she has gone to work for a competitor.
Before worrying about the technical issues here, these clients have much larger fish to fry. There should be some sort of policy detailing email, expectations, treatment of company information, non-compete agreements, etc.
From a pen-test standpoint, what data might be emailed to these
individuals regarding password reset, support information (e.g. server down time, network changes, etc.)? As an organization you can control how people access your mail server and how that data might be stored. You lose that control once it goes to some other mail server. -- JoePete ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- Risk of Redirecting Email. M.D.Mufambisi (Apr 03)
- Re: Risk of Redirecting Email. Dotzero (Apr 03)
- Re: Risk of Redirecting Email. David Schekaiban (Apr 03)
- Re: Risk of Redirecting Email. Joshua Gimer (Apr 03)
- Re: Risk of Redirecting Email. dgonzalez (Apr 04)
- Re: Risk of Redirecting Email. Barry Archer (Apr 07)
- Re: Risk of Redirecting Email. dgonzalez (Apr 04)
- Re: Risk of Redirecting Email. Todd Haverkos (Apr 03)
- Re: Risk of Redirecting Email. JoePete (Apr 04)