RE: Hotmail policy

From: Robert Woods (robert.woods@percepta-crm.com)
Date: 09/26/01


From: "Robert Woods" <robert.woods@percepta-crm.com>
To: <security-basics@securityfocus.com>
Subject: RE: Hotmail policy
Date: Wed, 26 Sep 2001 17:25:07 -0400
Message-ID: <000e01c146d1$b7a2e620$6565a8c0@fordcac.ca>


  We have a security policy in place to block any web-based e-mail for the
folowing reasons:

1. 'To' and 'From' field often in HTML format, allowing the potential
execution of Javascript code just by going to the Inbox.

2. Web mail is often a means of moving confidential documentation from a
valid internal source to "other".

3. Web mail used to move documents from office to home for valid reasons
(continuing work at home), but that document can be tainted with a virus at
that home office, or someone sharing that ISP can sniff the contents of that
file if they are that malicious.

Robert

-----Original Message-----
From: Security [mailto:security@csirt.ws]
Sent: Tuesday, September 25, 2001 7:42 AM
To: security-basics@securityfocus.com
Subject: Hotmail policy

Good morning all,

Question: Does anyone have a policy for the use of Hotmail or Yahoo? Iíve
called many different organizations, but no one seems to have one. Iím
interested in developing an internal policy for users.

Can anyone help!

CSIRT.WS

_____________________________________________________________
CSIRT.WS (Computer Security Incident Response Team - World Site)



Relevant Pages

  • RE: Hotmail policy
    ... Subject: Hotmail policy ... Such a policy we most likely be a part of an organization's Acceptable Use ... document would be a people and process component of security, ... technology component would be to actually "block" access using some security ...
    (Security-Basics)
  • Hotmail policy
    ... Subject: Hotmail policy ... Does anyone have a policy for the use of Hotmail or Yahoo? ... Iím interested in developing an internal policy for users. ...
    (Security-Basics)
  • Re: Id like to get rid of pulseaudio but ...
    ... The policy you're proposing (and incidentally, also the Debian policy) is ... Requiring good documentation makes sense (though it's hard to ...
    (Fedora)
  • Project Folder Not Secure
    ... I have this rather thorny problem that is really giving me a headache. ... company's policy is that all work must be created in a network share folder ... I have followed the documentation for overcoming this, ... you add the URL and click on "Next" I get a message saying "Invalid URL". ...
    (microsoft.public.dotnet.security)
  • WSE 2.0 with X509 Certs
    ... Can someone explain or point me in the direction of some documentation for ... manually configuring X509 Token elements in the policy file of a WSE2.0 app? ... I wanted to retrieve an X509 Cert and from which Store to retrieve it. ... Certificate Serial Number to go after a Cert in the My CertStore. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)