RE: Hotmail policy

From: Robert Woods (robert.woods@percepta-crm.com)
Date: 09/26/01


From: "Robert Woods" <robert.woods@percepta-crm.com>
To: <security-basics@securityfocus.com>
Subject: RE: Hotmail policy
Date: Wed, 26 Sep 2001 17:25:07 -0400
Message-ID: <000e01c146d1$b7a2e620$6565a8c0@fordcac.ca>


  We have a security policy in place to block any web-based e-mail for the
folowing reasons:

1. 'To' and 'From' field often in HTML format, allowing the potential
execution of Javascript code just by going to the Inbox.

2. Web mail is often a means of moving confidential documentation from a
valid internal source to "other".

3. Web mail used to move documents from office to home for valid reasons
(continuing work at home), but that document can be tainted with a virus at
that home office, or someone sharing that ISP can sniff the contents of that
file if they are that malicious.

Robert

-----Original Message-----
From: Security [mailto:security@csirt.ws]
Sent: Tuesday, September 25, 2001 7:42 AM
To: security-basics@securityfocus.com
Subject: Hotmail policy

Good morning all,

Question: Does anyone have a policy for the use of Hotmail or Yahoo? Iíve
called many different organizations, but no one seems to have one. Iím
interested in developing an internal policy for users.

Can anyone help!

CSIRT.WS

_____________________________________________________________
CSIRT.WS (Computer Security Incident Response Team - World Site)