Re: a basic lesson in security
From: Andy Cuff [Talisker] (lists_at_securitywizardry.com)
Date: 10/28/03
- Previous message: David: "RE: Personal Firewall for Business use"
- In reply to: Paul O'Malley: "a basic lesson in security"
- Next in thread: Ivan Hernandez: "Re: a basic lesson in security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul O'Malley" <ompaul@eircom.net>, <security-basics@securityfocus.com> Date: Tue, 28 Oct 2003 18:39:02 -0000
Paul,
This indeed is an age old problem that won't go away, the suggestion you
make is appropriate and should be encouraged amongst all members of the
list.
My personal pet hate is information leakage within the posts themselves. I
remember a post to a public list for a particular firewall vendor some years
ago. Not only did the guy identify exactly which model of firewall but also
the exact operating system, worst of all was his US Army address and
telephone number, a quick search on his email header identified the Fort to
which he was assigned and worst of all a quick Google search on his
telephone number produced his entire organisational chart including names,
phone numbers and email addresses. Social Engineering prey for any foreign
intelligence service. I was so impressed, I made a PowerPoint presentation
about it to highlight the dangers of information leakage.
take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Paul O'Malley" <ompaul@eircom.net>
To: <security-basics@securityfocus.com>
Sent: Monday, October 27, 2003 7:32 PM
Subject: a basic lesson in security
> Hiya,
>
> Problem information disclosure.
> Method auto responders.
>
> Issue telling me (and who knows who else) you are out of the office and
> being giving enough information to do social engineering.
>
> I am amazed at the amount of people who have set auto responders to this
> mailing list - bad form folks unless you are all running honey pot
> organisations (or sub organisations).
>
> I suggest that if you have a piece of software that you set it to cause
> the minimum of messages (i.e. internal only) if you must mail externally
> you put the organisation at risk.
>
> Should you have you a policy to help with dealing with caller
> verification?
>
> Solution:
> Have a second mail address that you use for list based material.
> (Now that was hard was it not?)
>
> Cheers have a good week folks.
>
> Paul O'Malley
>
>
>
>
> --------------------------------------------------------------------------
-
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services security
to
> simplify the management and deployment of PGP and reduce overall PGP costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
- Previous message: David: "RE: Personal Firewall for Business use"
- In reply to: Paul O'Malley: "a basic lesson in security"
- Next in thread: Ivan Hernandez: "Re: a basic lesson in security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
