[prev in list] [next in list] [prev in thread] [next in thread]
List: jaxlug-list
Subject: Re: [JaxLUG] Peter Crafford/Rnd/Intralinks_NY is out of the office.
From: Tim Holloway <timh () mousetech ! com>
Date: 2004-04-27 0:00:06
Message-ID: 408DA286.3020401 () mousetech ! com
[Download RAW message or body]
George Toft wrote:
> youknowwhere.com chastised me for posting on this forum using my
> personal e-mail account regarding a technical situation.
> youknowwhere.com's name was not even mentioned, however, the bread crumb
> trail went like this:
> JaxLUG posting mentioned technical problem at work posted by
> george@georgetoft.com --- browse to www.georgetoft.com --- look at
> resume which lists current employer --- make conclusion the
> youknowwhere.com has a problem with their web site.
>
> Fortunately for me, the archives were down for a few weeks and they
> could not pursue it. Since I was a new employee in the initial
> probation period, this negative incident would have lead to my
> dismissal. I searched my archives (I have every e-mail sent/received
> since I built this computer) and I could find nothing incriminating.
>
> In hindsight, I must agree with their Draconian efforts. They take
> computer security far more seriously than certain other companies that I
> may or may not have worked for in the past or present, and they have far
> more to protect than most companies.
I would presume that also means you have to sit on the phone for hours
hearing from the vendor's recording how important your call is rather
than say, post a query on the JavaRanch.
My own experience is that the more constipated the security process,
the more blatant the holes in it are. I managed to walk out of the data
center for the then-7th largest bank in the nation (and THAT place was
so bugged and booby-trapped that you were afraid to use the bathroom)
with a reel of master tape under my arm. Even laid it down on the
guard's deskt so I could have a hand free to sign out. There just seems
to be some sort of basic characteristic of human nature that you get
people micro-inspecting packages while the truck is stolen from the
loading dock.
So it's with amused irony that I note your signature slogan:
|
|
V
>
> George Toft +---------------------------------------------+
> CISSP, MSIS | Kerckhoffs' Principle: If the cryptographic |
> CTO/Computer Security | algorithm must remain secret in order for |
> AGD,LLC | the system to be secure, then the system is |
> www.agdllc.com | less secure. |
> 623-203-1760 +---------------------------------------------+
>
>
> "Joseph A. Winn" wrote:
>
>>I won't try to reply in place of George Toft, but I think
>>firstname.lastname@weknowwhoyouare.com should only be used for
>>weknowwhoyouare business, and (maybe) 1 or 2 personal contacts. For
>>everything else, its probably best to use your own email. Plus, company
>>can't spy on your own email account.
>>
>>Whether or not employees should be penalized if their corporate email
>>address gets out I don't know. Probably depends on case.
>>
>>Joe
>>
>>On Sun, 2004-04-25 at 07:19, Tim Holloway wrote:
>>
>>>George Toft wrote:
>>>
>>>>Ray wrote:
>>>>
>>>>
>>>>>What's even more interesting is what could be done with the information
>>>>>leakage...
>>>>>
>>>
>>>Let me gt this straight. This company - which, if I recall has an email
>>>address scheme based on firstname.lastnam@weknowwhoyouare.com
>>>*penalizes* employees if such an email address is found in a public
>>>forum????
>>>
>>>
>>>>
>>>>
>>>>I recently engaged in some data collection against a company, and in
>>>>under a couple hours found out what server software they ran, picked up
>>>>a few user ID's and server names/IP's from their internal LAN -- all
>>>>based on mailing list postings and e-mail headers.
>>>>
>>>>I also know for a fact that a certain health insurance company based in
>>>>Jax that I may or may not have worked for searches the Internet for
>>>>e-mail and newsgroup postings from their employees to counteract just
>>>>this problem.
>>
>>--
>>PGP public key posted http://winn.no-ip.org/joe/pgp.php
>>
>> ------------------------------------------------------------------------
>> Name: signature.asc
>> signature.asc Type: application/pgp-signature
>> Description: This is a digitally signed message part
>
> _______________________________________________
> Jaxlug-list mailing list
> http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
> Send email to jaxlug-list-admin@jaxlug.org for any problems.
--
GPG public key:
http://www.mousetech.com/gpgkey-timh.txt
_______________________________________________
Jaxlug-list mailing list
http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
Send email to jaxlug-list-admin@jaxlug.org for any problems.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic