'Re: [JaxLUG] Peter Crafford/Rnd/Intralinks_NY is out of the office.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jaxlug-list
Subject:    Re: [JaxLUG] Peter Crafford/Rnd/Intralinks_NY is out of the office.
From:       Tim Holloway <timh () mousetech ! com>
Date:       2004-04-27 0:00:06
Message-ID: 408DA286.3020401 () mousetech ! com
[Download RAW message or body]

George Toft wrote:
> youknowwhere.com chastised me for posting on this forum using my
> personal e-mail account regarding a technical situation.
> youknowwhere.com's name was not even mentioned, however, the bread crumb
> trail went like this:
> JaxLUG posting mentioned technical problem at work posted by
> george@georgetoft.com --- browse to www.georgetoft.com --- look at
> resume which lists current employer --- make conclusion the
> youknowwhere.com has a problem with their web site.
> 
> Fortunately for me, the archives were down for a few weeks and they
> could not pursue it.  Since I was a new employee in the initial
> probation period, this negative incident would have lead to my
> dismissal.  I searched my archives (I have every e-mail sent/received
> since I built this computer) and I could find nothing incriminating.
> 
> In hindsight, I must agree with their Draconian efforts.  They take
> computer security far more seriously than certain other companies that I
> may or may not have worked for in the past or present, and they have far
> more to protect than most companies.

I would presume that also means you have to sit on the phone for hours 
hearing from the vendor's recording how important your call is rather 
than say, post a query on the JavaRanch.

My own experience is that the more constipated the security process, 
the more blatant the holes in it are. I managed to walk out of the data 
center for the then-7th largest bank in the nation (and THAT place was 
so bugged and booby-trapped that you were afraid to use the bathroom) 
with a reel of master tape under my arm. Even laid it down on the 
guard's deskt so I could have a hand free to sign out. There just seems 
to be some sort of basic characteristic of human nature that you get 
people micro-inspecting packages while the truck is stolen from the 
loading dock.

So it's with amused irony that I note your signature slogan:
                                           |
                                           |
                                           V
> 
> George Toft           +---------------------------------------------+
> CISSP, MSIS           | Kerckhoffs' Principle: If the cryptographic |
> CTO/Computer Security | algorithm must remain secret in order for   |
> AGD,LLC               | the system to be secure, then the system is |
> www.agdllc.com        | less secure.                                |
> 623-203-1760          +---------------------------------------------+
> 
> 
> "Joseph A. Winn" wrote:
> 
>>I won't try to reply in place of George Toft, but I think
>>firstname.lastname@weknowwhoyouare.com should only be used for
>>weknowwhoyouare business, and (maybe) 1 or 2 personal contacts.  For
>>everything else, its probably best to use your own email.  Plus, company
>>can't spy on your own email account.
>>
>>Whether or not employees should be penalized if their corporate email
>>address gets out I don't know.  Probably depends on case.
>>
>>Joe
>>
>>On Sun, 2004-04-25 at 07:19, Tim Holloway wrote:
>>
>>>George Toft wrote:
>>>
>>>>Ray wrote:
>>>>
>>>>
>>>>>What's even more interesting is what could be done with the information
>>>>>leakage...
>>>>>
>>>
>>>Let me gt this straight. This company - which, if I recall has an email
>>>address scheme based on firstname.lastnam@weknowwhoyouare.com
>>>*penalizes* employees if such an email address is found in a public
>>>forum????
>>>
>>>
>>>>
>>>>
>>>>I recently engaged in some data collection against a company, and in
>>>>under a couple hours found out what server software they ran, picked up
>>>>a few user ID's and server names/IP's from their internal LAN -- all
>>>>based on mailing list postings and e-mail headers.
>>>>
>>>>I also know for a fact that a certain health insurance company based in
>>>>Jax that I may or may not have worked for searches the Internet for
>>>>e-mail and newsgroup postings from their employees to counteract just
>>>>this problem.
>>
>>--
>>PGP public key posted http://winn.no-ip.org/joe/pgp.php
>>
>>  ------------------------------------------------------------------------
>>                       Name: signature.asc
>>   signature.asc       Type: application/pgp-signature
>>                Description: This is a digitally signed message part
> 
> _______________________________________________
> Jaxlug-list mailing list
> http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
> Send email to jaxlug-list-admin@jaxlug.org for any problems.

-- 
GPG public key:

http://www.mousetech.com/gpgkey-timh.txt

_______________________________________________
Jaxlug-list mailing list
http://mailman.jaxlug.org/mailman/listinfo/jaxlug-list
Send email to jaxlug-list-admin@jaxlug.org for any problems.
[prev in list] [next in list] [prev in thread] [next in thread] 