Technica Forensis wrote:
[corrected for top-posting-itis]
<<snip>>
---------- Forwarded message ----------
Date: Fri, 30 Dec 2005 04:20:28 -0500
From: "Preston, Ian" <Ian.Preston@cocc.com>
To: Dave Horsfall <dave@horsfall.org>
Subject: Out of Office AutoReply: [Full-disclosure] complaints about the g
overnemnt spying!
I will be out of the office until Tuesday, January 4th.
If you need immediate assistance, please address your message to
internetplus@cocc.com. You can also dial x625 to reach the Internet Plus
hunt group.
If you need to contact me directly, my cell phone # is 203 525 5770
<<snip>>
should we all call his cell phone?
To really make the point, we should each do it at a pre-arranged
_local_ time -- like, say mid-night New Year's Eve/New Years Day...
Another thing to do with such cases (if you're really bored and have
the time) is to report them to the security contact at the originating
domain. In this case you may just choose the internetplus@ address
mentioned in the actual message, but for the obsessively verbose ones
-- you know, the ones like:
I'm at a conference until ... For database queries contact Tom ...
For backup issues contact Dick ... For other support issues
contact Mary ...
reporting them to the company's security contact is both a good thing
(the twat clearly is giving up way too much internel-only info they
should have policies against, so warning them is a genuinely good
thing), and a better thing (their security contact will likely have the
mail admin kill/fix such auto-responses so we see no more from them in
the list) and a really evil thing (the staff member will return from
conference to a meeting with security and possibly even get slapped
with a security policy infringement note on their HR record).
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
