Full Disclosure mailing list archives

Re: Plaxo?

From: "Greg" <full-disclosure () pchandyman com au>
Date: Wed, 10 Aug 2005 15:25:45 +1000


----- Original Message ----- 
From: "Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>
To: <nick () virus-l demon co uk>; <full-disclosure () lists grok org uk>
Sent: Wednesday, August 10, 2005 1:06 PM
Subject: RE: [Full-disclosure] Plaxo?

Aditya Deshmukh wrote:

I need some advice about allowing plaxo running on my

internal network.


Shoud I allow it or ban it ?


Default deny.


Yes that's my kind of thinking!


If you need to ask, there is clearly _no_ need to ask...

And a hint to clueful thinking about all such services -- how can you 
(or your users) assure the confidentiality of your/their 
address books 
if they are being stored and managed offsite?

That is not to say that such is not possible -- depending on the 
standards you wish or need to maintain -- but do any of these quasi-
anonymous web-based address book managers even start to take 
the kinds 
of steps necessary to assure you to the level you require?  And, how 
can you be sure that they actually do meet those requirements?  Is 
their "terms of service" document really a sufficient basis 
on which to 
form such a relationship?


Certainly not! 

Why should I trust anyone with my users email address books ?

And I would have to deal with the extra spam that will be generated....


One small problem that may not have been noticed with Plaxo. If the Plaxo using person decides to do so,  you can be a 
non-Plaxo using person on that externally managed address book with full email address also in there, added by the 
Plaxo user. I have received "I have updated my Plaxo" for whatever was updated, by several customers, at my help line 
email address and have checked it out when at their premises. Sure enough, there is my email address externally managed.

So, whether you allow Plaxo or not, if some user outside of your company has all your email addresses within your 
company on their computer, it has also likely been added to Plaxo by them whether you like it or not.

Greg.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

List Charter John Cartwright (Aug 08)
- Group Airfare Travel Website Programming Robert Kim Wireless Internet Advisor (Aug 08)
  - Re: Group Airfare Travel Website Programming Valdis . Kletnieks (Aug 08)
  - Plaxo? Aditya Deshmukh (Aug 09)
    - Re: Plaxo? Nick FitzGerald (Aug 09)
    - RE: Plaxo? Aditya Deshmukh (Aug 09)
    - Re: Plaxo? Greg (Aug 09)
    - Re: Plaxo? mis (Aug 10)