Penetration Testing mailing list archives
Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]
From: "Adam Thompson" <adwulf () gmail com>
Date: Thu, 18 Sep 2008 07:52:03 +0100
2008/9/17 M.B.Jr. <marcio.barbado () gmail com>:
LISTENING ONLY - SILENCE IS GOLD The first thing help desks should do in those situations is writing the caller's phone number down and hanging up; then, consulting their policies. Do their policies allow confidential content handling instructions to be passed by phone calls? If so, the help desk should call up his boss to confirm and, being truth, getting his instructions, directly.
How many people here can honestly say that every helpdesk they've ever worked on has validated the caller before progressing the request? It seems the default is IF $VOICE claims name = "Joe Bloggs" then $VOICE must be "Joe Bloggs". How many helpdesks have personal information (eg mother's maiden name, date of birth, favourite colour, preference to UK or US spelling...;-) ) stored to challenge callers with? Whilst this seems to be common for third party providers (eg your colo datacentre or ISP), it seems in my experience to be the exception rather than the rule for internal helpdesks, or even outsourced helpdesks which act 'as if' they were internal. -- AdamT "At times one remains faithful to a cause only because its opponents do not cease to be insipid." - Nietzsche (Currently: Awaiting OOO messages to flood in). ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME], (continued)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pablo Cardoso (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Oftedahl, Douglas (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pete Herzog (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Michael Boman (Sep 15)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] David Howe (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Micheal Cottingham (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jorge L. Vazquez (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] M.B.Jr. (Sep 17)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Adam Thompson (Sep 18)
- Message not available
- Re: OOO FLAME natron (Sep 17)