RE: Moderator Policy re: Out-of-office responses

[LordInfidel () directionweb com]

I just wanted to throw my 2-cents in on out of office replies, since this is
a security basics list.

Assuming your on this list because you either
A) Want to learn about security
B) Work in security or IT related admin role

If your in the B category, then Turning on your out-of-office reply is
actually a bad thing.

Why? (besides the whole spam the world thing)

Once you turn it on, you are essentially alerting anyone
who sends e-mail to you that you are not there.  And since the typical
out-of-office reply gives juicy info like where you are, who to contact, and
when you will be back.

This gives the malicious attacker a great deal of knowledge that they
previously would not of have had.

Plus they will know that the person responsible for the network is not there
to look at "unusual activity".  Giving them free reign to attack your
systems without you monitoring logs/e-mail.

This is one of the cases where security thru obscurity is actually a good
thing.  Never give your opponent information freely, Make them work for it.

JMO

LordInfidel 

-----Original Message-----
From: Kelly Martin [mailto:kel () securityfocus com]
Sent: Tuesday, March 23, 2004 1:15 PM
To: security-basics () securityfocus com
Subject: Moderator Policy re: Out-of-office responses


Well, it's that time of the year again when people are starting to go on
vacation. Good for you! However, you don't need to tell me, and everyone
else on this list, about it.

This is a gentle reminder to PLEASE remove yourself from Security-Basics
when you go on vacation, or else set your automatic "out of office" reply
*properly*, so it does not respond to every post on the list. Today I
received a dozen out-of-office replies to my latest SecurityFocus article
announcement. Everyone who posts messages receives these OoOR's as well.

As there are about 13,000 people on this list, it is certainly a form of
spam to send your vacation message to everyone who posts here.

Therefore, if I receive an out-of-office response from you, you will be
removed from the list without warning. Deleted. Zapped. #mv user>null

Kind Regards,

Moderator.

--8<--cut here---8<---
Kelly Martin kel () securityfocus com http://www.SecurityFocus.com
SecurityFocus Infocus - content editor ph+001 (403) 261-5468

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------