On Fri, 31 Dec 2004 23:14:43 EST, "Byron L. Sonne" said: > You know, people that set these auto-replies often give out a good > amount of information (of the social engineering kind and otherwise), if > someone were to apply themselves... I'm not sure which is worse, the fact that we all now know that his system is probably fair game for attack for another week, or that we now know that on Jan 9th, he's probably going to be piled under mail and not being quite as careful on what he opens. And I'd be amazed if the X-Mailer: header on his mail didn't list out what vulnerabilities it had (correlate build level to avisories.. ;) > Schwarzwaelder, Joerg wrote: > > I will not be in the office at least until January 9th, 2005. > > > > Please send > > - ssh, watchdog and hvu relocation issues to Alexander Bossert > > - firewall issues to "security-support@xxxxxxxxxx" Hmm.. if he's usually the firewall issue person, it's likely that whoever is reading security-support's mail is *less* experienced. Hint: if the site *has* a security-support address, firewall issues should *always* be going there rather than to a specific user, for multiple reasons: 1) that way you know *somebody* will see it even if he's away from the office and not reading the mail 2) Checks and balances - it keeps him honest because if somebody notices a firewall issue that he created, he can't just hit delete and get away with it...
Attachment:
pgp00007.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html