[Dshield] Spam Email is there a solution "finally"?

Tom Geairn tgeairn at newviewconsulting.com
Fri Dec 19 02:58:52 GMT 2003


Perhaps we should start a new mailing list just to redistribute the
dozens of pager, cell phone, direct line #s, names, addresses, email
addresses, etc that we (those who post to various lists) receive in Out
Of Office replies every day.  <BIG GRIN>...  That would likely change
the attitude of some users of "Out Of Office".

Seriously, I agree with John.  This poses a tremendous security risk
particularly from a social engineering point of view.  Consider the
following:

1.  I receive an OoO message from John Doe saying that he is sleeping
for the next two weeks and if this is an emergency I should contact Jane
Smith on her cell at (414) 555-1234.
2.  I wait until the end of the workday +30 minutes (referencing the 414
area code and figuring it is Central US time) and call Jane on her cell.
3.  "Hi, Jane?  This is Adam.  John told me to call you about the
problem we're having with server (insert some server name from the mail
headers here).  I can't set up my VPN connection using the password John
gave me...

Obviously this is a blunt force attack, but by combining the mail
headers, the OoO replies (ideally you even have multiple replies from
different people in xyz corp so you can throw around names with the best
of 'em), and a little more knowledge than the average person stuck with
the "Emergency Contact" job title and one could probably make a career
out of this.  Oh wait, I did.

-Tom Geairn
NewView Consulting, LLC

PS, I'm expecting at least a dozen automated replies to this message,
giving all kinds of information you would never consider posting on the
Internet or filling in on a web form.





More information about the list mailing list