Out-of-Office messages (was Re: [unisog] Recent DOS Attacks (Vacation)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 26 13:53:28 GMT 2004


On Wed, 25 Aug 2004 09:45:03 PDT, Maria Gallagher said:

(OK.. so I'm preaching to the choir here about Out-of-Office messages - this
is more for the archives and any newcomers to the list...)

> I will be out of the office on vacation from Tuesday Aug. 24th and
> Wednesday August 25th. I will return on Thursday Aug. 26th.

Any number of information leakage attacks come to mind here:

1) We now know there's probably a PC out there that isn't being watched at the
moment..

2) Social engineering attacks:  Call the site and say "This is <fill in the
blank>, I'm currently elsewhere and can't get on the internal net to download a
file I urgently need - can you fix my password?" (amazingly effective..)

3) We've got an X-mailer tag identifying the MUA being used, and can probably
bet on the person not being quite as careful opening mail when they're deluged
with the first-day-back flood....

> This message scanned for viruses and SPAM by GWGuardian at SCU (MGW1)

These, of course, prove nothing - bonus points if you remember which very
widespread worm intentionally added a fake 'scanned for viruses' header
spoofing a popular scanner's header, just to make people think it was safe....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040826/e5315412/attachment-0004.bin


More information about the unisog mailing list