Do people still have land lines?
-----Original Message----- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Saturday, August 16, 2008 12:58 AM To: MS-Exchange Admin Issues Subject: Re: OOOR? Your name is the first thing I need to pull a credit/finance report. I'm not going to go into detail, but this stuff is trivial. It has been for 10+ years. Its not just about home invasion. Knowing you are going to be away, I can hack your home phone line and redirect your calls to me (for a multitude of reasons). This doesnt have to be virutal. With you not home, I'll hack the grey box on the outside of your house, or better yet, your neighborhood telco distribution box. Usually neither box is locked. I dont have to redirect either. Plenty of mischief can be played while directly accessing your line. Lots of social engineering starts by inviting (not neccessarily by request) phone calls be initiated to you - trusting that that number they dialed is yours and will be reaching your household. I could call your your credit card co too, and request that a duplicate card be sent to your house (while you are away), with a 1-2 day delivery most likely. Now I can take direct receipt of your physical credit card and go on a shopping spree. Thats just a few ideas off the top of my head. On Fri, Aug 15, 2008 at 4:44 PM, Eric Woodford <[EMAIL PROTECTED]> wrote: > OK, you know where I live. Still what's the point? Unless my home is > in some nice zip code, why are you going to take the risk that I > actually have something of value? I'll tell you know, except for a > truck load of well loved baby toys and a sofa that's been snotted on, > you're burglary attempt would be a bust. > > Or maybe the two large dogs, and alarm system will foil you after the > long drive to my house. > > On Fri, Aug 15, 2008 at 11:10 AM, Kurt Buff <[EMAIL PROTECTED]> wrote: >> >> If you are foolish enough to let folks know you won't be at home, and >> someone is of a mind to do this, you're screwed. The reason is, the >> OoO messages are only in response to an email someone sent you. That >> means they already have your name and the company you work for. If >> they don't already have your home address, a minor amount of social >> engineering at your workplace, or even a bit of googling, will reveal >> where you live. >> >> Kurt >> >> On Fri, Aug 15, 2008 at 10:25 AM, Eric Woodford >> <[EMAIL PROTECTED]> >> wrote: >> > My point was even if you did say "I am traveling to the North Pole >> > for a month". What's to say I'd be able to find your house to sell >> > all your furniture and worldly treasures. Last count, there are at >> > least 9 people with my same name. >> > >> > On Fri, Aug 15, 2008 at 9:07 AM, Don Andrews >> > <[EMAIL PROTECTED]> >> > wrote: >> >> >> >> Agreed - not being in the office actually increases the chances of >> >> my being at home - no access to email simply says, don't even try >> >> to bother me. >> >> >> >> >> >> >> >> Now, on the other hand, if it said something really stupid like, >> >> I'll be out of (town|state|country) for a week, that would be >> >> different. >> >> >> >> >> >> >> >> ________________________________ >> >> >> >> From: Sobey, Richard A [mailto:[EMAIL PROTECTED] >> >> Sent: Friday, August 15, 2008 8:14 AM >> >> To: MS-Exchange Admin Issues >> >> Subject: RE: OOOR? >> >> >> >> >> >> >> >> Arrg! This tired old debate. What does not being at work have to >> >> do with not being at home?! >> >> >> >> >> >> >> >> From: Eric Woodford [mailto:[EMAIL PROTECTED] >> >> Sent: 14 August 2008 18:16 >> >> To: MS-Exchange Admin Issues >> >> Subject: Re: OOOR? >> >> >> >> >> >> >> >> Your OOTO says "I will be out of the office between Monday and >> >> Friday with no access to email". That really says "My house will >> >> be empty, please come and help yourself". >> >> >> >> Interesting concept, terribly difficult to implement. Unless I >> >> know you personally and have visited your house, finding your >> >> specific address, traveling there (especially being that you're >> >> across an ocean from me), breaking in and then hoping you have >> >> something of value worth the entire endeavor (all before you get >> >> back from vacation). That's all assuming you don't put your home >> >> address and "keys under the mat" in your signature. >> >> >> >> >> >> >> >> >> >> On Mon, Aug 11, 2008 at 12:38 PM, Simon Butler <[EMAIL PROTECTED]> >> >> wrote: >> >> >> >> If you do allow OOTO to the Internet then watch your queues. As >> >> spam is spoofed the OOTOs will stack up. >> >> >> >> However the social engineering and personal security issue is very >> >> important. >> >> >> >> Your OOTO says "I will be out of the office between Monday and >> >> Friday with no access to email". >> >> That really says "My house will be empty, please come and help >> >> yourself". >> >> >> >> The way that I usually counter the OOTO to the internet request is >> >> quite simple. How does it look to business partners, either >> >> potential or current? >> >> >> >> To use the example above, what that could be interpreted to say is >> >> "Your custom is not important enough for me to get someone else to >> >> monitor my mailbox for a week, I will read it when I get back". >> >> >> >> If you do implement OOTO then a template would be the best option. >> >> The template wouldn't give much information away, and would tell >> >> the sender that the mailbox is being monitored. Someone would then >> >> need to monitor the mailbox, even if it is just to ping the sender >> >> back to say that the person was away, is it urgent or can it wait. >> >> >> >> Simon. >> >> >> >> -- >> >> Simon Butler >> >> MVP: Exchange, MCSE >> >> Amset IT Solutions Ltd. >> >> >> >> e: [EMAIL PROTECTED] >> >> w: www.amset.co.uk >> >> w: www.amset.info >> >> >> >> Need cheap certificates for Exchange, compatible with Windows >> >> Mobile 5.0? >> >> http://CertificatesForExchange.com/ for certificates from just $23.99. >> >> Need a domain for your certificate? http://DomainsForExchange.net/ >> >> >> >> >> >> >> >> >> >> -----Original Message----- >> >> From: William Lefkovics [mailto:[EMAIL PROTECTED] >> >> Sent: 11 August 2008 20:29 >> >> To: MS-Exchange Admin Issues >> >> >> >> Subject: RE: OOOR? >> >> >> >> You probably got several in response to that post. >> >> >> >> Spammers don't care about OOFs. They don't nickel and dime addresses. >> >> >> >> There is sometimes juicy social engineering information within the >> >> OOF though. >> >> >> >> >> >> -----Original Message----- >> >> From: Jim Dandy [mailto:[EMAIL PROTECTED] >> >> Sent: Monday, August 11, 2008 10:08 AM >> >> To: MS-Exchange Admin Issues >> >> Subject: OOOR? >> >> >> >> I'm curious if others are allowing out of office replies to the >> >> internet? >> >> I've heard it's a bad idea because spammers use it to harvest >> >> valid addresses. Thanks for your comments. >> >> >> >> Curt >> >> >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> >> >> >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> > >> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >> ~ http://www.sunbeltsoftware.com/Ninja ~ > > -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
