You're joking right? On Sat, Aug 16, 2008 at 1:08 PM, William Lefkovics <[EMAIL PROTECTED]> wrote: > Do people still have land lines? > > > -----Original Message----- > From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2008 12:58 AM > To: MS-Exchange Admin Issues > Subject: Re: OOOR? > > Your name is the first thing I need to pull a credit/finance report. > I'm not going to go into detail, but this stuff is trivial. It has been for > 10+ years. > > Its not just about home invasion. Knowing you are going to be away, I can > hack your home phone line and redirect your calls to me (for a multitude of > reasons). This doesnt have to be virutal. With you not home, I'll hack the > grey box on the outside of your house, or better yet, your neighborhood > telco distribution box. Usually neither box is locked. I dont have to > redirect either. Plenty of mischief can be played while directly accessing > your line. Lots of social engineering starts by inviting (not neccessarily > by request) phone calls be initiated to you - trusting that that number they > dialed is yours and will be reaching your household. > > I could call your your credit card co too, and request that a duplicate card > be sent to your house (while you are away), with a 1-2 day delivery most > likely. Now I can take direct receipt of your physical credit card and go on > a shopping spree. > > Thats just a few ideas off the top of my head. > > > On Fri, Aug 15, 2008 at 4:44 PM, Eric Woodford <[EMAIL PROTECTED]> > wrote: >> OK, you know where I live. Still what's the point? Unless my home is >> in some nice zip code, why are you going to take the risk that I >> actually have something of value? I'll tell you know, except for a >> truck load of well loved baby toys and a sofa that's been snotted on, >> you're burglary attempt would be a bust. >> >> Or maybe the two large dogs, and alarm system will foil you after the >> long drive to my house. >> >> On Fri, Aug 15, 2008 at 11:10 AM, Kurt Buff <[EMAIL PROTECTED]> wrote: >>> >>> If you are foolish enough to let folks know you won't be at home, and >>> someone is of a mind to do this, you're screwed. The reason is, the >>> OoO messages are only in response to an email someone sent you. That >>> means they already have your name and the company you work for. If >>> they don't already have your home address, a minor amount of social >>> engineering at your workplace, or even a bit of googling, will reveal >>> where you live. >>> >>> Kurt >>> >>> On Fri, Aug 15, 2008 at 10:25 AM, Eric Woodford >>> <[EMAIL PROTECTED]> >>> wrote: >>> > My point was even if you did say "I am traveling to the North Pole >>> > for a month". What's to say I'd be able to find your house to sell >>> > all your furniture and worldly treasures. Last count, there are at >>> > least 9 people with my same name. >>> > >>> > On Fri, Aug 15, 2008 at 9:07 AM, Don Andrews >>> > <[EMAIL PROTECTED]> >>> > wrote: >>> >> >>> >> Agreed - not being in the office actually increases the chances of >>> >> my being at home - no access to email simply says, don't even try >>> >> to bother me. >>> >> >>> >> >>> >> >>> >> Now, on the other hand, if it said something really stupid like, >>> >> I'll be out of (town|state|country) for a week, that would be >>> >> different. >>> >> >>> >> >>> >> >>> >> ________________________________ >>> >> >>> >> From: Sobey, Richard A [mailto:[EMAIL PROTECTED] >>> >> Sent: Friday, August 15, 2008 8:14 AM >>> >> To: MS-Exchange Admin Issues >>> >> Subject: RE: OOOR? >>> >> >>> >> >>> >> >>> >> Arrg! This tired old debate. What does not being at work have to >>> >> do with not being at home?! >>> >> >>> >> >>> >> >>> >> From: Eric Woodford [mailto:[EMAIL PROTECTED] >>> >> Sent: 14 August 2008 18:16 >>> >> To: MS-Exchange Admin Issues >>> >> Subject: Re: OOOR? >>> >> >>> >> >>> >> >>> >> Your OOTO says "I will be out of the office between Monday and >>> >> Friday with no access to email". That really says "My house will >>> >> be empty, please come and help yourself". >>> >> >>> >> Interesting concept, terribly difficult to implement. Unless I >>> >> know you personally and have visited your house, finding your >>> >> specific address, traveling there (especially being that you're >>> >> across an ocean from me), breaking in and then hoping you have >>> >> something of value worth the entire endeavor (all before you get >>> >> back from vacation). That's all assuming you don't put your home >>> >> address and "keys under the mat" in your signature. >>> >> >>> >> >>> >> >>> >> >>> >> On Mon, Aug 11, 2008 at 12:38 PM, Simon Butler <[EMAIL PROTECTED]> >>> >> wrote: >>> >> >>> >> If you do allow OOTO to the Internet then watch your queues. As >>> >> spam is spoofed the OOTOs will stack up. >>> >> >>> >> However the social engineering and personal security issue is very >>> >> important. >>> >> >>> >> Your OOTO says "I will be out of the office between Monday and >>> >> Friday with no access to email". >>> >> That really says "My house will be empty, please come and help >>> >> yourself". >>> >> >>> >> The way that I usually counter the OOTO to the internet request is >>> >> quite simple. How does it look to business partners, either >>> >> potential or current? >>> >> >>> >> To use the example above, what that could be interpreted to say is >>> >> "Your custom is not important enough for me to get someone else to >>> >> monitor my mailbox for a week, I will read it when I get back". >>> >> >>> >> If you do implement OOTO then a template would be the best option. >>> >> The template wouldn't give much information away, and would tell >>> >> the sender that the mailbox is being monitored. Someone would then >>> >> need to monitor the mailbox, even if it is just to ping the sender >>> >> back to say that the person was away, is it urgent or can it wait. >>> >> >>> >> Simon. >>> >> >>> >> -- >>> >> Simon Butler >>> >> MVP: Exchange, MCSE >>> >> Amset IT Solutions Ltd. >>> >> >>> >> e: [EMAIL PROTECTED] >>> >> w: www.amset.co.uk >>> >> w: www.amset.info >>> >> >>> >> Need cheap certificates for Exchange, compatible with Windows >>> >> Mobile 5.0? >>> >> http://CertificatesForExchange.com/ for certificates from just $23.99. >>> >> Need a domain for your certificate? http://DomainsForExchange.net/ >>> >> >>> >> >>> >> >>> >> >>> >> -----Original Message----- >>> >> From: William Lefkovics [mailto:[EMAIL PROTECTED] >>> >> Sent: 11 August 2008 20:29 >>> >> To: MS-Exchange Admin Issues >>> >> >>> >> Subject: RE: OOOR? >>> >> >>> >> You probably got several in response to that post. >>> >> >>> >> Spammers don't care about OOFs. They don't nickel and dime addresses. >>> >> >>> >> There is sometimes juicy social engineering information within the >>> >> OOF though. >>> >> >>> >> >>> >> -----Original Message----- >>> >> From: Jim Dandy [mailto:[EMAIL PROTECTED] >>> >> Sent: Monday, August 11, 2008 10:08 AM >>> >> To: MS-Exchange Admin Issues >>> >> Subject: OOOR? >>> >> >>> >> I'm curious if others are allowing out of office replies to the >>> >> internet? >>> >> I've heard it's a bad idea because spammers use it to harvest >>> >> valid addresses. Thanks for your comments. >>> >> >>> >> Curt >>> >> >>> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >>> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >>> >> >>> >> >>> >> >>> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >>> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >>> >> >>> >> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >>> >> ~ http://www.sunbeltsoftware.com/Ninja ~ >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> > >>> > >>> >>> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >>> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> > > > > -- > ME2 > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ >
-- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
