On 7/28/2011 2:20 PM, Frank Swarbrick wrote:
Our information security officer sent the following to my
manager: "The content Frank is positing does not appear to
be specific to our environment. However, I am concern by the
fact he posts his position, where he works, and phone number.
This creates some social engineering risk, as well as
discloses information about the operating systems we use.
Who can I talk with to ask Frank to remove information
related to where he works on this conversation thread and
future ones?"
Are these concerns justified or just paranoia?
Just make them aware that list traffic is archived and echoed
all over the place. If the security officer can't live with the
state of affairs, just inform him/her that to mitigate things,
the company needs to change its name, street address, all ip
addresses, phone numbers, employee names and titles, and then
restrict the new information from the web. As is, the horse is
out of the barn..... <g>
Gerhard Postpischil
Bradford, VT
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
