can't spoof a legit email address or spearphish an admin using a job ad, but some companies are learning to be more careful about the amount of detail they post. I always find it kind of creepy when I get email from myself that I didn't send...
--- On Fri, 7/29/11, Steve Conway <steve_con...@ao.uscourts.gov> wrote: > From: Steve Conway <steve_con...@ao.uscourts.gov> > Subject: Re: disclosing "business" information on the internet > To: IBM-MAIN@bama.ua.edu > Date: Friday, July 29, 2011, 9:07 AM > Ken makes an excellent point. > In my opinion, this still falls into the > category of "I don't need perfect security, just better > security than my > neighbors". > > I get that a chain is only as strong as its weakest link, > but the less > information about your company's infrastructure that gets > exposed, the > better. > > > Cheers,,,Steve > > Steven F. Conway, CISSP > LA Systems > z/OS Systems Support > Phone: 703.295.1926 > steve_con...@ao.uscourts.gov > > > > From: Ken Hume IBM <kph...@live.com> > To: IBM-MAIN@bama.ua.edu > Date: 07/28/2011 03:50 PM > Subject: Re: disclosing > "business" information on the internet > Sent by: IBM Mainframe > Discussion List <IBM-MAIN@bama.ua.edu> > > > > Frank, > > From your website.... > > "FirstBank has a full-time software developer position > available for a > .NET software developer. Responsibilities include analysis, > design, > coding, and testing of new multi-tier applications as well > as enhancing > existing applications in a team environment. > > Applicant must have at least two years of professional > experience with > C# or Delphi. Applicant needs strong Delphi or C# skills > with some > ADO.NET (preferably with Oracle's ODP.NET). Experience with > IIS, XML, > WCF, SQL, ASP.NET, AJAX, or web services is a plus." > > That, and the java position you have open tells folks a lot > about what > you have there. I'm sure you have advertised for positions > that require > z/OS and COBOL experience. > > I think they are over reacting a bit. > > Ken Hume > IBM PD Tools Client Advocate > (720)396-7776 > kph...@us.ibm.com > > > On 7/28/2011 12:20 PM, Frank Swarbrick wrote: > > Here's something that I think may be of general > interest. > > > > Our information security officer sent the following to > my manager: "The > content Frank is positing does not appear to be specific to > our > environment. However, I am concern by the fact he > posts his position, > where he works, and phone number. This creates some > social engineering > risk, as well as discloses information about the operating > systems we use. > Who can I talk with to ask Frank to remove information > related to where > he works on this conversation thread and future ones?" > > > > Are these concerns justified or just paranoia? > > > > I like posting this information because I've received > useful contacts > and information based on it. I'm curious what > policies other businesses > have. > > > > Frank > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access > instructions, > send email to lists...@bama.ua.edu > with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access > instructions, > send email to lists...@bama.ua.edu > with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
