Re: Ouf Of Office
Ohhh yes, I grew up with this guy! Not friends. Read, Takedown ISBN: 0786889136, not a 100% account of what happened, but pretty close. There is also a video version of this book, released in Europe only. * CAUTION: If you read this book you might NEVER get a goods nights rest ever again. Knowing your systems are never safe. Mostly due to lusers. - John Q Jr. - Original Message - From: "Chris Scharff" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 9:48 AM Subject: RE: Ouf Of Office > Kevin Mitnick (http://www.freekevin.com/) was excellent at human engineering > hacks. He certainly wasn't the best or the only one doing it. Those types of > hacks work best when you know as much as possible about the target entity.. > Finding out about organizational structure and information about employees > makes these types of hacks much easier. Heck, there are people who get paid > to do these kinds of hacks to test security systems. > > Building on the responses of others: > > 2 months later Mike gets a phone call... > > Mike, how ya doin? My name is Fred Smith, I was hired in 3 days ago and Jim > Standin told me you were the guy to contact about getting me an NT and > e-mail account set up. Oh.. By the way, how was the trip to SE Asia? I'm > working in the accounting group, so can you make sure my logon script maps > the drive for the accounting group. > > > Chris Scharff - MCSE, Exchange MVP 512.652.4500 x244 > Senior Sales Engineer MessageOne > > > > -Original Message- > > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > > Sent: Friday, March 22, 2002 9:21 AM > > To: Exchange Discussions > > Subject: RE: Ouf Of Office > > > > > > What kind of security risk from a human engineering > > standpoint do you mean? > > > > -Original Message- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: den 21 mars 2002 20:42 > > To: Exchange Discussions > > Subject: RE: Ouf Of Office > > > > > > It does, but that doesn't mean it couldn't induce a mail > > loop. Imagine a help desk ticketing system which uses a > > unique e-mail address for every e-mail message received and > > autoreplies to the sender. > > > > More importantly is a security risk from a human engineering > > standpoint. > > > > > -Original Message- > > > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, March 21, 2002 4:24 AM > > > To: Exchange Discussions > > > Subject: Ouf Of Office > > > > > > > > > Does Out Of Office responses to the internet really loop? > > > > > > I believed that OOF only replied once to every mailaddress!? > > > Anyone who knows for sure? > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
Kevin Mitnick (http://www.freekevin.com/) was excellent at human engineering hacks. He certainly wasn't the best or the only one doing it. Those types of hacks work best when you know as much as possible about the target entity.. Finding out about organizational structure and information about employees makes these types of hacks much easier. Heck, there are people who get paid to do these kinds of hacks to test security systems. Building on the responses of others: 2 months later Mike gets a phone call... Mike, how ya doin? My name is Fred Smith, I was hired in 3 days ago and Jim Standin told me you were the guy to contact about getting me an NT and e-mail account set up. Oh.. By the way, how was the trip to SE Asia? I'm working in the accounting group, so can you make sure my logon script maps the drive for the accounting group. Chris Scharff - MCSE, Exchange MVP 512.652.4500 x244 Senior Sales Engineer MessageOne > -Original Message- > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > Sent: Friday, March 22, 2002 9:21 AM > To: Exchange Discussions > Subject: RE: Ouf Of Office > > > What kind of security risk from a human engineering > standpoint do you mean? > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: den 21 mars 2002 20:42 > To: Exchange Discussions > Subject: RE: Ouf Of Office > > > It does, but that doesn't mean it couldn't induce a mail > loop. Imagine a help desk ticketing system which uses a > unique e-mail address for every e-mail message received and > autoreplies to the sender. > > More importantly is a security risk from a human engineering > standpoint. > > > -Original Message- > > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, March 21, 2002 4:24 AM > > To: Exchange Discussions > > Subject: Ouf Of Office > > > > > > Does Out Of Office responses to the internet really loop? > > > > I believed that OOF only replied once to every mailaddress!? > > Anyone who knows for sure? > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Ouf Of Office
"You've reached the inbox of Mike Jamison. I'm out of the office touring SE Asia for the next two months. Contact Jim Standin at 222-555-1212." That tells a potentially nefarious person that someone's house is empty and unattended for two months. It also tells him the name and phone number of an internal person. With the latter he could maybe concoct a good lie and manipulate the person into giving him something he shouldn't have (like 'would you reset my password?'). - Original Message - From: "Andersson Mikael (SIX)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 9:20 AM Subject: RE: Ouf Of Office > What kind of security risk from a human engineering standpoint do you mean? > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: den 21 mars 2002 20:42 > To: Exchange Discussions > Subject: RE: Ouf Of Office > > > It does, but that doesn't mean it couldn't induce a mail loop. Imagine a > help desk ticketing system which uses a unique e-mail address for every > e-mail message received and autoreplies to the sender. > > More importantly is a security risk from a human engineering standpoint. > > > -Original Message- > > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, March 21, 2002 4:24 AM > > To: Exchange Discussions > > Subject: Ouf Of Office > > > > > > Does Out Of Office responses to the internet really loop? > > > > I believed that OOF only replied once to every mailaddress!? > > Anyone who knows for sure? > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Ouf Of Office
Suppose for a moment that someone with ill intent is attempting to contact you. You are out of the office for several days. Your OOO response has let them know of your absence. You have now afforded this person opportunity to do harm to property or other, by knowing that you are likely not there to prevent it. Not really a risk worth taking, is it? - Original Message - From: "Andersson Mikael (SIX)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 9:20 AM Subject: RE: Ouf Of Office > What kind of security risk from a human engineering standpoint do you mean? > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: den 21 mars 2002 20:42 > To: Exchange Discussions > Subject: RE: Ouf Of Office > > > It does, but that doesn't mean it couldn't induce a mail loop. Imagine a > help desk ticketing system which uses a unique e-mail address for every > e-mail message received and autoreplies to the sender. > > More importantly is a security risk from a human engineering standpoint. > > > -Original Message- > > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, March 21, 2002 4:24 AM > > To: Exchange Discussions > > Subject: Ouf Of Office > > > > > > Does Out Of Office responses to the internet really loop? > > > > I believed that OOF only replied once to every mailaddress!? > > Anyone who knows for sure? > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
When you leave your house do you put out a sign that says "I'm not home and wont be back until next Saturday"? -Original Message- From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 10:21 AM To: Exchange Discussions Subject: RE: Ouf Of Office What kind of security risk from a human engineering standpoint do you mean? -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: den 21 mars 2002 20:42 To: Exchange Discussions Subject: RE: Ouf Of Office It does, but that doesn't mean it couldn't induce a mail loop. Imagine a help desk ticketing system which uses a unique e-mail address for every e-mail message received and autoreplies to the sender. More importantly is a security risk from a human engineering standpoint. > -Original Message- > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 21, 2002 4:24 AM > To: Exchange Discussions > Subject: Ouf Of Office > > > Does Out Of Office responses to the internet really loop? > > I believed that OOF only replied once to every mailaddress!? > Anyone who knows for sure? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
What kind of security risk from a human engineering standpoint do you mean? -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: den 21 mars 2002 20:42 To: Exchange Discussions Subject: RE: Ouf Of Office It does, but that doesn't mean it couldn't induce a mail loop. Imagine a help desk ticketing system which uses a unique e-mail address for every e-mail message received and autoreplies to the sender. More importantly is a security risk from a human engineering standpoint. > -Original Message- > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 21, 2002 4:24 AM > To: Exchange Discussions > Subject: Ouf Of Office > > > Does Out Of Office responses to the internet really loop? > > I believed that OOF only replied once to every mailaddress!? > Anyone who knows for sure? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Ouf Of Office
I know for sure that they're only *supposed* to reply once per address, but that this can break. Took MS 9 months to fix this one for me -- so caution is best heeded. Missy - Original Message - From: "Andersson Mikael (SIX)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 5:23 AM Subject: Ouf Of Office Does Out Of Office responses to the internet really loop? I believed that OOF only replied once to every mailaddress!? Anyone who knows for sure? /micke _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
It can. It has. It might not ever for you, but there is a risk. -Original Message- From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 4:24 AM To: Exchange Discussions Subject: Ouf Of Office Does Out Of Office responses to the internet really loop? I believed that OOF only replied once to every mailaddress!? Anyone who knows for sure? /micke _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
Which is a much better answer than mine! -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 2:42 PM To: Exchange Discussions Subject: RE: Ouf Of Office It does, but that doesn't mean it couldn't induce a mail loop. Imagine a help desk ticketing system which uses a unique e-mail address for every e-mail message received and autoreplies to the sender. More importantly is a security risk from a human engineering standpoint. > -Original Message- > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 21, 2002 4:24 AM > To: Exchange Discussions > Subject: Ouf Of Office > > > Does Out Of Office responses to the internet really loop? > > I believed that OOF only replied once to every mailaddress!? > Anyone who knows for sure? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
It does, but that doesn't mean it couldn't induce a mail loop. Imagine a help desk ticketing system which uses a unique e-mail address for every e-mail message received and autoreplies to the sender. More importantly is a security risk from a human engineering standpoint. > -Original Message- > From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 21, 2002 4:24 AM > To: Exchange Discussions > Subject: Ouf Of Office > > > Does Out Of Office responses to the internet really loop? > > I believed that OOF only replied once to every mailaddress!? > Anyone who knows for sure? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Ouf Of Office
OOFs reply once to a mail address until you turn it off and back on again. -Original Message- From: Andersson Mikael (SIX) [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 5:24 AM To: Exchange Discussions Subject: Ouf Of Office Does Out Of Office responses to the internet really loop? I believed that OOF only replied once to every mailaddress!? Anyone who knows for sure? /micke _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
