On Sun, Jun 13, 2010 at 11:19:16AM +1200, Nick FitzGerald wrote: > Most security professionals I've either asked directly about this or > with whom it's come up some way or other in conversation (admittedly > not a large proportion of all such folk I know), _do_ exactly that. > And at least some "more normal" folk I know (i.e. not security > professionals) do this too. There are a number of reasons, but > commonly having a single "well protected" (by the privacy policies of > those companies they trust to share the address with) address is the > reason (the other one is tracking who sell, etc addresses and these > folk use a separate address for each company/entity that they share > contact details with).
I've done this for a very long time. Sometimes the individually-supplied addresses are rather obviously mine; sometimes they're not. And I keep very careful records of which addresses were given to whom. I've also trained some other people to do the same. Sometimes it's very interesting to note that an address given only to A turns up in B's hands...or B's, C's, D's, E's, etc. hands in some instances. There have been any number of fascinating little case studies demonstrating that data is either being sold or stolen or otherwise leaked from numerous operations (some of which predictably claim that this is impossible and that those reporting same must be mistaken, incompetent, senile or lying). For instance, United Airlines has been observed leaking addresses to Brazilian spammers. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
