I sincerely doubt that anyone could convince a corporate entity to disable any feature of their beloved LookOut! - not the Out of Office wizard, not the prevue pane (portal for many mail-borne viruses/worms/trojans), not HMTL e-mail (malicious payload enabler), ...
D.J.D. At 08:04 AM 05/17/2005 -0400, John E. Malmberg wrote: >Folks, > >Convicted criminals have stated that they use these messages on phones >and probably now e-mail to steal from companies. They have stated that >the easiest way to steal from a company is to impersonate the identity >of someone known to be out of the office. > >Some of these criminals have made the headlines of the traditional press >with these exploits because the thefts have been with very high amounts. > >IIRC: On U.S. TV, a demonstration was done where the tester was able to >get the dialup phone numbers and a senior (VP level) employee's login >account and password reset, all the while that the employee was trying >to demonstrate that their system was secure from skilled hackers on that >same TV show. > >Secret prototypes have been stolen, along with confidential documents. >And the dollar amount has been in the high thousands, if not in the >million dollar range from just one of these criminals. > >I strongly recommend just turning off the out-of-office feature completely. > >In addition to the security problems, these messages will auto-respond >to forged addresses in spam and viruses, and this turns your mail server >into a participant in a denial of service attack on the rest of the >Internet. > >Most corporate mail systems allow mail to be temporarily read by a >secondary trusted user. Use that method instead. > >If you have any influence with the security policy of your company, get >these auto-responders banned, and the same for having any phone messages >that indicate how long your identity can be spoofed with no one at your >company being able to easily reach you. > >Essentially these messages are now the same as not stopping your news >and mail delivery while on vacation. > >And mailing list traffic is clearly marked so in the headers, so any >auto-responder that responds to them is not compliant with RFC standards. > >In addition to the messages to this list, I got two messages from broken >auto-responders from my last post. > >-John >[EMAIL PROTECTED] >Personal Opinon Only > >PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: > >http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
