| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 10 06:25:55 2005 From: full-disclosure at pchandyman.com.au (Greg) Subject: Plaxo? ----- Original Message ----- From: "Aditya Deshmukh" <aditya.deshmukh@...ine.gateway.strangled.net> To: <nick@...us-l.demon.co.uk>; <full-disclosure@...ts.grok.org.uk> Sent: Wednesday, August 10, 2005 1:06 PM Subject: RE: [Full-disclosure] Plaxo? > >> Aditya Deshmukh wrote: >> >> > I need some advice about allowing plaxo running on my >> internal network. >> > >> > Shoud I allow it or ban it ? >> >> Default deny. > > Yes that's my kind of thinking! > >> >> If you need to ask, there is clearly _no_ need to ask... >> >> And a hint to clueful thinking about all such services -- how can you >> (or your users) assure the confidentiality of your/their >> address books >> if they are being stored and managed offsite? >> >> That is not to say that such is not possible -- depending on the >> standards you wish or need to maintain -- but do any of these quasi- >> anonymous web-based address book managers even start to take >> the kinds >> of steps necessary to assure you to the level you require? And, how >> can you be sure that they actually do meet those requirements? Is >> their "terms of service" document really a sufficient basis >> on which to >> form such a relationship? >> > > Certainly not! > > Why should I trust anyone with my users email address books ? > > And I would have to deal with the extra spam that will be generated.... > One small problem that may not have been noticed with Plaxo. If the Plaxo using person decides to do so, you can be a non-Plaxo using person on that externally managed address book with full email address also in there, added by the Plaxo user. I have received "I have updated my Plaxo" for whatever was updated, by several customers, at my help line email address and have checked it out when at their premises. Sure enough, there is my email address externally managed. So, whether you allow Plaxo or not, if some user outside of your company has all your email addresses within your company on their computer, it has also likely been added to Plaxo by them whether you like it or not. Greg.
Powered by blists - more mailing lists