| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jun 2007 20:41:08 +0200 (CEST) From: Michal Zalewski <lcamtuf@...ne.ids.pl> To: blah <blah@...kogre.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: You shady bastards. On Wed, 6 Jun 2007, blah wrote: > It seems there's a presumption that an employee, when he leaves, still owns > that email address that the former employeer provided. Yeah. And if the e-mail in question is support@...mple.com, a generic business contact point, he is perfectly OK to hand it over to a different group of employees. For personal, named accounts, it's not necessarily so ethically clear. Legalities aside, no matter what adhesion contracts / policies state, most employees *do* use corporate e-mail for personal correspondence, and most companies tolerate it within the limits of reason. You can terminate an employee for policy violations, but that does not mean you can then proclaim their mailbox to be free of personal correspondence and make it happen. To make things worse, note that in this particular case, the recipient had no reason to assume that the e-mail relates to business matters, and had all reasons to believe that this was a personal message intended only for the clearly named recipient - yet choose to familiarize himself with links provided therein. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists