lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <007d01c59d6b$f6facbe0$5601010a@p43400>
Date: Wed Aug 10 06:25:55 2005
From: full-disclosure at pchandyman.com.au (Greg)
Subject: Plaxo?


----- Original Message ----- 
From: "Aditya Deshmukh" <aditya.deshmukh@...ine.gateway.strangled.net>
To: <nick@...us-l.demon.co.uk>; <full-disclosure@...ts.grok.org.uk>
Sent: Wednesday, August 10, 2005 1:06 PM
Subject: RE: [Full-disclosure] Plaxo?


> 
>> Aditya Deshmukh wrote:
>> 
>> > I need some advice about allowing plaxo running on my 
>> internal network.
>> > 
>> > Shoud I allow it or ban it ?
>> 
>> Default deny.
> 
> Yes that's my kind of thinking! 
> 
>> 
>> If you need to ask, there is clearly _no_ need to ask...
>> 
>> And a hint to clueful thinking about all such services -- how can you 
>> (or your users) assure the confidentiality of your/their 
>> address books 
>> if they are being stored and managed offsite?
>> 
>> That is not to say that such is not possible -- depending on the 
>> standards you wish or need to maintain -- but do any of these quasi-
>> anonymous web-based address book managers even start to take 
>> the kinds 
>> of steps necessary to assure you to the level you require?  And, how 
>> can you be sure that they actually do meet those requirements?  Is 
>> their "terms of service" document really a sufficient basis 
>> on which to 
>> form such a relationship?
>> 
> 
> Certainly not! 
> 
> Why should I trust anyone with my users email address books ?
> 
> And I would have to deal with the extra spam that will be generated.... 
> 

One small problem that may not have been noticed with Plaxo. If the Plaxo using person decides to do so,  you can be a non-Plaxo using person on that externally managed address book with full email address also in there, added by the Plaxo user. I have received "I have updated my Plaxo" for whatever was updated, by several customers, at my help line email address and have checked it out when at their premises. Sure enough, there is my email address externally managed.

So, whether you allow Plaxo or not, if some user outside of your company has all your email addresses within your company on their computer, it has also likely been added to Plaxo by them whether you like it or not.

Greg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ