lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4667FCC1.4090601@kallisti.se>
Date: Thu, 07 Jun 2007 14:40:33 +0200
From: Anders B Jansson <hdw@...listi.se>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: You shady bastards.

Any company email adress is primarily intended for company related issues.
Even the company in question allows you to use it for personal issues, 
it's still mainly intented for company use.

An email adressed to, up until recently employed, security researcher,
HR drone or sales assistant, Elmer Fudd using his company email 
elmer.fudd@...dybastards.com must be seen as adressed to this person
in his position at the company, not to him as a person.

If he for some reason can't take care of it, it's obvious that the
company must take care of the message, usually by the individual who
is covering for him (or replacing him).

If you want to send a message to a specific individual, not a position
at a company, then use his (or hers) personal adress. 

// hdw
 
rlogin@...h.ai wrote:
> The key is *personal* e-mail.  It's not unreasonable for any 
> company to assume their e-mail systems are used primarily for 
> business purposes. The e-mail doesn't indicate it's personal. It 
> doesn't say, "Your Ghonorrhea test results have come back!  Click 
> here for the results."  The e-mail has no contents other than a 
> link and doesn't indicate that the "Zero Day" promise was made 
> after this employee left the company. In fact, the subject "Zero 
> Day" is directly related to SecureWork's business and it's entirely 
> reasonable to expect a security company to investigate the 
> contents. I'm actually surprised someone actually monitors these 
> accounts and took the time to look into it!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ