lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.0706070025540.18827@forced.attrition.org>
Date: Thu, 7 Jun 2007 00:28:26 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: Larry Seltzer <Larry@...ryseltzer.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: You shady bastards.


: >>A more ethical company would have sent HDM a polite note saying that
: the person no longer works there before curiosity got the best of them. 
: 
: Does your company do this for all former employee e-mail accounts?

No. But they also don't continue to accept mail to those accounts either.

: Let's hope he unsubscribed from all his mailing lists before he left.

If a company is going to continue monitoring a former employee's mailbox 
(intentionally or via a 'catch all'), that is fine. But when they 
specifically act on a personal private mail between someone outside of 
their company and the former employee, they are crossing the line of 
ethical behavior I think. As I said, the least they should have done is 
mail HDM and notified him the person no longer works there. If they didn't 
do that, and if you think they shouldn't be required to, then they 
shouldn't act on the information in the mail either.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ