Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: You shady bastards.
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Wed, 6 Jun 2007 20:41:08 +0200 (CEST)

On Wed, 6 Jun 2007, blah wrote:

It seems there's a presumption that an employee, when he leaves, still owns
that email address that the former employeer provided.

Yeah. And if the e-mail in question is support () example com, a generic
business contact point, he is perfectly OK to hand it over to a different
group of employees. For personal, named accounts, it's not necessarily so
ethically clear.

Legalities aside, no matter what adhesion contracts / policies state, most
employees *do* use corporate e-mail for personal correspondence, and most
companies tolerate it within the limits of reason. You can terminate an
employee for policy violations, but that does not mean you can then
proclaim their mailbox to be free of personal correspondence and make it

To make things worse, note that in this particular case, the recipient had
no reason to assume that the e-mail relates to business matters, and had
all reasons to believe that this was a personal message intended only for
the clearly named recipient - yet choose to familiarize himself with links
provided therein.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]