Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: You shady bastards.
From: Anders B Jansson <hdw () kallisti se>
Date: Thu, 07 Jun 2007 14:40:33 +0200

Any company email adress is primarily intended for company related issues.
Even the company in question allows you to use it for personal issues, 
it's still mainly intented for company use.

An email adressed to, up until recently employed, security researcher,
HR drone or sales assistant, Elmer Fudd using his company email 
elmer.fudd () shadybastards com must be seen as adressed to this person
in his position at the company, not to him as a person.

If he for some reason can't take care of it, it's obvious that the
company must take care of the message, usually by the individual who
is covering for him (or replacing him).

If you want to send a message to a specific individual, not a position
at a company, then use his (or hers) personal adress. 

// hdw
rlogin () hush ai wrote:
The key is *personal* e-mail.  It's not unreasonable for any 
company to assume their e-mail systems are used primarily for 
business purposes. The e-mail doesn't indicate it's personal. It 
doesn't say, "Your Ghonorrhea test results have come back!  Click 
here for the results."  The e-mail has no contents other than a 
link and doesn't indicate that the "Zero Day" promise was made 
after this employee left the company. In fact, the subject "Zero 
Day" is directly related to SecureWork's business and it's entirely 
reasonable to expect a security company to investigate the 
contents. I'm actually surprised someone actually monitors these 
accounts and took the time to look into it!

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]