Techtech

Sun Feb 3, 2019, 09:21 PM

Out-of-Office Messages are a Security Risk

...

Sometimes I’m really out of the office, though, crawling around in the backcountry wilderness or on an island somewhere. I’ll do it if I have to, but even then I don’t like setting an automatic response. There’s no way to do it that doesn’t leak information to a would-be attacker.

I’m out of the office. I’m saying that, just like my email, I’m probably not watching my computers or accounts closely so now is a good time to drain my bank accounts, install malware on my PCs, and social engineer my coworkers.

I’m gone between dates X and Y. You’ve got that long to defeat my security without any active opposition from me. The length of time also speaks to whether I’ve traveled somewhere, and they can break into my house unnoticed. This could cause evidence of a break-in, like fingerprints, to degrade, as well as allow for secondary damage, like rain coming in a broken window. If I’m the only one traveling this may also endanger others still at home in my house.

I’m hiking the Inca Trail to Machu Picchu. I gave it away, and on top of it I’m bragging, too. To quote Peter Quill from Guardians of the Galaxy, “what an a-hole.”

Contact somebodyelse@company.com with urgent needs. They now know more about the team structure and can do some social engineering. “Before he left Bob told me you could give me get an account on system X.” Plus you’re unfairly burdening someone else, and forcing people to make value judgments about urgency, too.

https://lonesysadmin.net/2019/02/03/out-of-office-messages-are-a-security-risk/

I'd be surprised if this isn't general knowledge. They were very heavily discouraged by employers decades ago.

2 replies, 156 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 2 replies Author Time Post
Reply Out-of-Office Messages are a Security Risk (Original post)
Troll2 Feb 3 OP
Gamle-ged Feb 3 #1
CornFed Feb 4 #2

Response to Troll2 (Original post)

Sun Feb 3, 2019, 11:05 PM

1. An earlier version of that notice was the well-to-do placing notices in the paper...

… "Mrs. & Mr. Worthalot, Esquire, will be doing the Grand Tour of Europe from such-and-such a date to whenever."

Their stay-at-home acquaintances might fume with angered envy, but burglars greatly appreciated the notifications...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Troll2 (Original post)

Mon Feb 4, 2019, 12:29 AM

2. Spammers LOVE auto replies

We no longer use auto respond, but do monitor out-of-office employees' email accounts while they're away.

Reply to this post

Back to top Alert abuse Link here Permalink

Techtech