Thursday, April 25, 2013

firewall-wizards Digest, Vol 64, Issue 13

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Linked-in and its Phishing-like contacts option!
(Paul D. Robertson)
2. Re: Linked-in and its Phishing-like contacts option!
(Crispin Cowan)


----------------------------------------------------------------------

Message: 1
Date: Fri, 26 Apr 2013 00:35:30 -0400
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <DCA882B4-300A-49A3-B6B2-F5CE0C3FEDE8@compuwar.net>
Content-Type: text/plain; charset="utf-8"

Because the moderator is bored enough to entertain things outside the strict boundaries if there isn't better stuff on the list (hint) and he's feeling like a particular topic may generate something or he may want to rail on something or for no particular reason. There are a multitude of reasons general INFOSEC stuff makes the list- and historically I'm fairly sure I've been consistently inconsistent on that point.

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

On Apr 24, 2013, at 15:26, "Gautier . Rich" <RGautier@drc.com> wrote:

> Thoughts? I?m wondering why User Operational Security falls under the realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone by any stretch of the imagination, and plenty of users seem to be perfectly willing to accept the risk (or be unaware of it). However, not much you can do on the firewall side other than turning off webmail access...
>
> Richard Gautier, CISSP
> Enterprise Architect, Federal Group
> <image002.png>
> 650 Massachusetts Avenue NW
> Suite 510
> Washington, DC 20001
> Office: (571) 226-8828 | Cell: (703) 231-2156
> rgautier@drc.com | www.drc.com
>
> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
> Sent: Monday, April 22, 2013 7:30 PM
> To: Firewall Wizards Security Mailing List
> Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!
>
> Hiya all.
>
> Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!
>
> Bloody hell! It's not like the job of getting users to not submit this information to other sites isn't already hard enough without this!!! The "can't put brains in pumpkins " department must be having a field day over this.
>
> Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?
>
> Maybe I am expecting too much? Thoughts?
> --
> Regards,
> M@
> --
> "Some things are eternal by nature,
> others by consequence"
> This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130426/fd2ac25f/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 26 Apr 2013 04:53:57 +0000
From: Crispin Cowan <crispin@crispincowan.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <BLU401-EAS50676EE2653C8D08F9532B1C1B70@phx.gbl>
Content-Type: text/plain; charset="utf-8"

I boycott all social media. I?m not opposed to social networking, but I am opposed to some dot.com monetizing my relationships; I do all my social networking via open protocols like e-mail, and having a beer with a friend ?


I broke this rule once, joining LinkedIn 5 years ago, because I needed a job. LinkedIn was a total failure at getting a job, but attending ToorCon and having a beer with someone I met there worked. I deleted my LinkedIn account when I got tired of the ?Foo wants to connect with you? spam. I?m still getting LinkedIn spam.


Screw social networking web sites. I don?t have a FaceBook page or a Twitter account, and never will.


Funny, I never envisioned myself as Clint Eastwood yelling at kids to get off my lawn, but here I am ?



Sent from Windows Mail



From: Gautier . Rich
Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
To: Firewall Wizards Security Mailing List



Thoughts? I?m wondering why User Operational Security falls under the realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone by any stretch of the imagination, and plenty of users seem to be perfectly willing to accept the risk (or be unaware of it). However, not much you can do on the firewall side other than turning off webmail access...



Richard Gautier, CISSP

Enterprise Architect, Federal Group

drc-logo

650 Massachusetts Avenue NW

Suite 510

Washington, DC 20001

Office: (571) 226-8828 | Cell: (703) 231-2156

rgautier@drc.com | www.drc.com



From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
Sent: Monday, April 22, 2013 7:30 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!





Hiya all.





Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!

Bloody hell! It's not like the job of getting users to not submit this information to other sites isn't already hard enough without this!!! The "can't put brains in pumpkins " department must be having a field day over this.

Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?


Maybe I am expecting too much? Thoughts?

--

Regards,
M@



--
"Some things are eternal by nature,
others by consequence"



This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130426/5ffce468/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 2089 bytes
Desc: image002.png
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130426/5ffce468/attachment.png>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 64, Issue 13
************************************************

1 comment:

  1. Anonymous11:44 PM

    I have to say thanks a ton for the work you have put in publishing this article on the subject of car rental denver airport four
    wheel drive. I am looking forward to the very same top-notch content from you in future as well.
    In fact, your creative authoring abilities have inspired me to get my personal web site right now.
    Actually, posting is spreading its wings rapidly. Your post is definitely a
    good demonstration of it.

    Feel free to visit my webpage - Car Hire Lanzarote

    ReplyDelete