[Full-disclosure] Fwd: threat to corporate security

[n3td3v at gmail.com (n3td3v)]

---------- Forwarded message ----------
From: n3td3v <n3td3v at gmail.com>
Date: Apr 9, 2007 4:44 AM
Subject: threat to corporate security
To: Yahoo Security Contact <security at yahoo-inc.com>, paranoids at yahoo-inc.com


the conspiracy is a lot of spam actually belongs to hackers. hackers
are increasingly using fake penis enlargement e-mail to probe the out
of office auto responders of large corporations. its amazing how much
information is left on auto responders, espeically at popular vaction
times like easter and xmas. individual employees un firmilar with
security issues are increasingly throwing inetrnal operational
information for co-workers to pick up, n3td3v said. the problem is its
more than co-workers who are picking up this information and using it
for hacking large corporations like yahoo. you can't rely on your
employees anymore, corporations have got to start probing inboxes,
because the bad guys are, n3td3v said. corporations have got to get
tough on thsi n3td3v said. you got to harden your defenses on this
front and strenghen your security policya t the same time to reassure
security teams that employees are still aware of the threat of
internet facing corporate mail boxes spewing out all kinds of
information which is ultimately damaging for the company and its long
term ecnomic interests. large corporations don't want to get hacked by
simple yet effective attack vectors like this, n3td3v said, corporate
security teams have really got to take this seriously and do something
about it. just when you thought all that spam thats being sent aroudn
the internet clogging up mail servers only have a commercial purpose,
no, hackers are starting to to hitch a free ride on spam trends and
are increasingly dressing up mail box probes as popular spam to
effectively ping the inboxes of large multinationals to harvest out of
office responder data, n3td3v finished saying in a statement sent
early monday.