Security thoughts first thing in the morning

[dsrtao]

I wonder if anyone googles for vacation messages on mailing lists and sells the results to thieves? Having a name and an email address is likely to get you a physical address, and burglarizing an empty house must have a much higher success rate than otherwise.

I never use vacation messages except in a strictly work context, and work email isn't subscribed to any mailing lists outside the company's firewall...

Comments

They brought it on themselves

[metageek.livejournal.com]

I wonder if anyone googles for vacation messages on mailing lists and sells the results to thieves?

Pff. Anybody who sends vacation messages to mailing lists deserves what they get. (I'm looking at you, Exchange.)

[zonereyrie.livejournal.com]

See also.

[cellio]

That's one of two reasons that I don't set vacation notices for my personal email. The other is that it's rude to spam an entire mailing list with the fact that one subscriber most people have never heard of is on vacation.

(Work is different, and like you, I don't subscribe to lists there.)

[seawasp]

Anyone making the assumption that my going on vacation means that people aren't in my house would be terribly mistaken.

[dsrtao]

Yes, but on average, it increases the hit rate.

[seawasp]

True. Once that becomes known, though, you have an ideal way of catching such crooks.

[metahacker.livejournal.com]

Pipe them into a Google Maps mashup...

Plus, of course, services like Loopt or other location-aware apps (many iPhone apps, many Twitter clients, etc.) will let folks know when you're not at home. See also recent xkcd.

But really, depending on being home for security is a mediocre technique at best.

(I detest out of office messages. I would say there is about a 50:1 ratio of useless to useful messages, and in fact at work I have them automatically trashbinned. Idiotic things.)

[dsrtao]

Worse than 50:1. Anything which can be handled by a role instead of a specific person should be, and usually is...