Wednesday, December 19, 2012

bcc: Anyone?

 How is it possible that a Dept of Defense IT service provider continues to send announcements (maintenance windows, outages, etc.) to a HUGE list of clients and simply adds all of the client email addresses to the To: line?


If I were evil I would farm that list for potential victims and also for an easy information set to use in a social engineering attack on the service provider.

Come on folks!

This is basic Operational Security stuff!

No comments:

Post a Comment