I posted a reply to Bugtraq today (that somehow got disassociated from
the
original thread I was replying to). My message outlined bug
fixes/enhancements to the Tcl code in the research report,
"Creating Backdoors in Cisco IOS using Tcl,"
recently released by Information Risk
Management Plc (a UK-based information security consultancy).
Today, in addition to deleting the occasional stray piece of spam that
makes it through various levels of filtering, I've had to delete message
after message from around the world outlining that so-and-so of
Big Organization Inc. is out of the office (often for quite awhile). These
emails are often quite helpful in providing other contact information that
it seems like could be used for nefarious social engineering purposes.
("Hi Bob,
this is Carol. I'd been working with
Alice on
______; she told me to contact you if I had any problems while she's
gone. Anyway, I forgot how to connect to the _______ system; can you
give me those connection settings again so I can get through the
corporate firewall?")
Anyway, how wise is it for people working in information security to
advertise the fact that they are out of the office (and, at least personally,
not minding the proverbial store) to random strangers (that they've never had
any contact with previously)? Regardless, it seems like poor netiquette to
ever reply to a mailing list with an out of office autoresponse.
Maybe it's just an Exchange/Outlook social norm to do so...?
So far I've received messages in various languages: English and Portuguese
(that I can read); French and Italian (where I can pick out some words),
and Russian—which might as well be
Greek to me.
— Michael A. Cleverly
Tuesday, November 27,
2007
at 21:00
153 comments
| Printer friendly version
A letter addressed to me arrived from our children's school today:
John S. Sheffield, Principal
Heritage Elementary
[address]
November 27, 2007
Michael Cleverly
[address]
Dear Mr. Cleverly,
As of this date, we have not had any response from you to our recent
request for a copy of your child's birth certificate. In order to
comply with State and Federal law, we must have a copy of this document
on file in order for your child to attend school.
We must have a copy of the birth certificate in our file by
Monday, December 10, 2007. We are required to notify local law
enforcement officials if you fail to comply with this requirement.
If you do not have a certified copy of your child's birth certificate,
you can call the Office of Vital Records at 538-6380 for information about
how to obtain a copy. Blessing or Christening certificates are not valid
for this purpose. If we can be of any assistance, please call the school
at [phone].
We would appreciate your prompt attention to this matter.
Sincerely,
/s/ John S. Sheffield, Principal
Why, suddenly, after my kids have been attending Heritage Elementary
for years does the school want a copy of one of their birth
certificates? And which one? And what exactly will they use it for?
And what happens after December 10th and the dreaded referral to
local law enforcement? What is that all about? Will Layton PD post a
uniformed officer out front to make sure that only Meghan and Jacob,
but not Caleb (say) enter the school?
Shauna would probably prefer we send copies of all three of our
school-age childrens' birth certifiates, but I think it is wholly
appropriate to occasionally push back and require people who want
personally identifying information (or identity documents in this case)
to articulate precisely why they need them, what entitles them to require
them, etc.
This is the response I've drafted which I intend to send in the morning.
Michael A. Cleverly
[address]
November 29, 2007
John S. Sheffield, Principal
Heritage Elementary
[address]
Dear Mr. Sheffield,
I am in receipt of your letter dated November 27, 2007 requesting a copy
of "[my] child's birth certificate" prior to "December 10, 2007" on pain
of their not being able to attend school and a referral to local law
enforcement.
Although the opening paragraph of your letter makes reference to some other
"recent request," this is the first time this matter has been brought to
my attention. I am writing to solicit additional information I need you
to provide before I will be able to comply with your request.
In your letter you state, "in order to comply with State and Federal law,
we must have a copy of this document on file in order for your child to
attend school." As an initial matter, I ask that you provide citation(s)
to the relavent state AND federal statues you are both alluding & making
your request persuant to.
As you will find by consulting your enrollment records, I have three
children presently enrolled at Heritage Elementary: Meghan (5th grade);
Caleb (4th grade); and Jacob (2nd grade).
Your letter requests "a copy of [my] child's birth certificate." Your
use of the singular "child" instead of the plural "children" indicates
your need for only one of my children's birth certificates; however,
your letter does not identify which one. I respectfully request that you
articulate, in writing, precisely which child you are referring to.
I am at a loss as to why you suddenly need a copy of one of my children's
birth certificate. My children have been happily enrolled at your school
since the 2002-2003 (Meghan), 2003-2004 (Caleb), and 2005-2006 (Jacob)
school years. I would like to understand what is precipitating this sudden
urgent request years after we first enrolled each of them in Kindergarten
at Heritage Elementary.
I look forward to receiving your prompt reply on or before December 7, 2007
(to allow time to comport myself with your request before the December 10, 2007
deadline).
Best regards,
/s/ Michael A. Cleverly
Am I being unreasonable?
— Michael A. Cleverly
Thursday, November 29,
2007
at 23:45
166 comments
| Printer friendly version
