Thursday, April 05, 2007

Yes this is a public document...

So whats a public document? Do you have to make an official announcement or leaving it in an insecure place makes it a public document? Even these scenarios makes it one:

1. Did not announce it but the document is accessible via http://server/...
2. The person with administrative authority talks about it or blogs it.
3. Accessible via ftp://server/pub/... and if all it requires is anonymous login.
4. A link is clicked and it challenges with a trivial login like guest/guest with no warning messages. If it is not easy to ascertain that its a private property then easy logins are like a door knob which is not locked and can be opened by twisting it. Like, http://server/whitepapers or http://server/announcements/ or http://server/docs. Neither the whitepapers, announcements nor the docs has an intent of being private.
5. If test or development servers with internal documents are externally accessible.
6. Google cached documents.
7. If the links are found on a search engine and not passed on by a human.
8. If the document is found with no "return to the company if found" message. Beat the employees then.
9. Sent to a wrong address.
10. Announce it in a all-hands and the employees passed it on. Get them sign a privacy protection document.

No comments: