Re: False use of USENIX/SAGE/LISA names

[Jim Dennis <jimd@starshine.org>]

> Recently USENIX has had a rash of reports of past LISA attendees
> receiving phone calls and/or email from someone purporting to be
> from USENIX/SAGE and stating there will be multiple editions of the
> LISA (Systems Administration) Conference this year (for instance, in
> Chicago in August and Ontario, Canada in September).  The purpose is
> to obtain contact info for sysadmins; you are asked to provide
> colleagues' names.  These names go directly to recruiters who may or
> may not be the source of the original fraud.

...


> We need your help putting a stop to this. Please try to get a name
> and phone number from the caller and encourage him/her to contact
> you by email, then try to get a traceroute.  Please email notice of
> possible incidents to office@usenix.org.

	This is classic.  I have a suggestion for dealing
	with the broader issue --- one that I've used for all cases
	where someone unknown to me (and often when someone I know)
	asks for contact information for *any* third party.

	I simply ask them to provide me with a message which I
	will then relay for them.  Usually I encourage them to do
	this via e-mail.
	
	I make it clear that I'll will try to deliver the message
	and that I have no control over how, or if, the recipient
	will respond.

	This has been my personal and professional policy for a 
	number of years --- and it has been the policy adopted at
	sites where I've been a sysadmin.  It has been the approved
	procedure for mail to Postmaster at these sites ("We can't
	confirm or deny that the person you've asked about is
	available here --- but we will relay a message to them
	if possible, so that they can respond directly").

	(This protects the privacy of employees, former employees,
	etc).

--
Jim Dennis  (800) 938-4078		consulting@starshine.org
Proprietor, Starshine Technical Services:  http://www.starshine.org