InfoSec Commentary - Think before you post
Often times there will be a surprising amount of sensitive information about your company sitting on the Web, waiting for someone to stumble upon it. Have you ever searched IT forums for your domain name? Try it! All too often, technical employees will post questions or answers to public forums, mentioning specific equipment in use at their company, and they'll use their work e-mail address! Ouch! Obviously, they aren't thinking about the blackhat who would love to find out what type of firewall or server you own without having to touch your network. To see this in action yourself go to several IT technical sites that you frequent that often have valuable information, tips, and solutions for problems you encounter. Perhaps you’re a Windows Administrator and you are having problems with time synchronization issues in AD across your enterprise or maybe you’re a programmer in VB who is migrating data to .NET and need to ask some experienced programmers some questions. What kind of information will you post? If your security conscience you will more than likely form your questions in a general sense so people can not actually glean information that is specific to your environment. All to often though many "good intentioned" developers and administrators post what to most seem inconspicuous information but to a skilled person performing reconnaissance and information gathering it could be just what they are looking for to start to gain a foothold in the enterprise. Although it may seem surprising to you, these kinds of posts are far too common on thousands of technical boards and forums across the Internet.
To avoid this, you should use a non-work e-mail address to post any information to a public forum, and the company's name should never be used. You will still get your questions answered, but your infrastructure details won't be posted for the world to see.