Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004)

["Galloway, Dan" <Dan.Galloway () VITA VIRGINIA GOV>]

I saw this article in a recent SANS newsletter. I thought the Security
listserv group might find it of interest....

 

 

--Student Charged with Breaking Into Roommate's E-Mail Account

Iowa State University student Nicholas Jensen has been charged with

breaking into his former roommate's e-mail account and sending phony

messages to people under the roommate's name.  If convicted, Jensen

could face fines and a three-year prison sentence.

http://www.usatoday.com/tech/news/2004-02-26-gay-mail_x.htm

[Editor's Note (Grefer): Given that the majority of mail servers still

do not require authentication of users sending mail, there's a chance

that the student could have sent these messages without breaking into

anything.]

 

 

Daniel C. Galloway, Jr.

James Madison University

Commonwealth Information Security Center (CISC)

Institute for Infrastructure and Information Assurance (3IA)

www.jmu.edu/iiia

Richmond Office: (804) 371-5186

Harrisonburg Office: (540) 568-1691

 

 

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julia Allen
Sent: Monday, February 16, 2004 3:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Return On Security Investment (ROSI)

 

Dan,

 

You will find a broad range of recent "information security survey"
sources

for your ROSI work by doing an Internet search on this term. It results
in

links to the work of PriceWaterhouseCoopers, CSI/FBI, Information
Security

Magazine, and Ernst & Young, to name a few.

 

Julia Allen

 

--On Friday, February 13, 2004 4:08 PM -0500 "Galloway, Dan"

<Dan.Galloway () VITA VIRGINIA GOV> wrote:

 

>

>

> One of my associates will be giving a presentation at the EDUCAUSE

> Security Professionals Workshop in Washington this spring on the
subject

> of Return On Security Investment (ROSI).

>

>

>

> As part of his research he is trying to find some "real world"
statistics

> on the actual or estimated cost of security breaches, as well as the

> costs associated with defending against security attacks.

>

>

>

> Since the cost of various security software packages and associated

> hardware is pretty easily identified, the cost of the hardware/
software

> to protect against security breaches can be estimated. However,
finding

> the soft costs of security protection, as well as the costs associated

> with security breaches, is quite a bit more difficult.

>

>

>

> If you have any information on this subject, or any suggestions as to
how

> best to find out some of this information, I would very much
appreciate

> it if you would let me know. Thanks!

>

>

>

> BTW, any information you send me will be kept confidential unless you
say

> otherwise.

>

>

>

> Yours,

>

>

>

> Daniel C. Galloway, Jr.

>

> James Madison University

>

> Commonwealth Information Security Center (CISC)

>

> Institute for Infrastructure and Information Assurance (3IA)

>

> www.jmu.edu/iiia

>

> Richmond Office: (804) 371-5186

>

> Harrisonburg Office: (540) 568-1691

>

>

>

>   ********** Participation and subscription information for this
EDUCAUSE

> Discussion Group discussion list can be found at

> http://www.educause.edu/cg/. ********** Participation and subscription

> information for this EDUCAUSE Discussion Group discussion list can be

> found at http://www.educause.edu/cg/. ********** Participation and

> subscription information for this EDUCAUSE Discussion Group discussion

> list can be found at http://www.educause.edu/cg/.

 

**********

Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.