Educause Security Discussion mailing list archives

Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004)

From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Thu, 4 Mar 2004 16:25:08 -0500

"...the majority of mail servers still do not require authentication..."


Where??



-- 
Mark S. Bruhn, CISSP, CISM 
Chief IT Security and Policy Officer 
Associate Director, Center for Applied Cybersecurity Research
(http://cacr.iu.edu) 
Office of the Vice President for Information Technology and CIO 
Indiana University 
812-855-0326 
Incidents involving IU IT resources: it-incident () iu edu 
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu 


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Galloway, Dan
Sent: Thursday, March 04, 2004 8:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Student Charged with Breaking Into Roommate's E-Mail
Account (26 February 2004)


I saw this article in a recent SANS newsletter. I thought the Security
listserv group might find it of interest....


--Student Charged with Breaking Into Roommate's E-Mail Account
Iowa State University student Nicholas Jensen has been charged with
breaking into his former roommate's e-mail account and sending phony
messages to people under the roommate's name.  If convicted, Jensen
could face fines and a three-year prison sentence.
http://www.usatoday.com/tech/news/2004-02-26-gay-mail_x.htm
[Editor's Note (Grefer): Given that the majority of mail servers still
do not require authentication of users sending mail, there's a chance
that the student could have sent these messages without breaking into
anything.]


Daniel C. Galloway, Jr.
James Madison University
Commonwealth Information Security Center (CISC)
Institute for Infrastructure and Information Assurance (3IA)
www.jmu.edu/iiia
Richmond Office: (804) 371-5186
Harrisonburg Office: (540) 568-1691


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Julia Allen
Sent: Monday, February 16, 2004 3:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Return On Security Investment (ROSI)

Dan,

You will find a broad range of recent "information security survey"
sources
for your ROSI work by doing an Internet search on this term. It results
in
links to the work of PriceWaterhouseCoopers, CSI/FBI, Information
Security
Magazine, and Ernst & Young, to name a few.

Julia Allen

--On Friday, February 13, 2004 4:08 PM -0500 "Galloway, Dan"
<Dan.Galloway () VITA VIRGINIA GOV> wrote:



One of my associates will be giving a presentation at the EDUCAUSE
Security Professionals Workshop in Washington this spring on the

subject

of Return On Security Investment (ROSI).



As part of his research he is trying to find some "real world"

statistics

on the actual or estimated cost of security breaches, as well as the
costs associated with defending against security attacks.



Since the cost of various security software packages and associated
hardware is pretty easily identified, the cost of the hardware/

software

to protect against security breaches can be estimated. However,

finding

the soft costs of security protection, as well as the costs associated
with security breaches, is quite a bit more difficult.



If you have any information on this subject, or any suggestions as to

how

best to find out some of this information, I would very much

appreciate

it if you would let me know. Thanks!



BTW, any information you send me will be kept confidential unless you

say

otherwise.



Yours,



Daniel C. Galloway, Jr.

James Madison University

Commonwealth Information Security Center (CISC)

Institute for Infrastructure and Information Assurance (3IA)

www.jmu.edu/iiia

Richmond Office: (804) 371-5186

Harrisonburg Office: (540) 568-1691



  ********** Participation and subscription information for this

EDUCAUSE

Discussion Group discussion list can be found at
http://www.educause.edu/cg/. ********** Participation and subscription
information for this EDUCAUSE Discussion Group discussion list can be
found at http://www.educause.edu/cg/. ********** Participation and
subscription information for this EDUCAUSE Discussion Group discussion
list can be found at http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Bruhn, Mark S. (Mar 04)
- <Possible follow-ups>
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Christopher Cramer (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Matthew Keller (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) David L. Wasley (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Bruhn, Mark S. (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Dewitt Latimer (Mar 04)