Educause Security Discussion mailing list archives
Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004)
From: Dewitt Latimer <dewitt () ND EDU>
Date: Thu, 4 Mar 2004 18:08:00 -0500
Here at Notre Dame we have moved our entire ResNet block (8000+) over to SMTPAuth & SSL POP/IMAP and blocked port 25 all together on Feb 1, 2004. The project went fairly smoothly and the students seem to understand/appreciate the request. Eudora was our biggest problem. -d ----- Original Message ----- From: "Bruhn, Mark S." <mbruhn () INDIANA EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Thursday, March 04, 2004 5:24 PM Subject: Re: [SECURITY] Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Gotcha. I didn't read that carefully enough. I was thinking of users logging into their email accounts. We are now blocking outbound smtp at our network borders, and requiring authenticated smtp to our external relays for many of our subnets with the rest coming under this requirement on March 9th. (I think I got that description right...) M. -- Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Associate Director, Center for Applied Cybersecurity Research (http://cacr.iu.edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David L. Wasley Sent: Thursday, March 04, 2004 5:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) "... the majority of mail servers still do not require authentication of users sending mail ..." ^^^^^^^^^^^^^^^^^^^^^ | | | | | | | | | | | We don't. Some sites use SMTP-Auth or the like... David ----- At 4:25 PM -0500 on 3/4/04, Bruhn, Mark S. wrote:
"...the majority of mail servers still do not require
authentication..."
Where??
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Bruhn, Mark S. (Mar 04)
- <Possible follow-ups>
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Christopher Cramer (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Matthew Keller (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) David L. Wasley (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Bruhn, Mark S. (Mar 04)
- Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004) Dewitt Latimer (Mar 04)