Educause Security Discussion mailing list archives

Re: risk asessment in edu

From: "Plesco, Todd" <tplesco () CHAPMAN EDU>
Date: Fri, 19 Jun 2009 11:01:26 -0700

While I can agree that the domain suffix of discussion members seems
dubious, I find it even more intriguing that discussion threads are
easily found with a Google search.  That tells me the content of
discussions and identification of our entities may have elevated risks
as a result of being world readable.

Todd A. Plesco  CISM, CBCP
Chapman University, Director of Information Security
One University Drive, Orange, CA 92866
Phone: (714) 744-7979/Fax: (714) 744-7041

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wes Young
Sent: Thursday, June 18, 2009 1:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] risk asessment in edu

It's interesting to me that a non-edu address works on an edu-specific  
security discussion list at all. Student project or not...

Guidelines Fail:

* All postings should be signed with the subscriber's name,  
institutional/organizational/corporate affiliation, and e-mail  
address. We do not recommend the use of vCards or other attachments.


ref:
http://www.educause.edu/Community/ConstituentandDiscussionGroups/Constit
uentandDiscussionGroupP/892



... an EPIC FAIL would have been using the phrase "IMPORTANT" in the  
original post. :)

On Jun 18, 2009, at 4:41 PM, jeff murphy wrote:


On Jun 18, 2009, at 4:32 PM, Bob Bayn wrote:

Dennis Meharchand commented about "reflect ocean"

You've not identified yourself - How do we know that you are not  
phishing?
A Gmail address and a name such as Reflect Ocean looks dubious.



I was likewise skeptical.    Maybe it's time for reflect ocean to  
identify
him/herself and institutional affiliation.  We're all friends and  
fellow
professionals here; we shouldn't have to hide behind pseudonyms.




My first thought was "this is probably a student fishing for an  
answer to a class question/project". You periodically see that on  
nanog, etc.


--
Wes Young
University at Buffalo
http://claimid.com/wesyoung

Current thread:

Re: risk asessment in edu, (continued)
- Re: risk asessment in edu Kevin Wilcox (Jun 18)
- Re: risk asessment in edu Bob Bayn (Jun 18)
- Re: risk asessment in edu jeff murphy (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 18)
- Re: risk asessment in edu Valdis Kletnieks (Jun 18)
- Re: risk asessment in edu reflect ocean (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 19)
- Re: risk asessment in edu Gary Flynn (Jun 19)
- Re: risk asessment in edu Karen Stopford (Jun 19)
- Re: risk asessment in edu reflect ocean (Jun 19)
- Re: risk asessment in edu Plesco, Todd (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)
- Re: risk asessment in edu Allison Dolan (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)