Educause Security Discussion mailing list archives
Fwd: Re: [SECURITY] Directory Trolling
From: Dave Kovarik <david-kovarik () NORTHWESTERN EDU>
Date: Tue, 15 Jun 2010 15:15:18 -0500
From Roger Safian: I'm at FIRST. If anyone wants to talk about this, or other topics, seek me out. At 12:22 PM 6/15/2010, Ken Connelly put fingers to keyboard and wrote:
Northwestern displays the e-mail address from a directory lookup as a simplistic captcha image. I've been trying for a couple of years to get a similar thing implemented here, but so far... http://directory.northwestern.edu/
Just a couple of comments about the service. We have a method to allow our authenticated users to view the actual (clickable) information. That works pretty well, so for most of our community they don't have to deal with the CAPCHA's. The service still helps prevent spam, but, we can see some flaws. Cheap labor means that you can no hire somebody to manually root through the directory and record the addresses by hand. We've seen the attacks several times, and the time it takes (along with typos) makes it pretty clear these are not automated. At 12:31 PM 6/15/2010, Daniel Bennett put fingers to keyboard and wrote:
I am interested to know if any university has seen student abuse of their online public directory? I have seen some instances where students will use that directory to contact other students from a class and send a cancelation notice to the students in a class when in fact the class was not canceled.
We've seen this, but, typically it's not done via the directory, but through our course management system which has a class list feature. FWIW, it's not very common, and I believe has always results in disciplinary action against the so called genius who wanted to enjoy a nice day off. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 467-6437 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Fwd: Re: [SECURITY] Directory Trolling Dave Kovarik (Jun 15)