Educause Security Discussion mailing list archives
Re: Security Breach Notification MIA...
From: "Manjak, Martin" <mmanjak () ALBANY EDU>
Date: Wed, 20 Feb 2013 15:43:14 +0000
We use InCommon and we received the notification (which also wound up in several recipients' junk folders). When given the option on the EDUCAUSE password reset page to log in via the federated method, I was able to successfully authenticate without having to change my pw. I'm assuming that anyone who had a local EDUCAUSE pw had it reset, regardless of whether they could or did use InCommon. We're contemplating how we might communicate to local EDUCAUSE members that they do not need to reset their local profile pws and should instead use the federated option, if they have never done so before. Marty Manjak ISO University at Albany -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Wednesday, February 20, 2013 10:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Breach Notification MIA... Those who use a federated login instead of local authentication were not affected and perhaps not even notified? - ken Allen, Jon D. wrote:
We did some analysis and there is a delta of about thirty users for us between those who received the email and those who are listed under our Educause account as users. I am not sure if there is a concept of an expired account that could be accounting for the delta. Thanks, _________________________________ Jon Allen, CISSP, EnCE Information Security Officer Baylor University 254.710.4793 www.baylor.edu/bearaware -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Wednesday, February 20, 2013 8:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Breach Notification MIA... The archive on the EDUCAUSE site is updated in pretty much real time, so that's a place where you could follow the discussion prior to getting a digest. If you look there, you'll see that the majority of the concern was the phishy-looking links in the message(s). That was caused by (1) EDUCAUSE's normal use of a third-party mass-mailer (Informz) and (2) the click-tracking URLs that were in the message. Those concerns were compounded because the normally sluggish (at best) EDUCAUSE website was moving at glacial speeds due to the load. I noticed the delta between the breech discovery and the announcement, but that wasn't a topic of concern as I recall, perhaps partially due to the two much more important concerns mentioned above. - ken Boyd, Daniel wrote:Has anyone else NOT received their email notification from EduCause about the security breach? The only reason I found out about it yesterday is because my CIO was watching the chatter on the CIO list about the notification. I get my security list discussions in digest form, so I had not seen the discussion here. Anyone else peeved that they waited 14 days to (supposedly) notify everyone? I’m not trying to stir up a flaming discussion (although I probably have succeeded), I really am just curious as to the mood here. Dan Daniel H. Boyd (94C) Senior Network Architect Network Operations Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Security Breach Notification MIA... Boyd, Daniel (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Allen, Jon D. (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Tonkin, Derek K (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Dexter Caldwell (Feb 20)
- Re: Security Breach Notification MIA... Hauber, Wayne [ITSEC] (Feb 20)
- Re: Security Breach Notification MIA... Allen, Jon D. (Feb 20)
- Re: Security Breach Notification MIA... Manjak, Martin (Feb 20)
- Re: Security Breach Notification MIA... Bateman, Darrell (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)