Re: Security Breach Notification MIA...

["Bateman, Darrell" <darrell.bateman () TTU EDU>]

Everyone that had an account with EDUCAUSE at the time of the breach, including those that uses the InCommon federated 
login, should consider their EDUCAUSE stored password as compromised. This could have ramifications for you if you use 
that same password for other sites or if that password is based on some recognizable pattern you use elsewhere. To 
fully protect yourself, you may need to change all your other passwords that might be guessed as a result of the 
EDUCAUSE compromised password.

--------------------------------------
Darrell Bateman
Assistant Vice President for IT and ISO
Office of the Chief Information Officer
Information Technology Division
Texas Tech University


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Manjak, 
Martin
Sent: Wednesday, February 20, 2013 9:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Breach Notification MIA...



We use InCommon and we received the notification (which also wound up in several recipients' junk folders). When given 
the option on the EDUCAUSE password reset page to log in via the federated method, I was able to successfully 
authenticate without having to change my pw.

I'm assuming that anyone who had a local EDUCAUSE pw had it reset, regardless of whether they could or did use InCommon.

We're contemplating how we might communicate to local EDUCAUSE members that they do not need to reset their local 
profile pws and should instead use the federated option, if they have never done so before.

Marty Manjak
ISO
University at Albany


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken 
Connelly
Sent: Wednesday, February 20, 2013 10:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Breach Notification MIA...

Those who use a federated login instead of local authentication were not affected and perhaps not even notified?

- ken

Allen, Jon D. wrote:
> We did some analysis and there is a delta of about thirty users for us between those who received the email and those 
> who are listed under our Educause account as users.  I am not sure if there is a concept of an expired account that 
> could be accounting for the delta.
>
>
> Thanks,
>
> _________________________________
> Jon Allen, CISSP, EnCE
> Information Security Officer
> Baylor University
> 254.710.4793
>
>
>         www.baylor.edu/bearaware
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly
> Sent: Wednesday, February 20, 2013 8:44 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Security Breach Notification MIA...
>
> The archive on the EDUCAUSE site is updated in pretty much real time, so that's a place where you could follow the 
> discussion prior to getting a digest.  If you look there, you'll see that the majority of the concern was the 
> phishy-looking links in the message(s).  That was caused by (1) EDUCAUSE's normal use of a third-party mass-mailer 
> (Informz) and (2) the click-tracking URLs that were in the message.  Those concerns were compounded because the 
> normally sluggish (at best) EDUCAUSE website was moving at glacial speeds due to the load.
>
> I noticed the delta between the breech discovery and the announcement, but that wasn't a topic of concern as I 
> recall, perhaps partially due to the two much more important concerns mentioned above.
>
> - ken
>
> Boyd, Daniel wrote:
>
> > Has anyone else NOT received their email notification from EduCause
> > about the security breach?  The only reason I found out about it
> > yesterday is because my CIO was watching the chatter on the CIO list
> > about the notification.  I get my security list discussions in digest
> > form, so I had not seen the discussion here.  Anyone else peeved that
> > they waited 14 days to (supposedly) notify everyone?  I’m not trying
> > to stir up a  flaming discussion (although I probably have
> > succeeded), I really am just curious as to the mood here.
> >
> >
> >
> > Dan
> >
> >
> >
> > Daniel H. Boyd (94C)
> > Senior Network Architect
> > Network Operations
> > Berry College
> > Phone: 706-236-1750
> > Fax:     706-238-5824
> >
> > There are two rules to follow with your account passwords:
> > 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
> > 2. If unsure, consult rule #1
>
> --
> - Ken
> =================================================================
> Ken Connelly             Associate Director, Security and Systems
> ITS Network Services                  University of Northern Iowa
> email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
>
> Any request to divulge your UNI password via e-mail is fraudulent!

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!