Educause Security Discussion mailing list archives
Re: Get Study Room site
From: Leland Lyerla <llyerla () UU EDU>
Date: Wed, 8 Oct 2014 20:47:37 +0000
When I visited the registration page to get more info the site asked for a new password, but did not expressly say not to use the student's campus account password. Students likely would still use the same password unless otherwise told not to, so the danger of compromise is still present due to a bad security practice and vague instructions. Leland ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Kevin Halgren [kevin.halgren () WASHBURN EDU] Sent: Wednesday, October 08, 2014 3:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Get Study Room site Saw a note elsewhere that sometime between Oct. 2nd and today they may have stopped asking for LMS credentials. I’d consider that unconfirmed at this point and I haven’t checked myself, but they certainly are known for doing this. Kevin From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Waitkus Sent: Tuesday, October 07, 2014 12:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Get Study Room site We sent a cease and desist letter to them as they had a ‘connection’ to our LMS, they then replied on who the correct contact would be to initiate this connection. We are not addressing the collaboration or the unsolicited emails. ———— Alex Waitkus Security Analyst, Lead Information Security Services Georgia State University awaitkus () gsu edu<mailto:awaitkus () gsu edu> security () gsu edu<mailto:security () gsu edu> Phone 404.413.4377 Security 404.413.4524 http://technology.gsu.edu/technology-services/it-services/security/ On Oct 7, 2014, at 1:12 PM, Alex Jalso <ACJalso () MAIL WVU EDU<mailto:ACJalso () MAIL WVU EDU>> wrote: Hello Everyone, Has anyone dealt with the site http://getstudyroom.com<http://getstudyroom.com/>, also goes by the name StudyRoom. It’s a social networking type of site promoting to students the ability to work together on class assignment. What WVU is experiencing is that when students sign up on this site that there’s an increase in unsolicited e-mail to students from the @getstudyroom.com<http://getstudyroom.com/> domain. It’s also thought that StudyRoom uses students’ login credentials to attempt access to other university sites. Thanks. Alex Alex Jalso, PMP, CISM Director Information Security Services West Virginia University p: 304-293-4457
Current thread:
- Get Study Room site Alex Jalso (Oct 07)
- Re: Get Study Room site Alex Waitkus (Oct 07)
- Re: Get Study Room site Kevin Halgren (Oct 08)
- Re: Get Study Room site Beyette, Jeremy (Oct 08)
- Re: Get Study Room site Leland Lyerla (Oct 08)
- Re: Get Study Room site Kevin Halgren (Oct 08)
- Re: Get Study Room site Jones, Mark B (Oct 07)
- Re: Get Study Room site Alex Waitkus (Oct 07)