Educause Security Discussion mailing list archives
Re: The Slate breakin
From: Mahmud Rahman <mrahman () MILLS EDU>
Date: Fri, 8 Mar 2019 12:44:58 -0800
The Fortune article is the only one I've seen specifically mentioning phishing. The mention of password-reset systems in other articles, and Slate's message, also suggests the possibility of someone managing to get through the password reset systems in other ways. I would assume the implications for that are to review our password reset systems and evaluate weaknesses there. Mahmud Rahman MFA '04 Director of Systems and Banner Services, ITS Mills College, Oakland CA (510)430-2257 mrahman () mills edu On Fri, Mar 8, 2019 at 10:34 AM Allan Chen <allanchen () muhlenberg edu> wrote:
The fortune article is the only one that explicitly comments on phishing. Were the others that cited phishing specifically? Chief Information Officer Muhlenberg College <http://www.muhlenberg.edu> 484-664-3464 Office of Information Technology Blog <http://it.blogs.muhlenberg.edu> twitter: @kaiyen <https://twitter.com/kaiyen> On Fri, Mar 8, 2019 at 1:11 PM Mahmud Rahman <mrahman () mills edu> wrote:I'm assuming most folks in this group have read this morning's news. We received the alert from Slate yesterday that something had happened, but details were few. https://www.insidehighered.com/admissions/article/2019/03/08/three-private-colleges-have-admissions-files-hacked http://fortune.com/2019/03/08/college-applicant-ransomware-hack/ I've seen some blame directed at password reset systems. But it appears that the source of the breach was compromised accounts in admissions staff, gained through phishing. The more our colleges go to Single Sign On for everything, the greater the risk from compromised accounts. SSO provides convenience but escalates the risk. It would appear now that universal SSO has to be combined with universal multi-factor authentication systems. I wonder, though, about universal SSO since the keys now open way more doors into the kingdom. Other than education about phishing, what are other schools doing today? I imagine that the attacks will get more targeted and more ingenious. -Mahmud Mahmud Rahman MFA '04 Director of Systems and Banner Services, ITS Mills College, Oakland CA (510)430-2257 mrahman () mills edu
Current thread:
- Re: [EXTERNAL]Re: [SECURITY] Phishing Blog, (continued)
- Re: [EXTERNAL]Re: [SECURITY] Phishing Blog Eyachabbe, Lynnetta J. (Feb 22)
- Re: Phishing Blog Tom Miller (Feb 22)
- Re: Phishing Blog PACC (Feb 22)
- Re: Phishing Blog Ed Jalinske (Feb 22)
- The Slate breakin Mahmud Rahman (Mar 08)
- Re: The Slate breakin Mahmud Rahman (Mar 08)
- Re: The Slate breakin Jon Miner (Mar 08)
- Re: The Slate breakin Nicholas Garigliano (Mar 08)
- Re: The Slate breakin Ruth Ginzberg (Mar 08)
- Re: Phishing Blog Ed Jalinske (Feb 22)
- Re: The Slate breakin Allan Chen (Mar 08)
- Re: The Slate breakin Mahmud Rahman (Mar 08)