Re: New SANS Discount Programs to Educational Centers

["Jefferson, Ronnie V." <RVJefferson () ST-AUG EDU>]

SPAM is an ever present problem across college campuses and we have our own
issues as well where this issue is concerned. I know that there are quite a
few software packages available that may adequately address the problem, but
at the same time might be a bit pricey. Is there anyone out there that has
used SPAM software that has worked well for their respective campus, is
fairly cost effective, and doesn't take an Army of security engineers to
setup and install?

Thanks!

Ronnie Jefferson
VP for Information Technology/CIO
Saint Augustine's College
Center for Information Technology
1315 Oakwood Avenue
Raleigh, NC 27610
(919) 516-4379 (V)
(919) 516-4382 (F)
rvjefferson () st-aug edu
www.st-aug.edu


-----Original Message-----
From: H. Morrow Long [mailto:morrow.long () YALE EDU]
Sent: Monday, December 01, 2003 4:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] New SANS Discount Programs to Educational
Centers


On Dec 1, 2003, at 10:10 AM, David Escalante wrote:
> Just thought I'd mention that Mozilla 1.5 reports your X.509 signature
> as "broken" for this message.  It notes that the signature does not
> match the message content correctly, and that the message appears to
> have been altered since sending.  This is conceivable if some
> majordomo-ish software munged the headers or something, but if that's
> what happened, then there's no point in signing messages to lists.
> Interesting.  Have you run into this before?
> --
> David Escalante
> Director of Computer Security
> Boston College

David --  The mailing list software which EDUCAUSE is using is
        modifying the message sent to some degree -- and actually
        any small amount of modification at all will throw off the crypto
        'signing' of the MIME parts. I've checked the 'sent' message in
        my 'out box' and the signature on it is fine and can be verified.

        Yes, I've run into List s/w modifying e-mail messages before
        (e.g. by appended lines to the posted messages) then breaking
        the digital signatures (you can get around this by only tacking on
        info as part of the RFC822 headers which should be 'outside' the
        digital signature for the message).

The major change that the list s/w is making inside the MIME message
parts
is inserting a tagline for the Educause discussion groups -- e.g. the
two lines:

**********\$
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

But the list software is also reformatting "whitespace" in the message
as well (changing leading tabs to spaces and removing trailing spaces).

Here is a 'diff' between the message I sent and what I received from
the list
( the RFC822 headers have been removed as well as the trailing S/MIME
sig)
to demonstrate :

[net248-80:/tmp] morrow% diff one two | vis -l
3c3\$
<       boundary=Apple-Mail-1--870838275\$
---\$
>         boundary=Apple-Mail-1--870838275\$
9,10c9,10\$
<       charset=US-ASCII;\$
<       format=flowed\$
---\$
>         charset=US-ASCII;\$
>         format=flowed\$
12c12\$
< I received the following targeted e-mail from SANS (Note: I have no \$
---\$
> I received the following targeted e-mail from SANS (Note: I have no\$
14c14\$
< I know that many of us in higher ed participate in SANS training as \$
---\$
> I know that many of us in higher ed participate in SANS training as\$
17c17\$
< SANS is offering two new discounted packages specifically to .edu \$
---\$
> SANS is offering two new discounted packages specifically to .edu\$
23c23\$
< 2. General end-user online SANS Security Awareness Training @ $1 per
\$
---\$
> 2. General end-user online SANS Security Awareness Training @ $1 per\$
26c26\$
< H. Morrow Long, Director - Information Security Office, ITS, Yale \$
---\$
> H. Morrow Long, Director - Information Security Office, ITS, Yale\$
83a84,86\$
> **********\$
> Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.\$
> \$
87c90\$
<       charset=US-ASCII\$
---\$
>         charset=US-ASCII\$
204c207\$
< Brian Correia \$
---\$
> Brian Correia\$
208c211\$
< SANS Institute \$
---\$
> SANS Institute\$
210c213\$
< www.sans.org / brian () sans org \$
---\$
> www.sans.org / brian () sans org\$
[net248-80:/tmp] morrow%

- H. Morrow Long
   Director - Information Security
   Yale University, ITS

On Dec 1, 2003, at 10:10 AM, David Escalante wrote:
> Just thought I'd mention that Mozilla 1.5 reports your X.509 signature
> as "broken" for this message.  It notes that the signature does not
> match the message content correctly, and that the message appears to
> have been altered since sending.  This is conceivable if some
> majordomo-ish software munged the headers or something, but if that's
> what happened, then there's no point in signing messages to lists.
> Interesting.  Have you run into this before?
> --
> David Escalante
> Director of Computer Security
> Boston College
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.