Educause Security Discussion mailing list archives
Re: FYI: Another round of spear Phishing (ethics)
From: Sheri J Thompson <sthomp8 () LSU EDU>
Date: Thu, 19 Jun 2008 11:13:36 -0500
I strongly advise against what I would deem an unethical practice. Furthermore, if your students send private information through unsecure email at your institution's behest, would that not be a potentially embarrassing and reportable data breach? Sheri J. Thompson IT Planning & Communications Officer LSU Information Technology Services Baton Rouge, Louisiana 70803 tel 225.578.5739 fax 225.578.7710 e-mail sjt () lsu edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Thursday, June 19, 2008 10:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FYI: Another round of spear Phishing (ethics) Dean,
scam. I am curious to hear what others think of using "deception" to educate.
Discussion about people being fooled is one way to express ethical concerns. One could also look at abuse of power/entrapment/etc, in terms of using your insider knowledge to target and exploit users. While the intent is good (exploit users in order to educate them), one could have a debate about the relationship of means and ends. There is plenty of room for debate on ethical issues. Personally, I believe that the means must coincide with the desired ends, and that using methods that you seek to prevent is a misalignment of objectives. Specifically, while using methods to test/identify vulnerabilities is acceptable, in this case, we already know the vulnerability. Thus, I think a somewhat fair analogy/moral equivalent is hacking into someone's server in order to tell them their server is vulnerable and should be fixed. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Re: FYI: Another round of spear Phishing (ethics) Basgen, Brian (Jun 19)
- <Possible follow-ups>
- Re: FYI: Another round of spear Phishing (ethics) Sheri J Thompson (Jun 19)
- Re: FYI: Another round of spear Phishing (ethics) Bob Bayn (Jun 19)