Educause Security Discussion mailing list archives
Re: phishing irony
From: "Harris, Michael C." <HarrisMC () HEALTH MISSOURI EDU>
Date: Fri, 13 Feb 2009 11:07:41 -0600
We have done similar things with snort rules to identify ID and password as well as SSN or medical record numbers etc. in the clear in both in e-mail and in other clear text protocols. Enforcement became a painful manual education process. Currently implementing tighter e-mail encryption, trying to figure out how to either auto-encrypt based upon filters for ssn mrn etc or bounce it back to the user and give the user the choice to encrypt by either a full client check box and or OWA placing something like [secure] in a subject line to trigger the encryption. Mike -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Edwards Sent: Friday, February 13, 2009 10:00 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] phishing irony On Fri, 13 Feb 2009, Leo Song wrote: | Has anyone done or thought of applying e-mail content filter at edge | MTAs, to "catch" all outgoing e-mails with "username password" in | message body, and auto-reply to staff / students? You might want to check out: http://oss.lboro.ac.uk/kochi1.html -- Chris Edwards IT Security, Computing Service University of Glasgow, charity number SC004401
Current thread:
- Re: phishing irony, (continued)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Falcon, Patricia (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Leo Song (Feb 13)
- Re: phishing irony Ozzie Paez (Feb 13)
- Re: phishing irony Chris Edwards (Feb 13)
- Re: phishing irony Leon DuPree (Feb 13)
- Re: phishing irony Zach Jansen (Feb 13)
- Re: phishing irony Valdis Kletnieks (Feb 13)
- Re: phishing irony HALL, NATHANIEL D. (Feb 13)
- Re: phishing irony Harris, Michael C. (Feb 13)
- Re: phishing irony Allison Dolan (Feb 13)