Re: Degausser/Nature of Listserv

[Greg Schaffer <schaffer () MTSU EDU>]

My lack of appreciation had nothing to do with any assumed privacy (there
isn't).  I felt it just broke agreed on and mutually understood protocol.  I
don't believe a private list is necessary nor even a good idea.  Vendors who
serve higher ed (or desire to) should have the opportunity to be on this
list to provide feedback when requested and to listen to needs of higher ed.
But the primary target is the higher ed audience, and I believe I was pretty
clear that it was that audience I was soliciting input from.

 

I really don't believe anyone has any expectation of privacy on this list,
but just in case some do it's good to reiterate it again every now and then,
as you did.

 

Thanks,

Greg

 

Greg Schaffer, CISSP

Assistant Vice President

Network and Information Technology Security

Middle Tennessee State University

615 898-5753

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Escalante
Sent: Friday, October 22, 2010 9:38 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Degausser/Nature of Listserv

 

 

On Oct 21, 2010, at 5:05 PM, Greg Schaffer wrote:





On a side note, what wasn't appreciated was that a vendor apparently
monitoring this list cold called me about their degausser product, noticing
that I had mentioned a need "on line" (note this is the only place I have
inquired).  I thought there were list rules about such; I guess next time I
will need to clarify that I am looking for suggestions/recommendations from
higher ed peers, not vendors or resellers (sigh). 

 

 

Folks, everyone needs to be aware that anything sent to this list is
publicly archived on the Educause site.  That's right, all messages are
archived there by month with no credentials or list membership required to
access them.  Any vendor, hacker, etc. can scrape all our communications
with a little scripting work, or read them interactively online.

 

So regarding this list, anytime you write, "We are using vendor X," you are
providing the vendor with a searchable reference (or diss ;-) ).  Anytime
you post a job, outside recruiting companies can troll it.  Anytime you ask
for help on something like a product selection for a degausser, it is free
game for anyone on the Internet to read without breaking any rules that I'm
aware of.

 

If you don't like this, we need to let Educause know.  It's not clear to me
what role REN-ISAC might play as an alternative...I believe there was some
desire on that entity's part to push more general questions and material off
the non-public REN-ISAC lists and onto this open to the universe list.   I
understand that the Educause CIO list is similarly public, and the CIOs just
live with it.

 

My personal opinion is that a non-public list would be beneficial to the
higher ed security community.  But I am not the moderator, nor am I involved
in the maintenance of the list or the web site it's archived on in any way.
Just trying to get the facts out, since a number of subscribers don't seem
to be aware of the list's public archives.

--

David Escalante