Educause Security Discussion mailing list archives
Re: Compromised Accounts Procedures
From: Rich Graves <rgraves () CARLETON EDU>
Date: Wed, 23 May 2012 13:25:23 -0500
When I become aware of an account compromise, I (run a script to) disable the password and create a ticket (in WebHelpDesk.com) with a few custom fields, below. The user *must* go through the helpdesk because self-service challenge questions and SMS callbacks could be changed with password alone. The "How Compromised?" question is required. We only started doing this a few months ago, so I don't know how useful the metrics are going to be. The other questions are optional, just to remind helpdeskers what to do. How Compromised? () Phishing () Malware () Disclosed to a "Friend" () Other (specify in notes) () Unknown Client has been told their password must be completely different than the original? () No () Yes Instruct client to change password on: [] Handhelds [] Mail Clients [] Restart Workstation Phishing accounts for the vast majority, but we have had a few passwords presumed disclosed by malware, and a case where a student was sharing their password to a parent, raising questions of online quiz integrity. Yes, we've seen several cases where password was phished, student resets their password to something that differs from the original by only one digit, repeat.
Current thread:
- Re: IPv6 and DHCP, (continued)
- Re: IPv6 and DHCP Kern, Paul (May 10)
- Re: IPv6 and DHCP John Hoffoss (May 23)
- Re: IPv6 and DHCP Phillip Deneault (May 23)
- Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Jacobson, Dick (May 23)
- Re: Compromised Accounts Procedures Aaron Kirby (May 23)
- Re: Compromised Accounts Procedures Robert Meyers (May 23)
- Re: Compromised Accounts Procedures Tonkin, Derek K. (May 23)
- Re: Compromised Accounts Procedures Rich Graves (May 23)
- Re: Compromised Accounts Procedures Bidwell, Lesley (May 23)
- Re: Compromised Accounts Procedures Pollock, Joseph (May 23)
- Re: Compromised Accounts Procedures Matthew Hodgett (May 23)
- Re: Compromised Accounts Procedures Rick Lesniak (May 23)
- Re: Compromised Accounts Procedures Steven Tardy (May 24)
- Re: Compromised Accounts Procedures Schoenefeld, Keith P. (May 24)
- Re: IPv6 and DHCP randy marchany (May 23)
- Re: IPv6 and DHCP Mark Boolootian (May 23)
- Re: IPv6 and DHCP Rich Graves (May 23)