Re: Oxford and Google Apps

["Justin C. Klein Keane" <jukeane () SAS UPENN EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  I'm always firmly in favor of a technical solution to issues like
this since people will always fail to adequately understand the
technology and be duped.  For better or worse, computers are merely
appliances for the vast majority of users.  Training is destined to
fail against a sophisticated attack, but there are technical controls
that could defeat this vector.  A (true) second factor for
authentication, such as a soft token, could serve as an adequate
mitigation to defeat this sort of attack and remove the security
officer from the role of adaptive Little Dutch Boy on the firewall
rules.  Just my $0.02.

Justin C. Klein Keane, MA MCIT
Security Engineer
University of Pennsylvania, School of Arts & Sciences

The digital signature on this message can be verified using the key at
https://sites.sas.upenn.edu/kleinkeane/pages/pgp-key

On 02/19/2013 09:39 AM, Tim Doty wrote:
> On 02/19/2013 06:11 AM, Tracy Mitrano wrote:
> > Thoughts on this matter among the experts? 
> > http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
>
> Some of the reactions here seem to indicate that people think
> Oxford is still doing this. The block was temporary (about two
> hours I think they said) and due to collateral damage would not
> happen again without things being worse than they were when done
> the first time.
>
> In terms of "we've got to do something *now*" I understand it, but
> it doesn't seem like something that is particularly effective. As
> others have noted, it is trivial to setup a collection form pretty
> much anywhere so blocking the forms by blocking an entire service
> or IP is unlikely to ever have that much effect.
>
> We certainly have received pressure to "block that IP" when users
> are taking action on a phish (or even if no one is). I've always
> viewed it as too dynamic to be worth much.
>
> Honestly, I don't think there are any good answers.
>
> Tim Doty
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRI60uAAoJEIH7slQlJAgKixkP/2n9J94LX8drkxEZqxPGGaes
4uaRWtiLp/j/2Bk11Hzdr/QTQc3UVavJSf2tFgi1j4RPfwRxQ6Pz9gXaZ9E8YYPe
zkt95pDWuETFBR7wjfeJ1kDjv6FFKOw3oWH1qhFa+axm/a2/6316CFn8dpYf5orz
yKWQNoEJLSms9gJHtbrmjULXj11GQjMjXoYtiLTLk0gJgubNhz3KM4RpAs+8/cLS
ndKhk79FFaSUHPtf1n1IYpRy4E8gr2Me02r3ydgBAaRpyvLD2PDHzTBOpLTHDHOh
mV0eOz+iJsNyIWnAmolOCjaBI44Z86aWTV5fZ8D/5d5Q8qahk2lCTjzBmxxwcNB/
hGdDeOy56NNamq00CGeGplswKBx7HvVftQyGwvtc3hCN42wuGXpPMuknzcJdwz0G
ftKyaVPd6K/rfHI+Gz7+wwl3f8rmfvEda4wjtbchKnoopc/ysPaRFNLgEfpqcxBS
h+EuenN3D8KkQiMEu+5RcnHSQvr2XvKss+azpeUXUrhZgGUTfhkgfhxkHYRXze44
A//GpbxAhgYy6B401FigPIAdLFRbUJ4i680dxjcdDuONb6wwuRuJWkmPTliW5jRu
5ydNbNovjYYO0BfVCH8aP5osXyKn3vV+IM+qVmGb3WSZHLC9jmbSjwQ5ZC9QVrW3
Z++QW3NleduYn84cGv4R
=sQv9
-----END PGP SIGNATURE-----