Educause Security Discussion mailing list archives
Re: Security Breach Notification MIA...
From: "Jacobson, Dick" <dick.jacobson () NDUS EDU>
Date: Wed, 20 Feb 2013 15:45:40 +0000
We use Microsoft and my notice got dropped into my Junk Folder. I went looking after seeing the 1:15 email from Valerie. I too questioned the 14 day delay and then looked at the timing on the initial mailings yesterday. The statement to me, as a domain contact, was sent about 25 minutes before Valerie's email saying all the impacted parties had been contacted. That hints that something triggered the notices yesterday. I suspect that this not so different than many of our institutions would have done. The notice said they were somewhat confident that no sensitive information was leaked and they were working with the appropriate authorities. It is a sign of the times that once you get "authorities" involved you are probably no longer free to communicate with the affected individuals on your own schedule. So, as someone that has had sensitive information leaked, do I like the timing - no. Do I think the timing is suspicious - yes. Do I understand the timing - partly. I don't believe I have seen the Educause policy regarding breaches - but I have not gone looking either. Perhaps that would answer some questions ? -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly Sent: Wednesday, February 20, 2013 8:44 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Breach Notification MIA... The archive on the EDUCAUSE site is updated in pretty much real time, so that's a place where you could follow the discussion prior to getting a digest. If you look there, you'll see that the majority of the concern was the phishy-looking links in the message(s). That was caused by (1) EDUCAUSE's normal use of a third-party mass-mailer (Informz) and (2) the click-tracking URLs that were in the message. Those concerns were compounded because the normally sluggish (at best) EDUCAUSE website was moving at glacial speeds due to the load. I noticed the delta between the breech discovery and the announcement, but that wasn't a topic of concern as I recall, perhaps partially due to the two much more important concerns mentioned above. - ken Boyd, Daniel wrote:
Has anyone else NOT received their email notification from EduCause about the security breach? The only reason I found out about it yesterday is because my CIO was watching the chatter on the CIO list about the notification. I get my security list discussions in digest form, so I had not seen the discussion here. Anyone else peeved that they waited 14 days to (supposedly) notify everyone? I’m not trying to stir up a flaming discussion (although I probably have succeeded), I really am just curious as to the mood here. Dan Daniel H. Boyd (94C) Senior Network Architect Network Operations Berry College Phone: 706-236-1750 Fax: 706-238-5824 There are two rules to follow with your account passwords: 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!! 2. If unsure, consult rule #1
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373 Any request to divulge your UNI password via e-mail is fraudulent!
Current thread:
- Re: Security Breach Notification MIA..., (continued)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Allen, Jon D. (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Tonkin, Derek K (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
- Re: Security Breach Notification MIA... Dexter Caldwell (Feb 20)
- Re: Security Breach Notification MIA... Hauber, Wayne [ITSEC] (Feb 20)
- Re: Security Breach Notification MIA... Allen, Jon D. (Feb 20)
- Re: Security Breach Notification MIA... Manjak, Martin (Feb 20)
- Re: Security Breach Notification MIA... Bateman, Darrell (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)