Educause Security Discussion mailing list archives

Re: Security Breach Notification MIA...

From: Dexter Caldwell <dexter.caldwell () FURMAN EDU>
Date: Wed, 20 Feb 2013 19:18:36 +0000

Yes, mine ended up in Junk folder.

D/C
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken 
Connelly
Sent: Wednesday, February 20, 2013 10:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Breach Notification MIA...

OK.  I also think I heard a report or two of the notification ending up in a spam folder.

- ken

Tonkin, Derek K wrote:

I use the InCommon system and I received an e-mail notification.

Derek

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly
Sent: Wednesday, February 20, 2013 9:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Breach Notification MIA...

Those who use a federated login instead of local authentication were not affected and perhaps not even notified?

- ken

Allen, Jon D. wrote:

We did some analysis and there is a delta of about thirty users for us between those who received the email and 
those who are listed under our Educause account as users.  I am not sure if there is a concept of an expired account 
that could be accounting for the delta.


Thanks,

_________________________________
Jon Allen, CISSP, EnCE
Information Security Officer
Baylor University
254.710.4793
 

        www.baylor.edu/bearaware



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly
Sent: Wednesday, February 20, 2013 8:44 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Security Breach Notification MIA...

The archive on the EDUCAUSE site is updated in pretty much real time, so that's a place where you could follow the 
discussion prior to getting a digest.  If you look there, you'll see that the majority of the concern was the 
phishy-looking links in the message(s).  That was caused by (1) EDUCAUSE's normal use of a third-party mass-mailer 
(Informz) and (2) the click-tracking URLs that were in the message.  Those concerns were compounded because the 
normally sluggish (at best) EDUCAUSE website was moving at glacial speeds due to the load.

I noticed the delta between the breech discovery and the announcement, but that wasn't a topic of concern as I 
recall, perhaps partially due to the two much more important concerns mentioned above.

- ken

Boyd, Daniel wrote:

Has anyone else NOT received their email notification from EduCause 
about the security breach?  The only reason I found out about it 
yesterday is because my CIO was watching the chatter on the CIO list 
about the notification.  I get my security list discussions in 
digest form, so I had not seen the discussion here.  Anyone else 
peeved that they waited 14 days to (supposedly) notify everyone?  
I’m not trying to stir up a  flaming discussion (although I probably 
have succeeded), I really am just curious as to the mood here.

 

Dan

 

Daniel H. Boyd (94C)
Senior Network Architect
Network Operations
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

There are two rules to follow with your account passwords:
1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
2. If unsure, consult rule #1

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!


--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!


--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!

Current thread:

Security Breach Notification MIA... Boyd, Daniel (Feb 20)
- Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
  - Re: Security Breach Notification MIA... Allen, Jon D. (Feb 20)
    - Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
    - Re: Security Breach Notification MIA... Tonkin, Derek K (Feb 20)
    - Re: Security Breach Notification MIA... Ken Connelly (Feb 20)
    - Re: Security Breach Notification MIA... Dexter Caldwell (Feb 20)
    - Re: Security Breach Notification MIA... Hauber, Wayne [ITSEC] (Feb 20)
    - Re: Security Breach Notification MIA... Manjak, Martin (Feb 20)
    - Re: Security Breach Notification MIA... Bateman, Darrell (Feb 20)
  - Re: Security Breach Notification MIA... Matthew Milliron (Feb 20)
  - Re: Security Breach Notification MIA... Jacobson, Dick (Feb 20)