Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent Phishing Uptick

From: "Joel L. Rosenblatt" <joel () COLUMBIA EDU>
Date: Thu, 20 Feb 2014 14:27:43 -0500
Hi,

Here is what we see - xxxx replaces random stuff - one of these for
each login session.


"kind": "admin#reports#activities",
 "etag": "\"D9R4-hwaf8ZZEeXP-Hlyt8X8_a4/ZxxxxruXkXh8fQ_c_rgLUVjAbc8\"",
 "items": [
  {
   "kind": "admin#reports#activity",
   "id": {
    "time": "2013-11-24T16:51:47.000Z",
    "uniqueQualifier": "-307151507009133xxxx",
    "applicationName": "login",
    "customerId": "C0181xxxx"
   },
   "etag": "\"D9R4-hwaf8ZZEeXP-Hlyt8X8_a4/oAQY9Gm7DHM27x6D2vmHhc4xxxx\"",
   "actor": {
    "email": "xxxxxx () columbia edu",
    "profileId": "11176437517216916xxxx"
   },
   "ipAddress": "xxx.xxx.xxx.xxx",
   "events": [
    {
     "type": "login",
     "name": "login_success",
     "parameters": [
      {
       "name": "login_type",
       "value": "saml"

Joel


Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3


On Thu, Feb 20, 2014 at 2:03 PM, Frank Barton <bartonf () husson edu> wrote:

I'm curious as to where you folks are seeing the login reports. I have not
been able to find them


Incidentally, I did request an additional alert from google, specifically
when an account hits the pre-configured sending limits, and the ability to
"train" the suspicious login alerts

--
Frank Barton
Apple Certified Mac Technician
Technology Support Coordinator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: