Educause Security Discussion mailing list archives

Re: Get Study Room site

From: Leland Lyerla <llyerla () UU EDU>
Date: Wed, 8 Oct 2014 20:47:37 +0000

When I visited the registration page to get more info the site asked for a new password, but did not expressly say not 
to use the student's campus account password. Students likely would still use the same password unless otherwise told 
not to, so the danger of compromise is still present due to a bad security practice and vague instructions.

Leland
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Kevin Halgren 
[kevin.halgren () WASHBURN EDU]
Sent: Wednesday, October 08, 2014 3:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Get Study Room site

Saw a note elsewhere that sometime between Oct. 2nd and today they may have stopped asking for LMS credentials.  I’d 
consider that unconfirmed at this point and I haven’t checked myself, but they certainly are known for doing this.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex 
Waitkus
Sent: Tuesday, October 07, 2014 12:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Get Study Room site

We sent a cease and desist letter to them as they had a ‘connection’ to our LMS, they then replied on who the correct 
contact would be to initiate this connection. We are not addressing the collaboration or the unsolicited emails.

————

Alex Waitkus

Security Analyst, Lead
Information Security Services
Georgia State University
awaitkus () gsu edu<mailto:awaitkus () gsu edu>
security () gsu edu<mailto:security () gsu edu>
Phone 404.413.4377
Security 404.413.4524
http://technology.gsu.edu/technology-services/it-services/security/

On Oct 7, 2014, at 1:12 PM, Alex Jalso <ACJalso () MAIL WVU EDU<mailto:ACJalso () MAIL WVU EDU>> wrote:

Hello Everyone,

Has anyone dealt with the site http://getstudyroom.com<http://getstudyroom.com/>, also goes by the name StudyRoom.  
It’s a social networking type of site promoting to students the ability to work together on class assignment.  What WVU 
is experiencing is that when students sign up on this site that there’s an increase in unsolicited e-mail to students 
from the @getstudyroom.com<http://getstudyroom.com/> domain.  It’s also thought that StudyRoom uses students’ login 
credentials to attempt access to other university sites.  Thanks.

Alex

Alex Jalso, PMP, CISM
Director Information Security Services
West Virginia University
p: 304-293-4457

Current thread:

Get Study Room site Alex Jalso (Oct 07)
- Re: Get Study Room site Alex Waitkus (Oct 07)
  - Re: Get Study Room site Kevin Halgren (Oct 08)
    - Re: Get Study Room site Beyette, Jeremy (Oct 08)
    - Re: Get Study Room site Leland Lyerla (Oct 08)
- Re: Get Study Room site Jones, Mark B (Oct 07)