Educause Security Discussion mailing list archives
Re: Summary Report :: Dorkbot Service [MAY 2019-05]
From: Frank Barton <bartonf () HUSSON EDU>
Date: Tue, 4 Jun 2019 15:25:47 -0400
Interesting, I don't think I've ever gotten one... On Tue, Jun 4, 2019 at 1:11 PM David Curry <david.curry () newschool edu> wrote:
We've been signed up for a year and a half or so. We get a monthly report like you describe; it's an email plus a one-page PDF infographic. Although now that I look, I don't see one for every month, so maybe I need to tweak my spam filters. :-) -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* THE NEW SCHOOL • INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 646 909-4728 • david.curry () newschool edu On Tue, Jun 4, 2019 at 12:35 PM Frank Barton <bartonf () husson edu> wrote:I'll throw this out there - we signed up a while back, and I don't believe we've ever gotten a report (maybe our web-facing things are that "rugged") but as a "feature request" maybe having a monthly 'status' report including 'hey we scanned "N" pages/sites on your registered domain, and didn't find anything" kind of like a heartbeat so that we know things are still going on my inflation adjusted $0.03 Frank On Tue, Jun 4, 2019 at 12:14 PM Chris Wilson <clwilson () mtroyal ca> wrote:Hi Cam, My fault - for some reason, your reports were ending up in spam. One quick question though: I believe I added about 5 domains to the list when registering, but only see reports for one. Is that correct? Thanks in advance, Chris Wilson Security Architect I.T. Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary, AB 403-440-8682 clwilson () mtroyal ca On Tue, Jun 4, 2019 at 10:13 AM Cam Beasley <cam () utexas edu> wrote:hi Chris - your campus subscribed on 5/21 and we’ve reported issues thus far to your preferred address.. please reach out direct if you have any other questions? thanks, ~cam.On Jun 4, 2019, at 9:14 AM, Chris Wilson <clwilson () mtroyal ca> wrote: Steven, It's a good thing it wasn't a private reply, as it prompted me towonder the same thing. I haven't seen any updates or reports in some time as well. Is there anything you might need from our end to get things running again?Chris Wilson Security Architect I.T. Services Department Mount Royal University 4825 Mount Royal Gate SW Calgary, AB 403-440-8682 clwilson () mtroyal ca On Mon, Jun 3, 2019 at 9:00 PM Lovaas,Steven <Steven.Lovaas () colostate edu> wrote:Apologies... That was meant to be a private reply. Steve Sent from my iPhoneOn Jun 3, 2019, at 8:59 PM, Lovaas,Steven <Steven.Lovaas () colostate edu> wrote:Hi Cam! We do really appreciate this service. But we haven’t had an alertin a long time. I’m too suspicious to automatically believe that we just fixed all of our problems.Have you had any issues connecting to Colorado State University? (129.82.0.0/16, colostate.edu)Thanks, Steve Sent from my iPhoneOn Jun 3, 2019, at 8:44 PM, Cam Beasley <cam () utexas edu> wrote: hello all — i wanted to share summary stats from the Dorkbot web applicationsecurity service for the past month.Dorkbot covers 87% of all R1 campuses in the US and many of thetop universities across 6 continents (and 78 countries).[month = MAY 2019] total campuses subscribed = 1,030 (+29 campuses compared toprevious month)—————— verified XSS vulnerable pages = 3,032 (+14% compared to previousmonth)verified SQLi vulnerable pages = 365 (+10% compared to previousmonth)verified LFI vulnerable pages = 20 (-20% compared to previousmonth)verified OSi vulnerable pages = 15 (+50% compared to previousmonth)verified RFI vulnerable pages = 04 (+100% compared to previousmonth)—————— 3,143 total verified vulnerable pages (+4% compared to previousmonth)++++++++++++++++++++++ % of vulnerability breakdown by campus classification ++++++++++++++++++++++ 44% - Universities in Other Countries 19% - R1 Universities 07% - R2 Universities 05% - Higher Ed Consortiums 04% - M1 Universities 04% - Baccalaureate Colleges: Arts & Sciences Focus 03% - State Agencies 02% - D/PU Universities 02% - Universities in Canada 06% - All Other Entities ++++++++++++++++++++++ signing up for Dorkbot is fast & free. you will receive realtime alerts for any verified vulnerabilitiesalong with a custom monthly report.please see the following for more information: https://security.utexas.edu/dorkbothttps://er.educause.edu/blogs/2019/2/dorkbot-a-managed-application-security-assessment-service-for-higher-educationplease note that many smaller campuses in your area may not be aswell connected to this community.feel free to share the signup page with any such campuses youmight be associated that could benefit from this service.thanks, ~cam. -- Cam Beasley Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu =======================================This message is from an external sender. Learn more about why thismatters.-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
Current thread:
- Summary Report :: Dorkbot Service [MAY 2019-05] Cam Beasley (Jun 03)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Lovaas,Steven (Jun 03)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Lovaas,Steven (Jun 03)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Chris Wilson (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Hall, Rand (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Valdis Klētnieks (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Cam Beasley (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Chris Wilson (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Frank Barton (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] David Curry (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Frank Barton (Jun 04)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Lovaas,Steven (Jun 03)
- Re: Summary Report :: Dorkbot Service [MAY 2019-05] Lovaas,Steven (Jun 03)