Re: Directory Trolling

["Hauber, Wayne [ITSEC]" <wjhauber () IASTATE EDU>]

A few years ago, I personally tried to find a doctor from Northwestern who had helped a family member. I wanted to send 
a thank you note. I could not find a campus directory anywhere and soon realized that I could not find any e-mail 
addresses anywhere. After a bit of digging, I found a policy for web developers that stated something like "thou shalt 
not ever publish an e-mail address on a web page". 

The captcha that they deliver now must represent an evolution in their policy. I like it though and wish we could do 
something similar. 

Wayne Hauber
Iowa State University


> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken Connelly
> Sent: Tuesday, June 15, 2010 12:22 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Directory Trolling
>
> Northwestern displays the e-mail address from a directory lookup as a
> simplistic captcha image. I've been trying for a couple of years to get
> a similar thing implemented here, but so far...
>
> http://directory.northwestern.edu/
>
> - ken
>
> On 6/15/10 11:43 AM, Ravi Kumar wrote:
> > Folks,
> >
> > Did any of you encountered Directory Trolling? Any thoughts on how to
> > prevent this? In the Corporate world, we don't expose directories at
> > all, so it was never a big issue! We are planning to have Captcha, but
> > it might be a usability thing.
> >
> > Any help, greatly appreciated.
> >
> > Thanks.
> >
> > Ravi Kumar, CISSP
> >
> > Middleware Manager
> >
> > ITS, Enterprise Infra Services
> >
> > Boston College - St. Clement's
> >
> > P: 617.552.3382
>
> --
> - Ken
> =================================================================
> Ken Connelly             Associate Director, Security and Systems
> ITS Network Services                  University of Northern Iowa
> email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373