Educause Security Discussion mailing list archives
Re: Oxford and Google Apps
From: "Justin C. Klein Keane" <jukeane () SAS UPENN EDU>
Date: Tue, 19 Feb 2013 11:49:57 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm always firmly in favor of a technical solution to issues like this since people will always fail to adequately understand the technology and be duped. For better or worse, computers are merely appliances for the vast majority of users. Training is destined to fail against a sophisticated attack, but there are technical controls that could defeat this vector. A (true) second factor for authentication, such as a soft token, could serve as an adequate mitigation to defeat this sort of attack and remove the security officer from the role of adaptive Little Dutch Boy on the firewall rules. Just my $0.02. Justin C. Klein Keane, MA MCIT Security Engineer University of Pennsylvania, School of Arts & Sciences The digital signature on this message can be verified using the key at https://sites.sas.upenn.edu/kleinkeane/pages/pgp-key On 02/19/2013 09:39 AM, Tim Doty wrote:
On 02/19/2013 06:11 AM, Tracy Mitrano wrote:Thoughts on this matter among the experts? http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/Some of the reactions here seem to indicate that people think Oxford is still doing this. The block was temporary (about two hours I think they said) and due to collateral damage would not happen again without things being worse than they were when done the first time. In terms of "we've got to do something *now*" I understand it, but it doesn't seem like something that is particularly effective. As others have noted, it is trivial to setup a collection form pretty much anywhere so blocking the forms by blocking an entire service or IP is unlikely to ever have that much effect. We certainly have received pressure to "block that IP" when users are taking action on a phish (or even if no one is). I've always viewed it as too dynamic to be worth much. Honestly, I don't think there are any good answers. Tim Doty
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRI60uAAoJEIH7slQlJAgKixkP/2n9J94LX8drkxEZqxPGGaes 4uaRWtiLp/j/2Bk11Hzdr/QTQc3UVavJSf2tFgi1j4RPfwRxQ6Pz9gXaZ9E8YYPe zkt95pDWuETFBR7wjfeJ1kDjv6FFKOw3oWH1qhFa+axm/a2/6316CFn8dpYf5orz yKWQNoEJLSms9gJHtbrmjULXj11GQjMjXoYtiLTLk0gJgubNhz3KM4RpAs+8/cLS ndKhk79FFaSUHPtf1n1IYpRy4E8gr2Me02r3ydgBAaRpyvLD2PDHzTBOpLTHDHOh mV0eOz+iJsNyIWnAmolOCjaBI44Z86aWTV5fZ8D/5d5Q8qahk2lCTjzBmxxwcNB/ hGdDeOy56NNamq00CGeGplswKBx7HvVftQyGwvtc3hCN42wuGXpPMuknzcJdwz0G ftKyaVPd6K/rfHI+Gz7+wwl3f8rmfvEda4wjtbchKnoopc/ysPaRFNLgEfpqcxBS h+EuenN3D8KkQiMEu+5RcnHSQvr2XvKss+azpeUXUrhZgGUTfhkgfhxkHYRXze44 A//GpbxAhgYy6B401FigPIAdLFRbUJ4i680dxjcdDuONb6wwuRuJWkmPTliW5jRu 5ydNbNovjYYO0BfVCH8aP5osXyKn3vV+IM+qVmGb3WSZHLC9jmbSjwQ5ZC9QVrW3 Z++QW3NleduYn84cGv4R =sQv9 -----END PGP SIGNATURE-----
Current thread:
- Re: Oxford and Google Apps, (continued)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
- Re: Oxford and Google Apps Roger A Safian (Feb 19)
- Re: Oxford and Google Apps Mike Porter (Feb 19)
- Re: Oxford and Google Apps David Gillett (Feb 19)
- Re: Oxford and Google Apps Justin C. Klein Keane (Feb 19)
- Re: Oxford and Google Apps Kevin Wilcox (Feb 19)