Re: Security Breach Notification MIA...

[Ken Connelly <Ken.Connelly () UNI EDU>]

Those who use a federated login instead of local authentication were not
affected and perhaps not even notified?

- ken

Allen, Jon D. wrote:
> We did some analysis and there is a delta of about thirty users for us between those who received the email and those 
> who are listed under our Educause account as users.  I am not sure if there is a concept of an expired account that 
> could be accounting for the delta.
>
>
> Thanks, 
>
> _________________________________
> Jon Allen, CISSP, EnCE 
> Information Security Officer 
> Baylor University 
> 254.710.4793
>  
>
>         www.baylor.edu/bearaware
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken 
> Connelly
> Sent: Wednesday, February 20, 2013 8:44 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Security Breach Notification MIA...
>
> The archive on the EDUCAUSE site is updated in pretty much real time, so that's a place where you could follow the 
> discussion prior to getting a digest.  If you look there, you'll see that the majority of the concern was the 
> phishy-looking links in the message(s).  That was caused by (1) EDUCAUSE's normal use of a third-party mass-mailer 
> (Informz) and (2) the click-tracking URLs that were in the message.  Those concerns were compounded because the 
> normally sluggish (at best) EDUCAUSE website was moving at glacial speeds due to the load.
>
> I noticed the delta between the breech discovery and the announcement, but that wasn't a topic of concern as I 
> recall, perhaps partially due to the two much more important concerns mentioned above.
>
> - ken
>
> Boyd, Daniel wrote:
>   
> > Has anyone else NOT received their email notification from EduCause 
> > about the security breach?  The only reason I found out about it 
> > yesterday is because my CIO was watching the chatter on the CIO list 
> > about the notification.  I get my security list discussions in digest 
> > form, so I had not seen the discussion here.  Anyone else peeved that 
> > they waited 14 days to (supposedly) notify everyone?  I’m not trying 
> > to stir up a  flaming discussion (although I probably have succeeded), 
> > I really am just curious as to the mood here.
> >
> >  
> >
> > Dan
> >
> >  
> >
> > Daniel H. Boyd (94C)
> > Senior Network Architect
> > Network Operations
> > Berry College
> > Phone: 706-236-1750
> > Fax:     706-238-5824
> >
> > There are two rules to follow with your account passwords:
> > 1. NEVER SEND YOUR PASSWORD VIA EMAIL (TO ANYONE)!!!!!
> > 2. If unsure, consult rule #1
> >
> >  
> >
> >     
>
> --
> - Ken
> =================================================================
> Ken Connelly             Associate Director, Security and Systems
> ITS Network Services                  University of Northern Iowa
> email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
>
> Any request to divulge your UNI password via e-mail is fraudulent!
>   

-- 
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!