lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed May  3 05:44:08 2006
From: stevex11 at sbcglobal.net (Steve Kudlak)
Subject: What is wrong with schools these days?

What Planet does all this hypotehtical activity take place on?
I for sure have never visited the place.  Most school departments are pretty
inmdependent. We are far from the days when the Provost had some
military powers.

Have Fun,
Sends Steve


Gaddis, Jeremy L. wrote:

> Mike Iglesias wrote:
>
>> Many universities do not have a central IT organization running every 
>> computer on campus as you would in a commercial enterprise.  They 
>> have a decentralized model where each school, department, or research 
>> group runs their computers. In addition, you have many students, 
>> faculty, and staff with personally owned laptops that they take care 
>> of (or not) themselves.  So you have many little fiefdoms running 
>> computers, some with more of a clue than others.  The clueless ones 
>> have untrained students running the computers, and most of them don't 
>> know much about security.  They're told to setup a computer and put 
>> this data on it so the professor can do his research.
>
>
> While this often holds true, there should always a central infosec 
> department that has the ability to kill a switch port.  Kill the 
> network connection to a critical server exposing private information 
> and people take notice pretty quick.
>
>> Central entities in universities, like the registrar, should know 
>> what they are doing if they are setting up ways to remotely access 
>> information.
>
>
> Yes, they should, but they often don't.  Remember, these end users are 
> just that -- users, not security professionals.
>
>> Not responding to emails and/or phone calls to the security/abuse/etc 
>> group is irresponsible, if you ask me.
>
>
> Agreed, though lack of a response doesn't mean nothing is happening. 
> Often times, the first time infosec must do is contact legal for 
> advice.  Legal's first advice is often to simply not respond.
>
> -j
>
> -- 
> eJeremy L. Gaddis
> GCWN, MCP, Linux+, Network+
> http://www.jeremygaddis.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ