[unisog] Larger question -- is this really an information security function -- was -> Re: cornell.edu blog being used for spam - and now virginia.edu as well

H. Morrow Long morrow.long at yale.edu
Sun Nov 25 15:43:42 GMT 2007 

We search for such things as well.

However, the larger question is really whether the majority of these
are actually an information security "problem" or rather are just
"inappropriate content" on a blog or wiki problem (which would
or should be handled by the maintainers of same).

In terms of priorities (the larger risk assessment framework)
are our attention and energies dissipated by running down every
report of 'spam' on websites (and by handling DMCA complaints)
rather than following a rigorous structured approach to managing
risks by criticality (e.g. first look at critical systems & data,  
2nd ...).

Granted some of the cases of spam or spam links (and particularly
spam scripts such as inserted/uploaded PHP scripts) do indicate an
actual breach of a website or website software rather than just spam
in entries -- and in some cases malware and/or dangerous scripts &
content may be hosted.  It is difficult to tell without investigating  
first.

- H. Morrow Long, CISSP, CISM, CEH
   University Information Security Officer
   Director -- Information Security Office
   Yale University, ITS


On Nov 24, 2007, at 8:27 PM, Ali, Saqib wrote:
> Friendly Tip: Google can help you track down these rogue blog post at
> your university. At our current institution I have created Google
> Alerts using blogurl: search criteria.
>
> Syntax :
> blogurl:{university}.edu "spam keyword"
>
> e.g.
> http://blogsearch.google.com/blogsearch?hl=en&ie=UTF-8&q=blogurl%3Aasu.edu+R0lex&btnG=Search+Blogs
>
> And then I use the "Google Alert" to notify me via email if any blog
> post has spam keywords. This has worked very well for me.
>
> saqib
> http://www.quantumcrypto.de/dante/
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20071125/e01fdcb4/attachment.htm

More information about the unisog mailing list