[Dshield] "Academic Freedom" vs Computer Security

Doug White doug at clickdoug.com
Fri Feb 13 01:07:17 GMT 2004

No problems here.  I send one notice to the IT department with a copy to their
upstream provider.  If I do not get a response,or am not satisfied as to the
response, their net block is blacklisted.  Once it gets blacklisted, it stays
there.  One of the Universities in Ohio comes to mind.

Educational or not, anyone who runs an open relay, will get listed on one or
more of the dnsbl lists in fairly short order, and when that happens they will
discover that there must be a balance between "academic freedom", and being a
good netizen.

I don't know how Brightmail or Postini handles it, but I suspect much the same
way, and they are not going to accept spamming from any IP, no matter who the
academic source.

Your mileage may vary.....

Stop spam on your domain, Anti-spam solutions
For hosting solutions http://www.clickdoug.com
Aspire to Inspire before you Retire or Expire!

----- Original Message ----- 
From: "Jon R. Kibler" <Jon.Kibler at aset.com>
To: <list at dshield.org>
Sent: Thursday, February 12, 2004 3:50 PM
Subject: [Dshield] "Academic Freedom" vs Computer Security

: Hello all,
: I have been debating for weeks whether to post this question or not. I can see
where this topic
: could easily start a flame war and I beg whoever is moderating this list to
reject any inflammatory
: posts to this thread. I know that this is a REAL touchy subject... and that is
why I would like to
: get other opinions on how to handle it.
: Background: Probably 80% (give or take a few %) of the spam attempts we see
that originate from
: academic institutions, originate from less than a half-dozen sources
(unrelated to our IPs, geographic
: region, etc.). Several of these institutions do not even have working abuse
email addresses. We have
: attempted to contact all of them by telephone to discuss the problem. A couple
of them will not even
: accept outside calls regarding abuse complaints. When I have been able to
actually talk to someone,
: the response is almost universal: "We can't tell our students and staff that
they cannot run open
: proxy servers (etc.) because it would be an infringement of their academic
freedom." One school (who
: knowingly runs an open relay mailer) also stated that even suggesting that
students and staff use
: AV software was an infringement of "academic freedom."
: So here is my question: How does practicing basic computer security infringe
on academic freedom?
: Also, I am looking for suggestions on the proper (civil) way to discuss this
: Two other comments:
:   1) We are just about to the point of blocking these institutions at our
border router as a way
:      of solving this problem. However, I can envision this creating a whole
other set of problems.
:   2) Yes, when looking at the big picture, academic institutions are but a
relatively small source
:      of insecure, spammer infected systems. That is not the real issue here.
With the exception of
:      2 or 3 ISPs, everyone else takes immediate action when you notify them of
an infected system.
:      The problem I am having is the use of "academic freedom" as and excuse
for lax computer security.
: Bottom line request: Would someone from the academic world please explain the
"Academic Freedom"
: issue and why it can be viewed as superseding common sense computer security?
: I hope this posting did not step on too many toes... I apologize in advance if
it did.
: -- 
: Jon R. Kibler
: Chief Technical Officer
: A.S.E.T., Inc.
: Charleston, SC  USA
: (843) 849-8214
: ==================================================
: Filtered by: TRUSTEM.COM's Email Filtering Service
: http://www.trustem.com/
: No Spam. No Viruses. Just Good Clean Email.


: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:

More information about the list mailing list