[unisog] Phishing targeting University Admissions

Joseph Brennan brennan at columbia.edu
Wed Jun 16 14:13:41 GMT 2004


> IMHO fixing the real problem -- vulnerable email clients that
> execute code -- should be more of a concern. Of course, this does
> nothing to solve the problem of users saving attachments and
> executing them; but I have a few solutions to that as well that
> include using more secure operating systems.


OK: I agree.  Now, let's get back to the real world.  Users can use
any client they want, and the overall organization lacks the will
to impose a ban on certain mail clients because the clients' users
insist they need them.  Maybe they do too; I am not familiar with
the non-mail components of certain software.  It is impossible to
train users effectively with a 5,000:1 ratio of users to user
services staff and steady turnover.  So all that's right out.

Blocking attachments by extension saves us about $30,000 worth of
anti-virus software licensing and additional hardware to process
scanning.  That sounds good to me.

Banning attachments and HTML mail?  That's where this is going.
I think we're going to see it happen.

What would accelerate it would be an alternative way to transmit
files, which is badly needed anyway.  Email is the least efficient
way possible, with the encoding that has to be done into bloated
pseudo-ascii.

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York





More information about the unisog mailing list