[unisog] Phishing targeting University Admissions

Mike Honeycutt honeycutt at unca.edu
Wed Jun 16 15:54:10 GMT 2004

I've found this discussion to be very interesting -
especially the original subject of phishing.

For the record, we are in the block ZIP files (and about
20 other extensions) camp.

I agree with Eric Pancer about this being a horrible workaround,
but the reality on our campus is we can either remove those attachments
or spend our time fixing machines.  I don't think it is realistic
to have a never-ending series of email messages to the campus
that says "...this week, don't open the XYZ attachment", "...this week,
the topic is PHISHING", etc.  Many people will not understand the
messages, and many will start ignoring them.  It seems in any case,
we are still hiking around campus fixing PCs, if we don't remove
the known bad attachment.

Mike Honeycutt  UNC Asheville University Computing



-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Eric Pancer
Sent: Wednesday, June 16, 2004 8:08 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Phishing targeting University Admissions

Sergent, Phil wrote on Mon, 2004-06-14 at 11:21:27 -0400...

> You still accept .zip files!?

We do, as well. It seems to me that not accepting files with extensions is
merely a horrible work around. What happens when a new virus comes out that
names the attachment as foo.fi_ and tells the user to save the attachment as
foo.zip, then open it? 

IMHO fixing the real problem -- vulnerable email clients that execute code
-- should be more of a concern. Of course, this does nothing to solve the
problem of users saving attachments and executing them; but I have a few
solutions to that as well that include using more secure operating systems.

Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list