[Vision2020] UI Email Hacking

Saundra Lund sslund at adelphia.net
Wed Oct 19 15:32:15 PDT 2005 

Hi Chas & Visionaries:

(Chas, I hope you're feeling better.)

Add me to the list of those who want more information.

My *very* limited understanding is that while it is very easy to spoof the
"from" address, the more problematic aspect that indicates hacking is that
the hoax email was sent out university wide via the university system.  My
understanding is that access to that listing of all email addys is tightly
controlled -- even faculty and department chairs lack the access to send a
university wide email themselves.

It is that access that seems to indicate that hacking happened.  At least,
that's my limited understanding.  Of course, I hope that those with more
technical information will correct me if my understanding is incorrect.

>From talking to friends who are UI students & employees, there's some real
nervousness on campus.  If there was unauthorized access of a tightly
controlled resource like that, what else is at jeopardy?  Confidential
employee information?  Student health records?  Could grades be changed and
transcripts altered?  How about payroll deductions?

Given the concerns expressed by the university community, I would think it
would behoove the UI to get some info out to reassure the university
community that things are secure, particularly given the morale problems the
UI has suffered over the past few years.


JMHO,
Saundra Lund
Moscow, ID

The only thing necessary for the triumph of evil is for good people to do
nothing.
Edmund Burke

***** Original material contained herein is Copyright 2005, Saundra Lund.
Do not copy, forward, excerpt, or reproduce outside the Vision 2020 forum
without the express written permission of the author.*****


-----Original Message-----
From: vision2020-bounces at moscow.com [mailto:vision2020-bounces at moscow.com]
On Behalf Of Chasuk
Sent: Wednesday, October 19, 2005 3:08 PM
To: DonaldH675 at aol.com
Cc: vision2020 at moscow.com; deco at moscow.com
Subject: Re: [Vision2020] UI Email Hacking

On 10/19/05, DonaldH675 at aol.com <DonaldH675 at aol.com> wrote:
> These are important questions.  It is curious the way it seems to have 
> faded off the radar screen.  Why do you suppose that it has?  Perhaps 
> you would email Tim White's office and ask them - or, contact Bill 
> Thompson.  It would be great if you could share any results with 2020

I don't know that it has been firmly (i.e., indisputably) established that
any actual "hacking" occurred.  I have heard from several sources that the
FROM: address was not the President's.  That would make this a prank,
amusing to some, but not to others, but still a prank. 
Assuming, for a moment, that it WAS sent from the President's address, this
still doesn't mean that it was hacking, but maybe a matter of access.  In
other words, there might be persons other than Tim White who have legitimate
access to his e-mail account, and this trust was abused/exploited by someone
in the office (a visitor?), when the authorized user walked away from the
terminal, with the terminal still logged in as Tim.  I'm not blaming anybody
in the President's office; it isn't always possible to supervise hardware
(or people) at every
instant.   It didn't read like a spur of the moment composition, so I
am guessing that it was planned, regardless of the circumstance.

_____________________________________________________
 List services made available by First Step Internet, 
 serving the communities of the Palouse since 1994.   
               http://www.fsr.net                       
          mailto:Vision2020 at moscow.com
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

More information about the Vision2020 mailing list