Following UA student Hector Gutierrez becoming a campus-wide, and nation-wide, celebrity after accidentally sending a recommendation letter to a campus Listserv on Wednesday evening, other questions arose about how he was able to send the email to over 24,000 students to begin with.
Teneshia Arnold, director of the Office of Student Involvement, which operates the Honor Society Eligibility Listserv, said that the Listserv Gutierrez sent his email through had the “appropriate permissions” set up and goes to “a little bit over 24,000” students.
“Hector must have had the magical touch,” she said. “I saw in his response that he copied and pasted this email address into his email, and that perhaps is what got it through.”
Barret Elder, director of customer relations for the Office of Information Technology, said the office did have to change the style of the Listserv.
“There are many options for how to configure a Listserv when it is set up,” he said. “This one was set to a ‘discussion forum’ type list, which allows replies to the entire list. Once we became aware of the situation, we changed it to an ‘information broadcast’ list which only allows the list creators and specified individuals to mail the entire list.”
The Listserv eventually reached its daily limit of 50 messages and stopped receiving replies. However, students had already leaked their phone numbers and Campus Wide IDs to the thousands of students, which could pose larger security threats.
Matthew Hudnall, an associate professor of management information systems at the University, did his Ph.D. dissertation about secure emailing. He compared the leaking of CWIDs to social security numbers because there are “security concerns” when putting it in places such as email signatures.
“I do think identifiers like CWIDs need to be protected whenever possible, because you can get access to a decent amount of things via the student’s last name and CWID, or date of birth and CWID,” he said. “I don’t know anybody who puts their own social security number in their email signature, right?”
Arnold said that there are “ongoing conversations” between the Office of Student Involvement and the Office of Information Technology to determine if anyone who listed their phone number or CWID in their email signature in a reply on Wednesday night was impacted.
While phone numbers are common in email signatures, Elder said adding personal information such as a CWID is “not recommended,” and if a student provides that information “willingly” then it does not constitute a data breach.
While this email was an accident by an actual University student, others raised concerns about the possibility of the emails being part of a phishing attack or hack.
“Just like you can spoof a spam phone call, you can spoof an email address and make it look like it came from somebody,” Hudnall said. “And if the content of the email looks legitimate, it opens it up for various phishing attacks if they open the attachment or they click on a link in an email.”
The email from Gutierrez included a PDF containing a letter of recommendation an instructor wrote for him. Hudnall said there are currently no known vulnerabilities for PDF attachments, but there is always the possibility of a “zero day attack,” in which someone figures out how to hack something no one else has yet.
“The general rule of thumb is you don’t open attachments unless you’re expecting it and know who it came from,” Hudnall said.
The Office of Information Technology’s website has a page with email safety tips for students and staff, including guidance on: not to list personal information in your signature, use encryption when needed, think before hitting “reply all” and watch out for phishing.
“Personal security is always a point of emphasis for the OIT cybersecurity team, as it takes all of us to keep our campus safe,” Elder said. “It is important to avoid revealing personal information that can be used against you.”
Hence then, the article about hec gate event prompts larger questions about ua emails cybersecurity was published today ( ) and is available on The Crimson White ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( ‘Hec-gate’ event prompts larger questions about UA emails, cybersecurity )
Also on site :
- Ground stop issued at O'Hare amid snowfall and icy conditions
- What Is Situs Inversus? Inside Catherine O'Hara's Rare Genetic Condition
- Catherine O'Hara Revealed Struggle With Social Anxiety Years Before Her Death