Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Non-administrator advantages / disadvantages
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Sat, 1 Dec 2012 12:13:18 -0500

Situations like this are a perfect use for services like Box where the display of the documents are inside of the 
browser, the sharing of folders documents have defined ACLs and the ability to share depends firstly on correct 
authentication.
My $0.02.

Cheers,
Harry

Jeff Kell <jeff-kell () UTC EDU> wrote:

On 12/1/2012 7:45 AM, Geoffrey Steven Nathan wrote:

p { margin: 0; }

I will agree with Kevin here. My wife is a high-level administrator here, and often has to act very quickly on tricky 
personnel issues. When someone sends her a pdf related (say) to an emergency dismissal and her Acrobat insists on an 
update NOW, the last thing she needs is to submit a support ticket and wait a couple of days before she can read the 
file. This kind of thing happens more often than we might think (well, maybe not the emergency dismissal), but the 
notion that IT support student workers' time is more valuable than the Vice President's time, so we need to hold up 
their work to minimize IT support costs needs to be discussed with all parties involved.


But unfortunately that is the epitome of targeted spear phishing... getting an "administrator" to open a malicious 
attachment, and/or OK an "update".

Jeff

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]