Tag Archives: UMN

Security

University: Anti-phishing not really a “policy”

Bogus Citibank login from phishing emailThe University of Minnesota’s HR department send me an email in January telling me that I had to submit to a background check. The good news: I do them all the time.

The bad news: the background check company can only complete the check if you follow a URL embedded in an email.

This is how phishing emails work. The email comes from a convincing-sounding source, like the University’s HR department, or some third-party on their behalf. You respond to it, only to find that it really wasn’t the HR department collecting the information.

Bottom line: you can’t trust email. No matter how many times it says “This isn’t a spam email,” or “This isn’t a phishing email,” you can’t trust email.

[Update 5 January 2018: The UMN HR department has sent me TWO possible phishes as I prepare to take up my reappointment. I passed this to the IT Security people. They have ‘spoken to’ the HR department, and they started a phishing blog.]

Continue reading University: Anti-phishing not really a “policy”

Tech Teaching

MSSE Cybersecurity Elective 2016

2 Comments

I am offering a Cybersecurity elective for students registered in the University of Minnesota’s Master of Science in Software Engineering program. As I described in the class on Friday, the course uses the textbook I wrote and does a lot of lab work with security tools, including Wireshark, nmap, Gnu Privacy Guard, and vulnerability scanning.

Here is a link to the 2015 syllabus.

Resources for proposed online course: