Thoughts and ramblings (mikegerwitz.com)
 
 
 
 
 
 
Go to file
Mike Gerwitz 084d4d6e4c
Oxford University Blocks Google Docs
Oxford University decided to [block Google Docs][0] last month due to phishing
attacks against its users. To quote the blog post:

  Almost all the recent attacks have used Google Docs URLs, and in some cases
  the phishing emails have been sent from an already-compromised University
  account to large numbers of other Oxford users. Seeing multiple such incidents
  the other afternoon tipped things over the edge. We considered these to be
  exceptional circumstances and felt that the impact on legitimate University
  business by temporarily suspending access to Google Docs was outweighed by the
  risks to University business by not taking such action.[0]

This incident was brought to my attention by a blog post by Schneier,[1] in
which he referenced his [essay on ``feudal security''][2] (I commented in more
detail on this essay in [my response to a previous blog post of his][3]). In
this case, Oxford is trusting that it knows better than its users and has the
right to exercise this power over them in light of their inexperience with
handling these situations (or even recognizing them).[0]

This may very well be the case---the Oxford IT department probably does have a
better understanding of security than many of their users. However, by blocking
access to Google Docs, they are also blocking access to millions of legitimate
articles hosted there, which is far from acceptable. Oxford is more than just a
workplace---for which many would argue these actions are acceptable; it is a
university that should encourage freedom of expression. They simply must find a
better way of dealing with these problems. If a user falls victim to a phishing
attack within Oxford, they will likely fall victim outside of it.

Would Oxford consider blocking e-mail access too (where phishing attacks are
very cheap and common)?

  We appreciate and apologise for the disruption this caused for our users.
  Nevertheless, we must always think in terms of the overall risk to the
  University as a whole, and we certainly cannot rule out taking such action
  again in future [...][0]

N.B.: Google Docs is proprietary and I cannot recommend its use any more than I
can recommend use of Microsoft Office.

[0] http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
[1] https://www.schneier.com/blog/archives/2013/03/oxford_universi.html
[2] https://www.schneier.com/essay-406.html
[3] [cref:3fa69da6531cb2131a7f52d17eb77a75e01794ba] (I posted a link to my
response on his blog, but he did not approve the comment.)
2013-03-09 15:59:35 -05:00
README :Updated README with thoughts URL (HTML rendering) 2012-10-11 00:47:14 -04:00

README

Just a bunch of random thoughts at random times.

http://mikegerwitz.com/thoughts/