Georgia Tech Web Security is a Rambling Wreck for 1.3 million people


As reported by WSB-TV news (see story here), a Georgia Tech security "breach impacts 1.3 million people, including some current and former faculty, students, staff and student applicants." Well duh! Not only are they NOT DMARC enforced, but their SPF record was obviously created by a freshman computer science student who slept through a number of classes:

v=spf1 ptr:outlook.com ptr:spf.protection.outlook.com ptr:gatech.edu ?all
What dat mean? First, this SPF record uses deprecated mechanisms or macros: ptr:outlook.com, ptr:pr.protection.outlook.com and ptr:gateach.edu. These should be eliminated from the record. Finally, this SPF record does NOT end in an appropriate "all" directive.

Word of advice: A good school fight song does not make "a hell of an engineer,"let alone a heck of a  competent CISO.

Mad Max

Comments

Popular Posts