Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/briankrebs/statuses/115153604680166075">BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 06-Sep-2025 07:16:57 JST</a><a href="https://infosec.exchange/@briankrebs" title="briankrebs@infosec.exchange"><img src="https://gnusocial.jp/avatar/21764-48-20231108132353.webp" width="48" height="48" alt="BrianKrebs" style="position: absolute; left: 0; top: 0;">BrianKrebs</a></section><article><p><a href="https://infosec.exchange/tags/StreisandEffect" rel="tag">#StreisandEffect</a>  </p><p>Copying an archive.is link of this OregonLive.com story because it probably deserves more attention and is behind a paywall:</p><p>"A former University of Oregon undergraduate who says he discovered a significant security flaw in the college’s computer network and twice reported it to university officials faced a disciplinary hearing as a result."</p><p>"Physics major Owen Mitchem said he was able to inadvertently access confidential information, including the Social Security numbers of more than 3,500 public university employees around the state, last fall, including of the university’s president and its football coach, the highest-paid public employee in the state. He says the breach should have been a wake-up call for the university to tighten its online security."</p><p>"But according to an email the university provided to The Oregonian/OregonLive in response to a public records request, the university’s associate dean of students, Dianne Tanjuaquio, concluded that Mitchem’s actions violated the school’s policies on “acceptable use of computing resources.” She required him to write a 750-word essay reflecting on the situation; if not completed, he could face a suspension of his student account, preventing him from registering for classes or changing his course schedule."</p><p>"Mitchem says he was just searching in Microsoft Teams for some budget figures for the physics club he ran when he stumbled across a spectrum of university financial documents, visible via files on SharePoint, a Microsoft tool that can be integrated with Teams. They seemed harmless at first glance, he told The Oregonian/OregonLive, but not something his student email permissions should have allowed him to view."</p><p>"Mitchem alerted a physics department grants technician and assumed the wide access would be quickly corrected. He later found out that the technician hadn’t alerted the university’s information department, meaning that unbeknownst to him, the IT department remained unaware of the security lapse, Mitchem said via email." </p><p><a href="https://archive.is/rG2KG" rel="nofollow">https://archive.is/rG2KG</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5592126#notice-10980387">In conversation</a><time datetime="2025-09-06T07:16:57+09:00" title="Saturday, 06-Sep-2025 07:16:57 JST">about 5 months ago</time> <span>from <span><a href="https://infosec.exchange/@briankrebs/115153604680166075" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@briankrebs/115153604680166075">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/24597">Untitled attachment</a></label><br></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://www.oregonlive.com:443/">Oregon Local News, Breaking News, Sports &amp; Weather</a></h5><div></div></header><div>Get the latest Oregon Local News, Sports News &amp; US breaking News. View daily OR weather updates, watch videos and photos, join the discussion in forums. Find more news articles and stories online at OregonLive.com</div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/5167735">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
BrianKrebs (briankrebs@infosec.exchange)'s status on Saturday, 06-Sep-2025 07:16:57 JST BrianKrebs
#StreisandEffect
Copying an archive.is link of this OregonLive.com story because it probably deserves more attention and is behind a paywall:
"A former University of Oregon undergraduate who says he discovered a significant security flaw in the college’s computer network and twice reported it to university officials faced a disciplinary hearing as a result."
"Physics major Owen Mitchem said he was able to inadvertently access confidential information, including the Social Security numbers of more than 3,500 public university employees around the state, last fall, including of the university’s president and its football coach, the highest-paid public employee in the state. He says the breach should have been a wake-up call for the university to tighten its online security."
"But according to an email the university provided to The Oregonian/OregonLive in response to a public records request, the university’s associate dean of students, Dianne Tanjuaquio, concluded that Mitchem’s actions violated the school’s policies on “acceptable use of computing resources.” She required him to write a 750-word essay reflecting on the situation; if not completed, he could face a suspension of his student account, preventing him from registering for classes or changing his course schedule."
"Mitchem says he was just searching in Microsoft Teams for some budget figures for the physics club he ran when he stumbled across a spectrum of university financial documents, visible via files on SharePoint, a Microsoft tool that can be integrated with Teams. They seemed harmless at first glance, he told The Oregonian/OregonLive, but not something his student email permissions should have allowed him to view."
"Mitchem alerted a physics department grants technician and assumed the wide access would be quickly corrected. He later found out that the technician hadn’t alerted the university’s information department, meaning that unbeknownst to him, the IT department remained unaware of the security lapse, Mitchem said via email."
https://archive.is/rG2KG
In conversationabout 5 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment
2. No result found on File_thumbnail lookup.
  Oregon Local News, Breaking News, Sports & Weather
  Get the latest Oregon Local News, Sports News & US breaking News. View daily OR weather updates, watch videos and photos, join the discussion in forums. Find more news articles and stories online at OregonLive.com
3. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice