On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote: > Details are at > > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578 > https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
It seems to me that everything follows from whatever access the initial 'unclicked email' malware gave to the hackers. But how can malware jump from an email that's not "clicked", into some part of the university's systems? Unless... the email was being viewed via a webmail system running on a server not owned by the university? Then... is this just malware of the sort that any website could deliver to any visitor? Even if it was, one might expect the viewer to have been using a desktop PC of some sort, with - surely - whatever anti-malware software the university deems appropriate for their PCs? Or... do all their staff use a mish-mash of personal devices, and those don't have to have any anti-malware apps on them? -- Jeremy Nicoll - my opinions are my own.
