Mitigating OSINT Threats within Schools and Universities

Locating Faculty

Building information

Location Information

Open Webcams

Remediation

  • All faculty should be trained and aware of basic security surrounding social media and sharing information in public.
  • Schools and Universities should be cautious of posting emails with obvious name connections like “first.last@university.com” and instead use a mix of letters and numbers like “fnl5673@university.com.”
  • Better care should be taken for many school documents and files that aren’t needed by the general public. These files should be kept behind authentication measures to limit access.
  • Posting the names of students along with their location should be avoided (think soccer team player list +soccer game schedule). When possible, abbreviate names or limit it to “Name B.”
  • Schools, daycares, and universities should immediately change the default username and password on their webcams to prevent unwanted access.
  • If you have concerns, don’t be afraid to bring them up to school authorities! Sometimes an outside perspective on threats can cause them to reevaluate policies.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
wondersmith_rae

wondersmith_rae

@wondersmith_rae | OSINT Analyst | @OSINTCurious Advisory Board | @QuizTime | http://Tracelabs.org | http://safeescape.org | Speaker and @Wiley Author