How to use this Page

I am a huge fan of Chuck Wendig’s Miriam Black series so when I saw he had a new book coming out I had to read it. On the surface this appears to be a cyber-thriller about hacking. But in the hands of Chuck Wendig it goes somewhere quite different. The book opens and we are […]

Modern society requires a reliable and trustworthy Internet infrastructure. To achieve this goal, cybersecurity research has previously drawn from a multitude of disciplines, including engineering, mathematics, and social sciences, as well as the humanities. Cybersecurity is concerned with the study of the protection of information – stored and processed by computer-based systems – that might be vulnerable to unintended exposure and misuse.

The post How do we protect ourselves from cybercrime? appeared first on OUPblog.

I saw this post circulating around facebook and, of course, the word “library” caught my eye. The Boston Globe has a longer explanation about what all the kerfuffle is about, but still uses words like “hacking.” The Demand Progress blog, the organization that Aaron directs, has this statement and some additional blog posts. The New York Times seems to have the most comprehensive explanation of what happened when and has the text of the indictment.

What we do know is that the US Government has indicted Aaron Swartz [who you may know around the internet for any number of things] for, apparently and allegedly, downloading 4mil articles from JSTOR without (I think?) the proper credentials. Aaron turned himself in. At issue are many points of JSTORs terms of service and what sort of access is given to guests of the university. As Aaron is a net activist, I’m certain this is some level of intentional move on his part, I’m quite curious to see where it goes.

Update: JSTORs official statement, Wired article with more details

Brian points to this article about USB keyloggers that were found attached to computers at public libraries. If I saw one of these on a library computer, I might not even be sure what it was, or that it wasn’t part of the keyboard. Know your hardware, what to expect and what not to expect and check out the backs of your computers from time to time.

Tweet

By Simon McKay

In 1928 the iconic United States Supreme Court Justices Holmes and Brandeis dissented in a judgment that ruled the product of telephone conversations derived from “wiretapping” admissible. With characteristic eloquence, Mr Justice Brandeis held that “the confined criminal is as much entitled to redress as his most virtuous fellow citizen; no record of crime, however long, makes one an outlaw”. The judges could be forgiven for thinking that, at least in terms of the English law, eighty years on, things haven’t changed much.

There is a connection between the phone hacking row, which appears to be the preserve of celebrities who fear their calls may have been listened into and the changes to control orders, inelegantly re-named Terrorism Prevention and Investigatory Measures. On the one hand, there is a gaggle of media lawyers and their clients complaining that the Metropolitan Police has failed to take action against individuals eavesdropping on the most private of conversations and on the other the same material is secretly relied upon by the State to confine individuals, who have not been convicted of any offence, to effective house arrest and to impose other Orwellian sanctions. The apparent juxtaposition becomes manifest; the police and agencies rely on the material to counter terrorism, yet appear impotent in terms of investigating allegations of what is given the seemingly neutral term of phone hacking.

There needs to be some attempt to de-mystify what is meant by phone hacking, sometimes referred to as phone tapping. It is clear that practically what is meant is eavesdropping on voicemail messages.

Previously the police have asserted they could not rely on the evidence provided on the ground that it is not admissible. This is a reference to a legal provision in the Regulation of Investigatory Powers Act 2000 that prohibits the use of intercept product in court proceedings. However, it has been misunderstood. The prohibition largely relates to product of intercept warrants that the State obtains to protect national security and investigate other threats as well as serious crime – this is why terror suspects aren’t prosecuted in the criminal courts – the intelligence implicating them cannot be used for this purpose. It expressly does not apply where an illegal interception has occurred.

But is a third party listening to a voicemail an interception? The simple answer is that it might be, particularly if it has not been listened to (if it is, it is a criminal offence) but if it is not, it is almost certainly an offence under the Computer Misuse Act 1990. Where such offences may have been committed there is no question that the incident and evidence of interception or hacking is admissible and capable of being used by the police. Even if there was an argument to the contrary, the consent of the “victim” alleviates any remaining difficulty concerning the issue (if an individual consents to their calls being intercepted the prohibition on admissibility no longer applies).

To fair to the police, the highest courts in the land have found the question of what may amount to an interception “particularly puzzling” and the legislation “difficult to understand”. It is almost impenetrable but that is not really any excuse.

Add to this the fact that the law in this area is under review (again). A cynic could muse what all the fuss is about; surely the simplest thing would be to make the product of intercept admissible, even i

This week is  Choose  Privacy Week. To celebrate I wanted to write a post about passwords.

First, how many of you use the same password for every site you log into? Do you have the same user name as well?

I know often times we hear IT and other computer professionals tell us to never use the same password, but in reality we are often over worked, and have more important things to do with our brain cells than memorize a bunch of silly passwords (like memorize a bunch of book titles) Right?

I used to feel the same way until I read a blog post about how easy it is to guess one’s password.  Follow the link to see how easy your password is to hack, and then check back here for tips to make your password more secure.One of the simplest tricks I’ve heard it to establish a base password like “password” that you memorize, then add something for each site you visit. For example if you set up a password for Google you can use “passwordg”* or “googlepassword”* Making each password you set up unique, but still memorable.  Since most websites require you to use a combination of letters and numbers you might consider including these elements in your password base. *Note Password is just an example and not a very good choice for a password base

Another tip is to use a passcard to create a truly random and secure password. This is ideal for create a password for secure information like your online banking profile, or library’s personal files. You generate a unique grid of random letters and digits on it can print this out to carry in your wallet.  Select a pattern to use from the card as your password. This is more secure than just writing down the password, because hackers/snoops would still have about 10,000 password options to choose from the card, and they probably won’t readily know your user name.

If you want to be extremely secure, or are extremely forgetful you can use a password management add-on for your browser. Its recommended that you use a password to protect all your stored passwords, and make the password to the management software separate and unique from one your normally use to prevent it from being easily hacked.

Top Password management software are:

• KeePass
• LastPass
• 1Password
• RoboForm

Do you have any tips to share to keep your information secure?