Rss Feed
Tweeter button
Facebook button
Myspace button
Linkedin button
Delicious button
Digg button
Flickr button
Youtube button

Archive for the Category »security «

Anti-Terrorism Honor System

18
Feb 2010
By Michael

Because homicidal maniacs wouldn’t lie. Would they?

Category: college humor, security, travel, video  Leave a Comment

Don’t reuse passwords!

04
Feb 2010
By Michael

Twitter birdIf you’re a Twitter user you may have noticed that this week you might have been forced to change your password. Why? Because so many people use the same password for multiple sites that Twitter was getting hacked as a result. Turns out that so nefarious people were setting up other sites that required users to create usernames and passwords specifically to collect those passwords and try using them on other sites! Please, please, please, do not use the same password on more than one site!

Use a password generator, store your passwords in some secure software or Web site, create a passphrase that you can modify on a site-by-site basis. I don’t care how you do it, just use a different password on different sites. Still going to be lazy about this? Then at least use a different password on the really important stuff like your bank account.

Cross-posted on the ITART blog, The Travelin’ Librarian, and the NLC blog.

Category: passwords, security, twitter  Leave a Comment

Just because you’re paranoid, it doesn’t mean they aren’t out to get you

22
Jul 2009
By Michael

Last summer I got a new passport in preparation for my trip to Jamaica. Embedded in that new passport was an RFID chip containing an unspecified amount of data about me and my passport. I’m not a total paranoid freak but I’d read a bit about RFID and how easy it is for unauthorized people to read their contents. So, I’d purchased a passport jacket that contains mesh that will prevent just such a thing from happening. A few folks I know had looked at me with that “you’re a little off, aren’t you?” look when I explained the heavy-duty envelope for my passport.

Well, not the US State Department is recommending that folks purchase such a jacket since a recent report has pointed out how easily they are read. Don’t worry though. According to the State Department “hackers won’t find any practical use for data skimmed from RFID chips” but who am I to trust them now?

Of course, you could always disable the chip but that wouldn’t exactly be legal.

Category: rfid, security, travel  Leave a Comment

The DMCA is endangering American security

12
Jun 2009
By Michael

The Digital Millennium Copyright Act effects more than copyright issues. According to Angel Gunn:

The cybersecurity review says we need to improve academic and industry collaboration on cybersecurity and other technology issues. It also states we should "expand university curricula; and set the conditions to create a competent workforce for the digital age."

What the cybersecurity review should have said is, "We are raising a nation of timid technophobes who mistake using MyTwitFace for being a geek. Meanwhile, we have comprehensively, at every educational level, stripped away useful teaching tools and criminalized modes of research and inquiry in the name of copyright and liability laws, and sooner rather than later we are going to reap the whirlwind."

Or, putting it simply: We made ourselves stupid and now we must pay.

Read the full article on betanews.

Category: copyright, security  Leave a Comment

More from the White House on Cybersecurity

07
Jun 2009
By Michael

Category: obama, security, video, youtube  Leave a Comment

President Obama on Cybersecurity

01
Jun 2009
By Michael

Bonus: Bruce Schneier’s comments on the speech.

Category: government, obama, security, video, youtube  Leave a Comment

Configuring a public laptop: the result

15
Aug 2008
By Michael

A recent comment on my post about how to configure some public laptops reminded me and I’d not blogged the results.

First, in response to Scuba Steve who said "Giving public users administrator access is just stupid," I’ll respond by saying that there needs to be a balance between security and usability. I’ve been in plenty of labs and on plenty of public computers where they’re so locked down that I can’t do the simplest of actions on that computer. When you sacrifice usability for security, you end up loosing in the end.

Granted, on its face, giving the public admin rights does seem risky. However, especially in Vista, when you don’t have admin rights, there are a whole list of things that can seriously degrade your patron’s experience. Remember, this isn’t an office situation here, these are public-access computers. I think Steve would respond that this fact actually increases the risk more than in an office environment and I might tend to agree but it also changes the nature of the user. In an office, users are expected to do a certain list of things and therefore IT can anticipate how the computer will be used. Give access to the public and who know what they’ll want to do.

Lastly, these computers are mostly going to small rural libraries who have minimal to no technical expertise on staff. Therefore, what security is installed needs to be manageable by non-IT professionals.

So, I’ll stress again, there needs to be a balance. Here’s the balance I believe I’ve found:

There are two accounts, one for staff which is password protected, and one for the public which is not. (Don’t librarians just love handing out passwords to people?) Both accounts have full rights to the computer as far as Windows is concerned. I’ve also installed Steady State with the following two restrictions:

  1. The public account is "locked". This means that no matter what the user does to the computer, upon logout (or reboot) the changes are immediately removed.
  2. Access to Steady State has been blocked for the public account. This addresses Steve’s question "What would stop them from uninstalling/deleting SteadyState, Deep Freeze or any other restoring software you install?" In other words, in order to change or uninstall Steady State you must be logged in as the administrator.

As a result, staff can log in as staff and make any needed changes, install/remove software or run updates to the system as a whole without needing to touch Steady State at all. To make a permanent change specific to the public profile (i.e. add or remove desktop icons) they’ll just need to log in as staff, unlock the public account, log in as the public, make the changes, then log back in as staff and relock the public account. (That may sound complex but it doesn’t involve multiple reboots like Deep Freeze or Centurion Guard do.)

In the end I believe that I’ve found the balance that fits our needs. I’ve been running this setup in our lab for the past month and will be doing so for the next month before I actually set up the laptops in question. So far, this setup is working as needed.

Let me stress again: this solution fits our needs. Blanket statements such as it’s "stupid" to do something in every situation just shows that your thinking is locked and unfortunately rules out the flexibility that’s required to solve certain problems.

Category: NLC, security  3 Comments

Configuring a public laptop: Which direction should I take?

15
Jul 2008
By Michael

Here in Nebraska we’re going to be giving grants to give libraries who don’t already offer public access WiFi a Linksys WiFi router and a choice between a Dell laptop and a Samsung Q1. The question I have deals with how I should set up the laptops/Q1s. Before I describe the options keep the following in mind: a) They both run Vista. b) The fact that one’s an UMPC and one’s a traditional laptop is irrelevant. (At least I think the hardware is irrelevant. If you think it isn’t please explain.) and c) The computers will be made available for public use. So, which would you choose?

Option #1
Set up a staff account with admin privileges and a public account as a standard user. This way the staff can run updates and change settings and the public can’t alter anything.

Option #2
Have just one user account but install Windows Steady State so that no matter what the public does, a reboot solves everything. To make changes permanent the staff would just need to turn off Steady State first.

I have my opinions but I’m trying to see if I’ve missed anything. What do you think?

Category: NLC, security  9 Comments

What It’s Like To Fly With No ID Under The TSA’s New Regulations

23
Jun 2008
By Michael

The Consumerist has the story of a man who’s flown without ID under the new TSA rules. Here’s the scary part:

So you know how the new TSA regulations went into effect yesterday, where you can only fly without ID if you "cooperate" with the TSA? Well, it turns out you also have to take a test about your personal life. They call up a service to administer it, and the last question they asked was which political party am I registered under (I correctly answered "democrat" and they still let me on board).

Read the full story on The Consumerist.

Category: privacy, security, travel  Leave a Comment

The War on Photography

12
Jun 2008
By Michael

Bruce Schneier, security guru weighs in on the large number of photography-related "security" stories of late.

Given that real terrorists, and even wannabe terrorists, don’t seem to photograph anything, why is it such pervasive conventional wisdom that terrorists photograph their targets? Why are our fears so great that we have no choice but to be suspicious of any photographer? Because it’s a movie-plot threat.

Read the full article at Schneier on Security.

Category: photography, security  One Comment
« Previous Entries