In one of his recorded concerts, Tom Paxton noted that one of his charges is to identify areas in which topical songs must be written, so that the people can rise up to fight the threats identified by the songs. Examples of this include the songs “Too Many Lawyers”, “Yuppies in the Sky”, “I’m Changing My Name to Chrysler”, and “Evacuation”. Today’s lunchtime perusal of the news makes me wish I could write a song to educate people about information assurance:
- From the “Getting to Know You” Department: The SF Chronicle has an interesting article on how putting too much information out there on social networks makes life easy for identity thiefs. In some ways the article is right, and in some ways it is wrong. It is certainly correct that people put too much information in their profile on Facebook, and this makes it all handy in one place. But it is important to note that tools such as Google make the risk not just limited to Facebook: think of all the information that could be mined by Googling your name, and looking you up in things like switchboard and geneology databases. I mention this because I don’t want there to be a false sense of security from removing your information from Facebook when it is still available elsewhere. In this case, as with the lawyers, it may already be too late.
- From the “Just Do It” Department: However, all hope is not lost. PC World has a nice article on things you can do to stop security threats. Of course, the most important thing is awareness, which you get by reading the PC World article. Still, it is useful to be cognizant of what FB applications you permit to access your data, the source of your quizzes, and how to avoid all these things that pop up on your screen.
- From the “It’s Everywhere!” Department: The SF Chronicle has a nice article pointing out that the problem isn’t just Facebook. Increasingly, there are malicious websites that will attempt to infect you. This can be best summarized as “Stay on the brightly lit streets where the people are, and don’t go down dark alleys”. See, your mother was right. As a corollary to this, remember to always check URLs before you click on them (cut and paste, if necessary)… and be extra suspicious of shortened URLs.
- From the “It is a Threat” Department: As the recent Google incident has shown, the concern is more than single individuals. There may be more focused attacks. The NY Times has a nice analysis of the difficulties involved in cyberdefense that is well worth reading.
- From the “But Everyone Is Doing It” Department: As a last remember, we shouldn’t assume we are safe because “everyone else is doing it”. I saw a great example of this in the transportation world (I’m convinced transportation grows better and better as an analogy for IA every day): there’s a study that recommends increasing the speed limit on some streets in the San Fernando Valley. Why am I mentioning this in connection to security? Note the following: “the law says a speed survey must be done every 7 years (there can be a one-time 3-year extension) to find the real average speed that 85% of drivers are doing”. Think about that for a second. If everyone starts speeding, the speed limit increases over time. This is just like the privacy issues on the net: once everyone starts compromising their privacy, it becomes accepted. Note that “accepted” is a different thing than “safe”.
Lastly, I’d like to recommend two blogs worth following in this area: Bruce Schneier’s (http://www.schneier.com/, bruce_schneier) and Brian Krebs (http://www.krebsonsecurity.com/, krebsonsecurity). Both are excellent.
