Weblog on the Internet and public policy, journalism, virtual community, and more from David Brake, a Canadian academic, consultant and journalist

Archive for the 'Security and encryption' Category | back to home

10 November 2003

“PC Support Advisor”:http://www.pcsupportadvisor.com/ has provided “free downloadable sample guidelines”:http://www.pcsupportadvisor.com/sasample/M0228.pdf for employee Internet use. Though they are fine as a starting point I would recommend tailoring them to your own circumstances and adding a clause warning that agreements entered into by email can often be binding so don’t discuss contracts with outside organizations if you are not authorised to make final decisions.

25 October 2003

I expressed worries about the new Outlook in an “earlier posting”:https://blog.org/archives/cat_email_discoveries.html#000904. It seems if you receive an email message using “Information Rights Management”:http://www.microsoft.com/office/preview/editions/technologies/irm.asp but don’t have the latest version of Outlook there is still a way to read it – you have to download an “Internet Explorer plugin”:http://r.office.microsoft.com/r/rlidRestrictedPermissionViewer?clid=1033 (and be given the necessary rights of course). It’s still a bit clumsy, though.

19 October 2003

Microsoft’s new “Information Rights Management”:http://www.microsoft.com/office/preview/editions/technologies/irm.asp software in Office 2003 will only let approved users open Outlook email messages which are ‘IRMed’ and allow users to set an expiry date after which their messages will die. Rather handy for business use, but if you “read the fine print”:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/trans/office/OFF0327.asp you find out that:
1) This is a subscription-based service, so if you use it you will be locked into paying Microsoft for ever after.
2) The only email software that will be able to read ‘IRMed’ messaged so far will be Outlook 2003 – and there are not even plans to make rights management work on the Mac.

I worry profoundly about what might happen if this proves popular. It might result in a situation where it’s a lot of hassle for non-Outlook email users to receive Outlook email and/or where people using Outlook end up having to remember who in their address book has Outlook and who doesn’t.

It also might actually make corporate email security worse – no technology fix is perfect and this might make people think they have solved the problem when in fact the only solution is eternal vigilance…

14 October 2003

Like many other Moveable Type weblog owners I have been suffering from a recent onslaught of automated, offensive ads for porn posted as comments to messages. Jay Allen has just produced a “spam blocking tool for Moveable Type”:http://www.jayallen.org/projects/mt-blacklist/ which should help some – I fear this is not a final solution to the problem but merely the start of a depressing “arms race” between spammers and weblog users which may substantially reduce the usefulness of weblogs for everyone. In a way I am surprised this took this long to happen, people being what they are.

P.S. I apologise in advance if you accidentally stumble across any offensive links in comments – it will take me a while to get around to deleting all of them because at least for the moment there is no easy way for me to bulk-delete comments.

16 September 2003

I have just finished “a simple guide to email use”:http://www.davidbrake.org/dealingwithemail/ for individuals or companies to accompany my book, “Dealing with E-mail”. It features additional material and numerous web links covering anti-spam and anti-virus techniques, legal issues, using email sensitively and effectively to market your products or services and simple ways to organize your old e-mail messages for easy retrieval.

I hope you like it – if you have any additional ideas, comments or (heaven forbid) corrections, please comment below.

15 September 2003

Simon Bisson has written a handy piece for the Guardian giving an overview of the software available to protect your business’ e-mail and how and why to deploy it.

17 July 2003

The easiest way to enable people to email you from a web page is to put some HTML code in – mailto:you@youraddress.com. Unfortunately this is also a good way to make sure spammers get ahold of that address. They send automated search spiders around the Internet looking for anything with an @ sign in it and add it to their databases. Follow the directions on the Email Protector page and you can put your address on a web page using a mailto: link but without giving spammers anything they can see.

One minor caveat – people with old web browsers may have trouble accessing your email that way. Also, this trick won’t protect you if you use your address itself as the link text – just use your name or company name as the link people click on. If you want to display your email address so people can type it into their software themselves or write it down, use “GIF TEXT”:http://www.srehttp.org/apps/gif_text/mkgiftxt.htm which will turn your email address into an image file which they will be able to understand but computers can’t.4mandu nokia ringtoneringtones 22free 5c nextel 22 5cp107 samsung all saints ringtonesalan cherrington exposure indecent11123 pickerington oh lane terrypickerington 11123 ln terry ohphotos accrington arialamateur swingers nevada yerington in Map

23 May 2003
Filed under:Security and encryption at1:31 pm

An experiment by a security company reported by The Register revealed, “Nine in ten (90 per cent) of office workers at London’s Waterloo Station gave away their computer password for a cheap pen” – or at least they gave away what they claimed was their password.

One interviewee said, “I am the CEO, I will not give you my password it could compromise my company’s information”.

A good start, but then the company boss blew it. He later said that his password was his daughter’s name.

‘What is your daughters name?’ the interviewer cheekily asked.

He replied without thinking: “Tasmin”.

loan mortgage second 100 mortgagemortgage refinance com 1st loansmortgage first loans americaninterest 100 only loancheck loan 07 up homeand mortgage loan agentcheck loan 5 credit nopay loans day hour 1american home loan incafter loan bankruptcy unsecured personal credit

10 May 2003
Filed under:Privacy,Security and encryption at5:43 pm

It seems there has been a flaw in Microsoft’s Passport that let hackers access anyone’s Passport account and (for example) access their Hotmail account or grab their credit card details.

Given the importance of this software, the part of the report that surprises and alarms me most is that despite Microsoft’s announcement at the beginning of last year that it would focus on improving the security and stability of its software:

“Reportedly Mr Danka [the guy who found the bug] sent 10 messages to Microsoft detailing the vulnerability but got no response.

Microsoft only reacted when information about the flaw was posted online.”

Instead of giving all your valuable information to Microsoft for convenience’s sake in order to help you avoid putting in your credit card details, name address etc into every site, the Liberty Alliance (including Sun, AOL, and HP) wants to “allow users to link identity information between accounts without centrally storing personal information” using open standards (emphasis mine). Surely a better approach, whatever you think of Microsoft!

2 May 2003

The BBC reports to my total lack of surprise that E-voting failed to stir the public in the local elections and it still didn’t work that well, either. At least two of the 18 areas which tried it had to go back to paper after the technology failed. The Swindon “success story” had 11,000 people voting via the Internet and just 339 voting via digital TV out of an electorate of 137,000 – and of course we don’t know how many of these would have voted conventionally anyway. My guess is “quite a few”.

Quite apart from the already well-rehearsed arguments about why it doesn’t appear to make much of a difference to turn-out (“conventional” voting isn’t that much trouble to begin with, for example) I would add that technology tends to be used more the more it is used (if you see what I mean).

If people were used to using the Internet to deliberate with their local and national governments throughout the year, it might be a natural move to vote electronically too. Without that, you are asking people to jump through security hoops and learn often un-familiar technologies for a once in four years chance to make their voting experience slightly better. No wonder they don’t seem too keen.

Solve the democratic deficit with local government first, make the Internet a useful way for local government to engage with the public year-round second, and e-voting would at last become significantly used. Indeed, turnout would rise to the point where e-voting wouldn’t be sought as a solution to a desperate problem of voter disenchantment but would be just one more way for citizens to work with councils.

For more detail on the e-voting trials check this report from before the results were announced, including some sagely skeptical comments from one of my profs, Stephen Coleman.

? Previous PageNext Page ?