[Koha-devel] Social Engineering, was: How to gather better popularity data?
MJ Ray
mjr at phonecoop.coop
Wed May 25 21:28:02 CEST 2011
Breeding, Marshall wrote:
> I would be interested to understand more about what is meant by
> "... potential for helping Social Engineering attacks".
Social engineering is the act of manipulating people into performing
actions or divulging confidential information. While similar to a
confidence trick or simple fraud, the term typically applies to
trickery or deception for the purpose of information gathering, fraud
or computer system access; in most cases the attacker never comes
face-to-face with the victim...
http://en.wikipedia.org/wiki/Social_engineering_(security)
Attackers do currently phone people up and trying to convince them
that they're an IT support provider. It's on the increase - even the
co-op has had a call, which I described on our blog recently in
http://www.news.software.coop/kilman-it-services-social-engineering-phone-call-attack/1068/
These attacks are getting more sophisticated. I think it's only a
matter of time before the fraud call centres start trying to target
customers of particular providers.
Library borrower records would be a treasure trove for identity
thieves, so it disappoints me that many libraries are made easy to
target. Support providers get a bit of publicity by announcing their
contracts, but what's in those announcements and listings for the
libraries, besides having their backsides hung out in the breeze?
Why don't libwebcats and the LTG newswire try to discourage this bad
behaviour by the private sector, instead of rewarding it? Is it just
that these attacks aren't very widely known among libraries yet? Or
is this why it says "Marshall Breeding or other individuals associated
with Library Technology Guides are not response[sic] for any damages
or losses associated with the use of the lib-web-cats database"?
This is part of why I feel an optinally-anonymous popcon-style system
would be much more ethical than suggesting libwebcats. Other than
that, we get into things like libwebcats's anti-commercial/non-FOSS
terms which we've discussed before.
(In the few cases where the co-op has a credit link on an OPAC, it's
where we know each others' names and there isn't much staff turnover.)
Hope that explains,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha
More information about the Koha-devel
mailing list