[Koha-devel] Social Engineering, was: How to gather better popularity data?
Breeding, Marshall
marshall.breeding at Vanderbilt.Edu
Wed May 25 22:13:05 CEST 2011
A most interesting response. So being listed in the lib-web-cats directory is damaging to a library? And being listed in Koha community's own wiki would not be? It seems to me that libraries gain benefits from being more easily discovered on the Web. In April 2011 alone, for example, there were 90,424 times when someone clicked through from a lib-web-cats entry to a library's Web site or catalog. Altogether there were 2,090,393 page requests in Library Technology Guides in April.
I also believe that the Koha community benefits from any resource that documents the ever increasing numbers of libraries adopting the system.
It feels odd to be criticized for efforts that I believe provide benefits to the broader library community. Including a disclaimer does not imply that the data are being used unethically.
-marshall
Marshall Breeding
Editor, Library Technology Guides
http://www.librarytechnology.org
marshall.breeding at librarytechnology.org
http://twitter.com/mbreeding
-----Original Message-----
From: koha-devel-bounces at lists.koha-community.org [mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of MJ Ray
Sent: Wednesday, May 25, 2011 2:28 PM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] Social Engineering, was: How to gather better popularity data?
Breeding, Marshall wrote:
> I would be interested to understand more about what is meant by "...
> potential for helping Social Engineering attacks".
Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim...
http://en.wikipedia.org/wiki/Social_engineering_(security)
Attackers do currently phone people up and trying to convince them that they're an IT support provider. It's on the increase - even the co-op has had a call, which I described on our blog recently in http://www.news.software.coop/kilman-it-services-social-engineering-phone-call-attack/1068/
These attacks are getting more sophisticated. I think it's only a matter of time before the fraud call centres start trying to target customers of particular providers.
Library borrower records would be a treasure trove for identity thieves, so it disappoints me that many libraries are made easy to target. Support providers get a bit of publicity by announcing their contracts, but what's in those announcements and listings for the libraries, besides having their backsides hung out in the breeze?
Why don't libwebcats and the LTG newswire try to discourage this bad behaviour by the private sector, instead of rewarding it? Is it just that these attacks aren't very widely known among libraries yet? Or is this why it says "Marshall Breeding or other individuals associated with Library Technology Guides are not response[sic] for any damages or losses associated with the use of the lib-web-cats database"?
This is part of why I feel an optinally-anonymous popcon-style system would be much more ethical than suggesting libwebcats. Other than that, we get into things like libwebcats's anti-commercial/non-FOSS terms which we've discussed before.
(In the few cases where the co-op has a credit link on an OPAC, it's where we know each others' names and there isn't much staff turnover.)
Hope that explains,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
More information about the Koha-devel
mailing list