[Koha-devel] Social Engineering, was: How to gather better popularity data?

Scott Kushner skushner at mtpl.org
Wed May 25 22:59:43 CEST 2011 

I wouldn't take the opinion of one individual (including myself) as
representing the view of the "community". 

Scott Kushner
Information Systems Librarian
Middletown Public Library

-----Original Message-----
From: koha-devel-bounces at lists.koha-community.org
[mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of
Breeding, Marshall
Sent: Wednesday, May 25, 2011 4:13 PM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] Social Engineering, was: How to gather better
popularity data?

A most interesting response.  So being listed in the lib-web-cats
directory is damaging to a library?  And being listed in Koha
community's own wiki would not be?  It seems to me that libraries gain
benefits from being more easily discovered on the Web.   In April 2011
alone, for example, there were 90,424 times when someone clicked through
from a lib-web-cats entry to a library's Web site or catalog. Altogether
there were 2,090,393 page requests in Library Technology Guides in
April.  

I also believe that the Koha community benefits from any resource that
documents the ever increasing numbers of libraries adopting the system.


It feels odd to be criticized for efforts that I believe provide
benefits to the broader library community.  Including a disclaimer does
not imply that the data are being used unethically.

-marshall

Marshall Breeding
Editor, Library Technology Guides
http://www.librarytechnology.org
marshall.breeding at librarytechnology.org
http://twitter.com/mbreeding


  

-----Original Message-----
From: koha-devel-bounces at lists.koha-community.org
[mailto:koha-devel-bounces at lists.koha-community.org] On Behalf Of MJ Ray
Sent: Wednesday, May 25, 2011 2:28 PM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] Social Engineering, was: How to gather better
popularity data?

Breeding, Marshall wrote:
> I would be interested to understand more about what is meant by "... 
> potential for helping Social Engineering attacks".

Social engineering is the act of manipulating people into performing
actions or divulging confidential information. While similar to a
confidence trick or simple fraud, the term typically applies to trickery
or deception for the purpose of information gathering, fraud or computer
system access; in most cases the attacker never comes face-to-face with
the victim...
http://en.wikipedia.org/wiki/Social_engineering_(security)

Attackers do currently phone people up and trying to convince them that
they're an IT support provider.  It's on the increase - even the co-op
has had a call, which I described on our blog recently in
http://www.news.software.coop/kilman-it-services-social-engineering-phon
e-call-attack/1068/

These attacks are getting more sophisticated.  I think it's only a
matter of time before the fraud call centres start trying to target
customers of particular providers.

Library borrower records would be a treasure trove for identity thieves,
so it disappoints me that many libraries are made easy to target.
Support providers get a bit of publicity by announcing their contracts,
but what's in those announcements and listings for the libraries,
besides having their backsides hung out in the breeze?

Why don't libwebcats and the LTG newswire try to discourage this bad
behaviour by the private sector, instead of rewarding it?  Is it just
that these attacks aren't very widely known among libraries yet?  Or is
this why it says "Marshall Breeding or other individuals associated with
Library Technology Guides are not response[sic] for any damages or
losses associated with the use of the lib-web-cats database"?

This is part of why I feel an optinally-anonymous popcon-style system
would be much more ethical than suggesting libwebcats.  Other than that,
we get into things like libwebcats's anti-commercial/non-FOSS terms
which we've discussed before.


(In the few cases where the co-op has a credit link on an OPAC, it's
where we know each others' names and there isn't much staff turnover.)

Hope that explains,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit
co-op.
http://koha-community.org supporter, web and LMS developer,
statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/ git :
http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

More information about the Koha-devel mailing list