[Koha-devel] Social Engineering, was: How to gather better popularity data?
MJ Ray
mjr at phonecoop.coop
Thu May 26 21:01:52 CEST 2011
Ian Walls wrote:
> I talked with MJ a bit in Koha IRC yesterday to get a better understanding
> of his concerns. While there are theoretical exploits of the data found in
> libwebcats, I don't feel as though the site is putting anyone at particular
> risk. As Owen points out, most of this info can be found on many libraries
> websites, so it's already out there. [...]
The exploits are not theoretical. Organisations are under attack.
Only the use of libwebcats as an information source is guesswork.
Supplier information isn't on the websites of most libraries supported
by the co-op, in part for this reason.
> ANY information can be used for evil. In my opinion, the responsibility for
> the ethical usage of knowledge rests not with the content provider, but with
> the individual his/herself.
So why not post usernames and passwords publicly, then? Or run an
open mail relay? After all, responsibility rests with the individual
attacker. And that's why we don't do it: attackers are irresponsible
scoundrels and we should take reasonable steps to defend ourselves.
Hope that explains,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for various work through http://www.software.coop/
More information about the Koha-devel
mailing list