[APG Public List] Ancestry Search - SomethingEVERY Professional Must Consider

LBoswell laboswell at rogers.com
Fri Apr 23 06:15:03 MDT 2010


But sometimes how we go about security may seem useful, but actually serves 
little purpose. A Boston newspaper had a good article on the idea of 
changing passwords regularly that made some good points 'against' the 
practice. I'll try to find it again.  I probably have 100 passwords on 
different sites that I regularly use. Changing them periodically simply 
isn't feasible. If I'm getting the sense of the article right, the 
suggestion was that it isn't changing passwords that protects you (simply 
because hackers don't get your password and then simply hold onto it, if 
they hacked a password they then act on it quickly. It's not like they find 
out your password and then ponder what to do with it for awhile. If they got 
past a password onto your computer they would also have access to the change 
you subsequently make to your security. So constantly changing your 
passwords makes no sense, even for financial/bank accounts. Something along 
those lines).

So as far as passwords go, some security experts are saying don't bother 
constantly changing them. Doing so won't make a difference for the above 
reasons. Obviously if it's a case where you definitely know your password 
has been compromised or inadvertently shared, or your computer has been 
hacked, that's a different case. But for most of us, if the password is a 
good one, then leave it be.

Since I can't possibly go around updating/changing passwords (too many) I 
feel more comfortable with the above reasoning. Put the security efforts 
where it really makes a difference (maintaining firewall, updated virus 
definitons, and so on). But keep it all reasonable.

Larry

Larry Boswell BA, PLCGS
www.TheBackstairs.com
http://thebackstairs.com/blog/
"Historical & Genealogical Research Services"
Ottawa, Ontario, Canada
laboswell at rogers.com
  ----- Original Message ----- 
  From: Christopher Gray
  To: 'APG Posting'
  Sent: Friday, April 23, 2010 2:57 AM
  Subject: Re: [APG Public List] Ancestry Search - SomethingEVERY 
Professional Must Consider


  Ray Beere Johnson II posted an entry on this list on 22 April 2010 21:22
  regarding, what I consider to be, basic security knowledge and we ALL need
  to take heed.

  It is not all "gloom and doom".  This is not "scare mongering".  However 
we
  all need to be aware and take appropriate steps to protect the interests 
of
  our clients and ourselves.

  While the recently released reports, such as that by "Infowar Monitor" of 
a
  "shadow network" - "a complex ecosystem of cyber espionage that
  systematically targeted and compromised computer systems in India, the
  Offices of the Dalai Lama, the United Nations, and several other 
countries",
  seem a long way from our humble PCs used in our profession, they are not. 
A
  significant number of "cyber attacks" on organisations such as the DoD,
  financial institutions and your local government are believed to be 
carried
  out with the aid of "botnets" - networks of computers in such as people's
  homes, schools, libraries and companies which have been "infected" with
  software inadvertently downloaded through browsing the web, using social
  networks or similar.  Would you know if your computer was being used to
  attack the DoD?

  As well the possibility that your computer is being used against your 
will,
  the "infection" may enable the hacker to download your data - including
  sensitive reports on your clients.  You could have a neighbourhood 
computer
  "geek" who is trying out his/her skills on their neighbours ("I'm bored -
  what shall I do?"), but I would suggest that the majority of infections 
will
  be run by automatic networks of computers looking for vulnerable computers
  world-wide - for example whomever logs onto a specific site (my wife's
  computer was attacked when she visited a shop's web-site selling good
  quality shoes - their computer had been infected).  So they will not be
  particularly interested that John DOE (1892-1963) was bigamous.  But would
  you or your client be happy that such information was available 
world-wide?

  Is your password very hard to guess?  Do you keep your operating system
  up-to-date?  Do you have a computer firewall? Do you have up-to-date
  anti-virus software?  Do you use separate computer accounts for accessing
  the internet and working on your client's business? While I don't do the
  last of these, I am considering it since it makes sense.

  I agree with Ray's recommendation that basic IT security should be part of
  any professional genealogists training - it is not "rocket science".

  Chris

  [Christopher Gray]
  Guild of One-Name Studies member 3286
  Society of Genealogists - 022836
  éminence grise
  The Gray / Grey One-Name Study (Worldwide) http://www.gray-ons.org/






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <../attachments/20100423/fb228ebc/attachment.htm>


More information about the APGPublicList mailing list