[APG Public List] Ancestry Search - SomethingEVERY Professional Must Consider
laboswell at rogers.com
Fri Apr 23 06:15:03 MDT 2010
But sometimes how we go about security may seem useful, but actually serves
little purpose. A Boston newspaper had a good article on the idea of
changing passwords regularly that made some good points 'against' the
practice. I'll try to find it again. I probably have 100 passwords on
different sites that I regularly use. Changing them periodically simply
isn't feasible. If I'm getting the sense of the article right, the
suggestion was that it isn't changing passwords that protects you (simply
because hackers don't get your password and then simply hold onto it, if
they hacked a password they then act on it quickly. It's not like they find
out your password and then ponder what to do with it for awhile. If they got
past a password onto your computer they would also have access to the change
you subsequently make to your security. So constantly changing your
passwords makes no sense, even for financial/bank accounts. Something along
So as far as passwords go, some security experts are saying don't bother
constantly changing them. Doing so won't make a difference for the above
reasons. Obviously if it's a case where you definitely know your password
has been compromised or inadvertently shared, or your computer has been
hacked, that's a different case. But for most of us, if the password is a
good one, then leave it be.
Since I can't possibly go around updating/changing passwords (too many) I
feel more comfortable with the above reasoning. Put the security efforts
where it really makes a difference (maintaining firewall, updated virus
definitons, and so on). But keep it all reasonable.
Larry Boswell BA, PLCGS
"Historical & Genealogical Research Services"
Ottawa, Ontario, Canada
laboswell at rogers.com
----- Original Message -----
From: Christopher Gray
To: 'APG Posting'
Sent: Friday, April 23, 2010 2:57 AM
Subject: Re: [APG Public List] Ancestry Search - SomethingEVERY
Professional Must Consider
Ray Beere Johnson II posted an entry on this list on 22 April 2010 21:22
regarding, what I consider to be, basic security knowledge and we ALL need
to take heed.
It is not all "gloom and doom". This is not "scare mongering". However
all need to be aware and take appropriate steps to protect the interests
our clients and ourselves.
While the recently released reports, such as that by "Infowar Monitor" of
"shadow network" - "a complex ecosystem of cyber espionage that
systematically targeted and compromised computer systems in India, the
Offices of the Dalai Lama, the United Nations, and several other
seem a long way from our humble PCs used in our profession, they are not.
significant number of "cyber attacks" on organisations such as the DoD,
financial institutions and your local government are believed to be
out with the aid of "botnets" - networks of computers in such as people's
homes, schools, libraries and companies which have been "infected" with
software inadvertently downloaded through browsing the web, using social
networks or similar. Would you know if your computer was being used to
attack the DoD?
As well the possibility that your computer is being used against your
the "infection" may enable the hacker to download your data - including
sensitive reports on your clients. You could have a neighbourhood
"geek" who is trying out his/her skills on their neighbours ("I'm bored -
what shall I do?"), but I would suggest that the majority of infections
be run by automatic networks of computers looking for vulnerable computers
world-wide - for example whomever logs onto a specific site (my wife's
computer was attacked when she visited a shop's web-site selling good
quality shoes - their computer had been infected). So they will not be
particularly interested that John DOE (1892-1963) was bigamous. But would
you or your client be happy that such information was available
Is your password very hard to guess? Do you keep your operating system
up-to-date? Do you have a computer firewall? Do you have up-to-date
anti-virus software? Do you use separate computer accounts for accessing
the internet and working on your client's business? While I don't do the
last of these, I am considering it since it makes sense.
I agree with Ray's recommendation that basic IT security should be part of
any professional genealogists training - it is not "rocket science".
Guild of One-Name Studies member 3286
Society of Genealogists - 022836
The Gray / Grey One-Name Study (Worldwide) http://www.gray-ons.org/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the APGPublicList