<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.6001.18904"> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT size=2 face="Courier New">But sometimes how we go about security may seem useful, but actually serves little purpose. A Boston newspaper had a good article on the idea of changing passwords regularly that made some good points 'against' the practice. I'll try to find it again.  I probably have 100 passwords on different sites that I regularly use. Changing them periodically simply isn't feasible. If I'm getting the sense of the article right, the suggestion was that it isn't changing passwords that protects you (simply because hackers don't get your password and then simply hold onto it, if they hacked a password they then act on it quickly. It's not like they find out your password and then ponder what to do with it for awhile. If they got past a password onto your computer they would also have access to the change you subsequently make to your security. So constantly changing your passwords makes no sense, even for financial/bank accounts. Something along those lines).</FONT></DIV> <DIV><FONT size=2 face="Courier New"></FONT> </DIV> <DIV><FONT size=2 face="Courier New">So as far as passwords go, some security experts are saying don't bother constantly changing them. Doing so won't make a difference for the above reasons. Obviously if it's a case where you definitely know your password has been compromised or inadvertently shared, or your computer has been hacked, that's a different case. But for most of us, if the password is a good one, then leave it be.</FONT></DIV> <DIV><FONT size=2 face="Courier New"></FONT> </DIV> <DIV><FONT size=2 face="Courier New">Since I can't possibly go around updating/changing passwords (too many) I feel more comfortable with the above reasoning. Put the security efforts where it really makes a difference (maintaining firewall, updated virus definitons, and so on). But keep it all reasonable. </FONT><FONT size=2 face="Courier New"></FONT></DIV> <DIV><FONT size=2 face="Courier New"></FONT> </DIV> <DIV><FONT size=2 face="Courier New">Larry</FONT></DIV> <DIV> </DIV> <DIV>Larry Boswell BA, PLCGS<BR><A href="http://www.TheBackstairs.com">www.TheBackstairs.com</A><BR><A href="http://thebackstairs.com/blog/">http://thebackstairs.com/blog/</A><BR>"Historical & Genealogical Research Services"<BR>Ottawa, Ontario, Canada<BR><A href="mailto:laboswell@rogers.com">laboswell@rogers.com</A></DIV> <BLOCKQUOTE style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original Message ----- </DIV> <DIV style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A title=Christopher.Gray@Newscope-Solutions.co.uk href="mailto:Christopher.Gray@Newscope-Solutions.co.uk">Christopher Gray</A> </DIV> <DIV style="FONT: 10pt arial"><B>To:</B> <A title=apgpubliclist@apgen.org href="mailto:apgpubliclist@apgen.org">'APG Posting'</A> </DIV> <DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, April 23, 2010 2:57 AM</DIV> <DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [APG Public List] Ancestry Search - SomethingEVERY Professional Must Consider</DIV> <DIV><BR></DIV>Ray Beere Johnson II posted an entry on this list on 22 April 2010 21:22<BR>regarding, what I consider to be, basic security knowledge and we ALL need<BR>to take heed.<BR><BR>It is not all "gloom and doom".  This is not "scare mongering".  However we<BR>all need to be aware and take appropriate steps to protect the interests of<BR>our clients and ourselves.<BR><BR>While the recently released reports, such as that by "Infowar Monitor" of a<BR>"shadow network" - "a complex ecosystem of cyber espionage that<BR>systematically targeted and compromised computer systems in India, the<BR>Offices of the Dalai Lama, the United Nations, and several other countries",<BR>seem a long way from our humble PCs used in our profession, they are not.  A<BR>significant number of "cyber attacks" on organisations such as the DoD,<BR>financial institutions and your local government are believed to be carried<BR>out with the aid of "botnets" - networks of computers in such as people's<BR>homes, schools, libraries and companies which have been "infected" with<BR>software inadvertently downloaded through browsing the web, using social<BR>networks or similar.  Would you know if your computer was being used to<BR>attack the DoD?<BR><BR>As well the possibility that your computer is being used against your will,<BR>the "infection" may enable the hacker to download your data - including<BR>sensitive reports on your clients.  You could have a neighbourhood computer<BR>"geek" who is trying out his/her skills on their neighbours ("I'm bored -<BR>what shall I do?"), but I would suggest that the majority of infections will<BR>be run by automatic networks of computers looking for vulnerable computers<BR>world-wide - for example whomever logs onto a specific site (my wife's<BR>computer was attacked when she visited a shop's web-site selling good<BR>quality shoes - their computer had been infected).  So they will not be<BR>particularly interested that John DOE (1892-1963) was bigamous.  But would<BR>you or your client be happy that such information was available world-wide?<BR><BR>Is your password very hard to guess?  Do you keep your operating system<BR>up-to-date?  Do you have a computer firewall? Do you have up-to-date<BR>anti-virus software?  Do you use separate computer accounts for accessing<BR>the internet and working on your client's business? While I don't do the<BR>last of these, I am considering it since it makes sense.<BR><BR>I agree with Ray's recommendation that basic IT security should be part of<BR>any professional genealogists training - it is not "rocket science".  <BR><BR>Chris<BR><BR>[Christopher Gray]<BR>Guild of One-Name Studies member 3286<BR>Society of Genealogists - 022836<BR>éminence grise<BR>The Gray / Grey One-Name Study (Worldwide) <A href="http://www.gray-ons.org/">http://www.gray-ons.org/</A><BR><BR><BR><BR><BR><BR><BR></BLOCKQUOTE></BODY></HTML>