Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password.
In keeping with the spirit of my last post, this article discusses the human side of informational privacy and the simple fact that states: no matter what technical protections you have, your privacy and security is only as good as the person defending it.
This method means that without ever having to delve into the details, everyday people can glance at the simple icons atop a privacy to know if and how their data is being used. At the same time, it gives companies the flexibility required to create comprehensive and meaningful policies. We’ve found a way past the deadlock.
An interesting idea that, under the right circumstances would be an excellent alternative to current private policies. I need to stay tuned on its development.
No self-respecting information privacy/security blog can pass on the Google story. My reaction: Right On Google! This is a strike FOR information privacy and security. Below are some links that give different reaction to what happened and will happen:
The Google News: China Enters the Bush-Cheney Era
Google Warns of China Exit Over Hacking
The short answer is: Yes! This is based on a number of articles and essays1 I’ve read over the last couple of days which suggest not only is there a privacy problem but more specifically, why information privacy and data security is/will be an essential practice area for the foreseeable future. Below is my take-way and the article links:
We are the Web
Clearly, more of our lives are migrating to the Internet. On the one hand, this is a good thing as we are better able to access information, communicate with one another and live more efficiently. One the other hand, with so much data about us floating about it will be increasingly harder for us to control who has it, how they use it and if we can correct it. Less control=increase potential to abuse at our own expense.
Airport Scanners Can Store, Transmit Images
Social Media Users No Longer Expect Privacy
Smart Grids and Privacy: here and here also
Taking a closer look at Cloud Computing, Privacy and Security
Mobile Web Rises and so do the threats
Our telephones are rapidly becoming full on computers. And if you’re like most people, you’ll use it to store your photos, passwords, contact lists, bookmarks and perhaps even some financial date. All that in the palm of your hand or bottom of your pocket. Being so mobile is convenient but is also dangerous. It is much easier to misplace, loose, have stolen or confiscated your electric brain or have it hacked on the go then it is to steal or access a desktop bolted to your desk and behind a firewall.
Mobile Net + Social Media Powerpoint
The rise of Cybercrime
As more and more of our lives move to the “cloud”, cyber-criminals are offered more potentially vulnerable target to attack. As in criminal theory from the beginning of time, you don’t waste your time robbing poor folk when you can rob a bank for a serious payout. One data center hack can provide a lifetime of personal info as opposed to stealing one person’s card that can only gives you up to the individuals credit limit. The need for stronger information security and date breach disclosure laws is clearly evident.
How to hack like the Chinese Government
Ubiquity of Social Media
As we become more connected at home, work and for fun so to do we increase the ability of third parties and strangers to gain access to information we originally only wanted our closest of closest to know. Moreover,since we have no connection or very little connection to these people we have even less means to control how they use, distribute or abuse our information.
Spiceworks is becoming the Facebook for IT managers
The Rise of Company-wide Social Networks
- including Google’s startling announcement today [↩]
- School’s with Information Security degrees: NYU-Poly, Indiana University, Georgia Tech, Carnegie Mellon, Purdue, George Mason, Cal Poly Pomona [↩]
If I ever needed a good reason to study information privacy law, this post (while a bit dated) lays out the whys and wherefores clearly and concisely:
Information privacy law remains a fairly young field, and it has yet to take hold as a course taught consistently in most law schools. I’m hoping to change all that. So if you’re interested in exploring issues involving information technology, criminal procedure, or free speech, here are a few reasons why you should consider adding information privacy law to your course mix:
Thinking back to my grad school days … all research must or should begin with a review of the literature (otherwise known as the synopsis of all the work that has been done on the subject before you). Since information privacy law is so new, I wasn’t really sure where to begin that review. As a shortcut, I decided to look at what the top laws schools are teaching on the subject. The results didn’t really surprise me. Of the top sixteen law schools only six have a stand alone information privacy law course. Of those six, four of the courses were seminars. Another two of the top sixteen had privacy law courses that included a section on information privacy. Another one had a computer law course that touched on privacy law but not information privacy law. The rest had nada, or nothing I could find on their websites. As expected it appears that much of what is happening in the practice area is being done as I write, contemporaneously. No sweat … time to dust off my old (but hopefully not too outdated) IPL hornbook.,