Breeding, Marshall wrote: > I would be interested to understand more about what is meant by > "... potential for helping Social Engineering attacks".
Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim... http://en.wikipedia.org/wiki/Social_engineering_(security) Attackers do currently phone people up and trying to convince them that they're an IT support provider. It's on the increase - even the co-op has had a call, which I described on our blog recently in http://www.news.software.coop/kilman-it-services-social-engineering-phone-call-attack/1068/ These attacks are getting more sophisticated. I think it's only a matter of time before the fraud call centres start trying to target customers of particular providers. Library borrower records would be a treasure trove for identity thieves, so it disappoints me that many libraries are made easy to target. Support providers get a bit of publicity by announcing their contracts, but what's in those announcements and listings for the libraries, besides having their backsides hung out in the breeze? Why don't libwebcats and the LTG newswire try to discourage this bad behaviour by the private sector, instead of rewarding it? Is it just that these attacks aren't very widely known among libraries yet? Or is this why it says "Marshall Breeding or other individuals associated with Library Technology Guides are not response[sic] for any damages or losses associated with the use of the lib-web-cats database"? This is part of why I feel an optinally-anonymous popcon-style system would be much more ethical than suggesting libwebcats. Other than that, we get into things like libwebcats's anti-commercial/non-FOSS terms which we've discussed before. (In the few cases where the co-op has a credit link on an OPAC, it's where we know each others' names and there isn't much staff turnover.) Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha _______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
