Dropbox has suffered through a number of security- and privacy-related incidents over the past year, which has left its frustrated but loyal userbase asking how they can continue using Dropbox while still properly securing their data.

SecretSync, a new startup, hopes to be the answer to that question. SecretSync encrypts sensitive data that you place in Dropbox so that, in the event Dropbox releases your files to law enforcement agencies or inadvertently makes your data public, you have nothing to worry about: your data will be completely inscrutable thanks to the client-side encryption used by SecretSync. Because your . . . [more]

Last week I gave a talk at Victor Medina’s excellent MILOfest conference about How to Secure Your Mac Law Firm. In preparing for the talk, I developed the following set of best practices that any lawyer using Apple devices should employ to help protect their law firm’s data:

Securing Your Desktops/Laptops

• Upgrade to OS X Lion and enable FileVault 2 for full disk encryption. Read more about FileVault 2 and Lion here.
• Enable the off-by-default firewall.
• Set your screen saver / lock screen to activate after 5 or fewer minutes of activity.
• Disable automatic login.
• Enable Find my Mac

Here’s a quick tip from digital inspiration (via Lifehacker). If you don’t use a password generating/saving application, you may want to turn to the computational engine Wolfram-Alpha the next time you need to come up with a “random” password. Simply enter into the search box on that site [password of n characters] where ‘n’ is the number of characters you want. Wolfram Alpha returns this (for a 7 character request):

The phonetic form may help you memorize the new password. (I’d prefer the sort of thing we do with our postal codes; thus, for this, perhaps: “Why two? Ask . . . [more]

The LISNews library-related site has been running a series on IT Security for Libraries.

The most recent part covers 20 Common Security Myths:

1. You have nothing important to steal
2. Having antivirus software makes you completely safe
3. Using Mac/Linux makes you safe
4. Patches and updates make things worse and break them
5. You can look at a site and know it’s safe and not serving bad stuff
6. Using a firewall makes you safe
7. Complex frequently changed passwords make you safe
8. Avoiding IE makes me safe
9. If an email comes from a familiar face it’s ok
10. If a link comes from

♬ An’ now I’m flyin’ through the air.
On a cloud, on a cloud.
On a cloud, lookin’ down…♬

Lyrics and Music by Cody Canada, recorded by Cross Canadian Ragweed.

Further to Simon Fodden’s post on August 16, 2011 entitled: “Privacy Commissioner Releases PIPEDA Guide for Lawyers“, I thought that a relevant passage in that report dealing with safeguarding personal information and in particular, with reference to mobile devices and cloud computing, would deserve its own post. The section in question on Safeguarding Personal Information is as follows (relevant paragraphs bolded for emphasis):

Safeguarding personal information

Lawyers

The Section of State and Local Government Law of the American Bar Association (ABA) hosted a panel on cyberbullying at the 2011 Annual Meeting.

The panelists included James Hanks of Ahlers & Cooney, Grant Bowers, Legal Counsel for the Toronto District School Board, Dr. Jeff Gardere, a psychologist from New York with expertise in mental health, and Kathy Macdonald, from the Calgary police.

The panel discussed how changes in technology have created new ways for students to bully each other, creating new legal challenges for schools and communities. Regulating cyberbullying raises significant constitutional questions, especially in the U.S., . . . [more]

As reported last week internet activist Aaron Schwartz “was charged … with sneaking into a computer closet at the Massachusetts Institute of Technology and making unauthorized downloads of more than four million journal articles” from JSTOR. While there is a long list of charges (a copy of the 15 page indictment from the US District Court can be found here), the charge that has generated the most online debate is “intentionally accesses a computer without authorization or exceeds authorized access” 18 U.S.C. § 1030(a)(2).

Academic libraries pay for access to JSTOR – an enormous repository of . . . [more]

One minor consequence of the recent phone hacking scandal in England is an increase in the use of the term “blagging,” new to me. Thus, in The Register today:

News International journalists from multiple papers persistently tried to get gossip on the former prime minister Gordon Brown by ‘blagging’ access to his bank account, legal documents and even his son’s medical records, it has been alleged.

According to the Oxford dictionaries, to “blag” is essentially:

1. trans. To obtain or achieve [something] by persuasive talk or plausible deception; to bluff, to dupe or deceive by bluffing; to scrounge, esp.

The term “brick” in computer parlance means to turn an otherwise usable computer into a useless piece of silicon and plastic. As a careful lawyer, you are already planning for disaster by performing regular backups, protecting your online and personal computer accounts with strong passwords, and so on. There are places in where your law practice software and hardware overlaps with your meatspace, where you become the cause of your law practice becoming a brick.

I liked how a panel on business continuity at the recent Law Society Solo and Small Firm Conference emphasized the mundane over the . . . [more]

From a CBC story

A website that lets people check whether their email addresses, usernames and passwords have been stolen in a cyberattack and posted online has been launched by an Australian who is a former IT security consultant.

This new website, shouldichangemypassword.com, allows concerned internet users to enter an email address and see whether it appears in stolen information posted online by groups such as Lulz Security. If an email is listed in the database of stolen data, the site will list what information among your email, username and password have been compromised, how many times it has . . . [more]

Last week I asked if Apple’s forthcoming iCloud service spells doom for Dropbox. My conclusion was no, iCloud does not pose a critical threat to Dropbox, but this week I’m worried about a new threat to Dropbox’s viability: Dropbox themselves.

Yesterday Dropbox disclosed a “bug” they’d introduced that allowed users to log into any Dropbox account using an arbitrary password. That is, if you have a Dropbox account, all a potential hacker would have to know was your e-mail address, and he would have unfettered access to your entire Dropbox.

Although the impact of the bug on users was . . . [more]

We IT consultants are sort of a mystical bunch. People don’t seem to really understand what we do or how and in many cases we get called when people are desperate because all else has failed. Not many people call me when everything is working great. I want to take this opportunity to clear up three misconceptions people have about working with consultants:

1. We usually don’t need your passwords…and just as often don’t want them.

It amazes me how often I’ll show up at a site and the client will just hand me a sheet listing everybody’s account name . . . [more]