CBC is reporting that Facebook was hacked again. While it doesn’t look like huge numbers of accounts were compromised, it is worth changing your password to protect yourself.

And regardless of whether your account was compromised or not, changing your passwords regularly is one of the best things you can do to protect your online identities and accounts. You can learn about other password best practices in this article from Law Practice magazine. . . . [more]

In April 2010, Terry Childs, a former IT employee with the City of San Francisco was sentenced to four years in prison for blocking access to the city’s network (which he designed) and refusing to turn over the passwords. It took Childs...

by Ryan Mattinson*

To begin, we need to briefly clarify some geek speak. ‘War-driving’ is the act of driving around with a laptop, antenna and often a GPS transceiver, in order to search for and record information about Wi-Fi access points such as SSID (name), BSSID (MAC address), signal strength, etc. and associating this information with GPS coordinates. War-driving requires only the passive collection of information contained in Wi-Fi beacons. These are signals transmitted at regular, frequent intervals by both secure and open access points, even when configured to hide their network name. This is necessary to . . . [more]

Sony responded today to the theft of data from Playstations in a press release today.

The breach earlier this month was one of the largest in history, and involved names, addresses, and potentially credit card information for up to 77 million users. Sony claims any credit card information would have been encrypted, limiting the use of the sensitive data to the hackers.

A number of governments are already inquiring into the breach, and there is talk of civil actions as well. Users were particularly upset that they were not informed of the breach immediately.

Sony thanked customers for their loyalty, . . . [more]

In a recently released report, “National Strategy for Trusted Identities in Cyberspace” [PDF], the White House proposes the creation of a voluntary system in which citizens, government agencies, and businesses could register, permitting the secure provision of multiple services and commercial transactions. From the executive summary:

In the current online environment, individuals are asked to maintain dozens of different usernames and passwords, one for each website with which they interact The complexity of this approach is a burden to individuals, and it encourages behavior—like the reuse of passwords—that makes online fraud and identity theft easier At the same

. . . [more]

Here on Slaw we pretty much take for granted some of the basics of IT, prime among which might be the value of a website to practicing lawyers. But, of course, it’s just not the case that all lawyers have—and make good use of—websites. So for those of you who fall into that category (or who have a friend who does) here’s a little something.

As it happens, I’m at the ABA Techschow in Chicago listening to Slaw’s Steve Matthews explain the basics with respect to the necessary infrastructure, Website 101: Build and Rebuild.

Domain names
Use short, memorable . . . [more]

Hackers and cybercriminals have been having a field day recently. Even big oil companies with expansive security budgets can’t keep the bad guys out. In an operation dubbed “Night Dragon” by security company McAfee, Chinese hackers have been targeting several global oil and energy companies since November of 2009, in an attempt to steal sensitive proprietary information about oil and gas field bids and operations. You would think that oil companies would have first class security and defense-in-depth. Apparently, not so.

Law firms should take these attacks against big oil as a warning – and should bear in mind the . . . [more]

The Canadian Privacy Commissioner’s most recent newsletter refers to a document entitled “Data at Your Fingertips: Biometrics and the Challenges to Privacy“. 

I believe that biometrics will ultimately be the right solution for authentication and identification, and will help reduce the use of passwords which, lets face it, are very difficult in practice to use to their best theoretical effectiveness.

There are however challenges in using biometrics relating to privacy and identity theft.

The document starts off by saying:

Canadians are witnessing a growing interest among government and private-sector organizations in adopting systems that use biometric characteristics to

. . . [more]

WordPress is one of best examples of an open-source community delivering a feature rich and market-leading product. From lawyer blogs to law firm websites, it has become as popular within the legal community as it has elsewhere. But the benefits of open-source software ownership inevitably come with some requisite cautionary advice.

Last January, I wrote about a hacking trend whereby automated scripts test every word in the dictionary trying to gain access to your WordPress administration password. This is a problem, not least because at least 55% of all content management system (CMS) installs operate on WordPress. 

It’s becoming clear . . . [more]

Law firms deal with some of the most confidential and sensitive data in society and yet so many of them have such lax policies on information security. There are some simple things you can do to dramatically improve your information security and they don’t require you to purchase expensive gear.

Keep Your Passwords Your Own

I can’t tell you how many times I’ve been at a firm and heard an attorney come out of their office and say “Patty, I’m going to Phoenix for a couple of days to meet with Acme Co. Check my e-mail while I’m away; my . . . [more]

I attended a webinar today by the CBA entitled Safeguarding your Client’s Confidential Information – Tips and Traps. Presented by David Fraser and Dominic Jaar.

 Here are some of the highlights.

Quote from security expert Bruce Schneier:

“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.”

This is primarily a people issue – requires training and understanding. It’s not just about technology. . . . [more]

Yes, there are plenty of ways you can compromise your online identity by (mis-) using a dating website. A scenario not everyone considers, however, is having your password stolen and used to hijack other aspects of your online identity.

If this sounds like a nightmare scenario, it is. And it happened to over 300 users of popular Vancouver-based dating website PlentyOfFish.com last week when a hacker compromised the site’s security and retrieved real names, passwords and e-mail addresses for a small subset of the site’s 11,000,000 users.

The breach highlights an error that PlentyOfFish and many other websites make: storing . . . [more]