[OPLIN 4cast] OPLIN 4cast #448: Pro-am cybersecurity

OPLIN Support support at oplin.ohio.gov
Wed Jul 29 10:30:23 EDT 2015 

    Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>  [image: OPLIN 4Cast]

OPLIN 4cast #448: Pro-am cybersecurity
July 29th, 2015

[image: cybersecurity]Last week, while this blog was scaring you with tales
of hackers-for-hire, the Google folks were presenting some interesting security
practices research
<https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf>
[pdf] at the Symposium on Usable Privacy and Security (SOUPS) in Ottawa,
Canada. The researchers conducted a survey of 231 security "experts,"
defined as someone who had at least five years experience working in or
studying computer security, and 294 non-experts recruited through Amazon's
Mechanical Turk. There were some very clear differences between the
responses of the experts and the non-experts.

   - What amateurs can learn from security pros about staying safe online
   <http://arstechnica.com/security/2015/07/what-amateurs-can-learn-from-security-pros-about-staying-safe-online/>
   (Ars Technica | Dan Goodin) "A survey found stark discrepancies in the ways
   the two groups reported keeping themselves secure. Non security experts
   listed the top security practice as using antivirus software, followed by
   using strong passwords, changing passwords frequently, visiting only known
   websites, and not sharing personal information. Security experts, by
   contrast, listed the top practice as installing software updates, followed
   by using unique passwords, using two-factor authentication, choosing strong
   passwords, and using a password manager."
   - New research: Comparing how security experts and non-experts stay safe
   online
   <http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html>
   (Google Online Security Blog | Iulia Ion, Rob Reeder, and Sunny Consolvo)
   "More broadly, our findings highlight fundamental misunderstandings about
   basic online security practices. Software updates, for example, are the
   seatbelts of online security; they make you safer, period. And yet, many
   non-experts not only overlook these as a best practice, but also mistakenly
   worry that software updates are a security *risk*."
   - Trying to keep your data safe? You're probably doing it wrong
   <http://www.npr.org/sections/alltechconsidered/2015/07/23/425502893/trying-to-keep-your-data-safe-youre-probably-doing-it-wrong>
   (NPR All Tech Considered | Aarti Shahani) "There's a similarly stark gap
   when it comes to antivirus - the software that has long been hailed as the
   all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent
   of the non-­experts surveyed say products like McAfee and Norton are key.
   But among the experts like [Gerhard] Eschelbeck [Google Vice President for
   Security Engineering], just 7 percent agree. 'Antivirus has absolutely its
   place. But it's not like the only one solution that people can and should
   rely upon,' Eschelbeck says."
   - Online security: How the experts keep safe
   <http://www.informationweek.com/it-life/online-security-how-the-experts-keep-safe/d/d-id/1321465>
   (InformationWeek | Thomas Claburn) "A third point of differentiation
   between security experts and non-experts is the use of two-factor
   authentication. Eighty-nine percent of security experts polled said they
   used two-factor authentication, compared to 69% of non-experts. Some 12% of
   non-experts said they didn't know whether they use two-factor
   authentication - which probably means they don't."

 *Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - Multi-factor authentication-It's not just buying another lock.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=cmh&AN=99233743&site=chc-live>
   (*Computers in Libraries*, Nov. 2014, p.26-27 | Jessamyn West)
   - Personal online security.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=cmh&AN=103232988&site=chc-live>
   (*Online Searcher*, May/June 2015, p.38-43 | Edward Vawter)
   - Passwords and the evolution of imperfect authentication.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=103441792&site=ehost-live>
   (*Communications of the ACM*, July 2015, p.78-87 | Joseph Bonneau,
   Cormac Herley, Paul C. Van Oorschot, and Frank Stajano)

    ------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://mail.oplin.org/mailman/listinfo/OPLIN4cast.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150729/811a316c/attachment.html>

More information about the OPLIN4cast mailing list