- Email: [email protected]
Who knows your passwords?
CFSB July.qxd
7/3/02
11:43 AM
Page 2
news Vogon, cybercrime detection is lagging behind because of lack of funds. Clive Carmichael-Jones said that electronic evidence is starting to be productive in a wide range of crimes. “As we all rely more and more on technology to organize our lives, the capture, processing, analysis and court presentation of electronic evidence is increasingly important in securing convictions for a whole raft of crimes. Not only do law enforcement agencies need to keep up with technology developments, but their paymasters need to provide sufficient funding to enable them to do a proper job, including training investigators in sophisticated computer skills. Otherwise criminals will beat them every time.” According to Gordon Stevenson from Vogon, “Criminals are not different in their need to communicate and record information. High speed communications is a key part of any commercial endeavour whether honest or otherwise. We can all sit on moral high ground until we see offices of Enron, Anderson, Xerox, Deloittes etc. being prosecuted for exactly the same crimes as the petty criminals — only mammoth scale has caused
the law to act against big business.”
Industry News
Who knows your passwords? We all know it is vital to limit password access to a few trusted key employees to certain critical applications. But in doing so is it possible to become too dependent on certain employees as things could go very wrong if employees leave, get ill etc. Think about how indispensable your company administrators are. If they are indispensable then you could have a problem. Recently the administrator responsible for archiving and managing the electronic formats of Norway's valuable historical documents died and no one else knew the vital password to get access. The archivist involved, never revealed the password to anyone else during his reign of managing Djupedal's (the original author's) titles i n a database. Remaining staff and external researchers were unable to gain access to approximately 11 000 documents. A dated program
ISSN: 1361-3723/02/$22.00 © 2002 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
was in use and public institutions that were asked for help failed to break the code. The Aasen Institute then turned to the underground for help and made an online plea for hackers to crack the password-defended database. The centre was overwhelmed with responses from benevolent hackers wanting to help. After five hours a Swedish game programmer cracked the database password. Thankfully for the Aasen Institute the password wasn't too complicated, it comprised of the authors name spelt backwards, ladepujd.
Piracy News
Piracy is rising Four out of every 10 software applications are pirated according to a survey by the Business Software Alliance. This translates to $11 billion in economic terms. The survey revealed that piracy is increasing every year, 37% in 2000 to 40% in 2001. Robert Holleyman, CEO of BSA, said "This study reinforces the need to continue working aggressively to educate consumers and law enforcement agencies around the world that piracy is theft, plain and simple,
theft that is robbing the global economy of hundreds of thousands of jobs, billions of dollars in wages and tax revenues. North America had the lowest piracy rate at 26% with Western Europe coming in second. The highest incident of piracy occurs in Vietnam with 94%, followed closely by China with 94%. The rest of the top 10 piracy culprits comprised of Indonesia, Ukraine, Russia, Pakistan, Lebanon, Qatar, Nicaragua and Bolivia respectively. According to Hollyman this is the first time the survey demonstrated an increase in piracy for two years running. BSA has already collected $5.8 million from lawsuits already during 2002. It is worth remembering that most businesses do not intend to cheat software producers. Companies may not be aware of the legal dangers in running illegal software and may not even be aware that they are doing so. According to David Duke from Cryptic Software, any responsible organization should keep up to date records of its software deployment and license purchases. The solution to this problem, involving either a technical or policybased approach, is to find the unknown, i.e. what is actually installed rather than the known.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd
7/3/02
11:43 AM
Page 2
news Vogon, cybercrime detection is lagging behind because of lack of funds. Clive Carmichael-Jones said that electronic evidence is starting to be productive in a wide range of crimes. “As we all rely more and more on technology to organize our lives, the capture, processing, analysis and court presentation of electronic evidence is increasingly important in securing convictions for a whole raft of crimes. Not only do law enforcement agencies need to keep up with technology developments, but their paymasters need to provide sufficient funding to enable them to do a proper job, including training investigators in sophisticated computer skills. Otherwise criminals will beat them every time.” According to Gordon Stevenson from Vogon, “Criminals are not different in their need to communicate and record information. High speed communications is a key part of any commercial endeavour whether honest or otherwise. We can all sit on moral high ground until we see offices of Enron, Anderson, Xerox, Deloittes etc. being prosecuted for exactly the same crimes as the petty criminals — only mammoth scale has caused
the law to act against big business.”
Industry News
Who knows your passwords? We all know it is vital to limit password access to a few trusted key employees to certain critical applications. But in doing so is it possible to become too dependent on certain employees as things could go very wrong if employees leave, get ill etc. Think about how indispensable your company administrators are. If they are indispensable then you could have a problem. Recently the administrator responsible for archiving and managing the electronic formats of Norway's valuable historical documents died and no one else knew the vital password to get access. The archivist involved, never revealed the password to anyone else during his reign of managing Djupedal's (the original author's) titles i n a database. Remaining staff and external researchers were unable to gain access to approximately 11 000 documents. A dated program
ISSN: 1361-3723/02/$22.00 © 2002 Elsevier Science Ltd. All rights reserved. This journal and the individual contributions contained in it are protected under copyright by Elsevier Science Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. Permissions may be sought directly from Elsevier Science Rights & Permissions Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@ elsevier.com. You may also contact Rights & Permissions directly through Elsevier’s home page (http://www.elsevier.com), selecting first ‘Customer Support’, then ‘General Information’, then ‘Permissions Query Form’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (978) 7508400, fax: (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) 207 436 5931; fax: (+44) 207 436 3986. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal
2
was in use and public institutions that were asked for help failed to break the code. The Aasen Institute then turned to the underground for help and made an online plea for hackers to crack the password-defended database. The centre was overwhelmed with responses from benevolent hackers wanting to help. After five hours a Swedish game programmer cracked the database password. Thankfully for the Aasen Institute the password wasn't too complicated, it comprised of the authors name spelt backwards, ladepujd.
Piracy News
Piracy is rising Four out of every 10 software applications are pirated according to a survey by the Business Software Alliance. This translates to $11 billion in economic terms. The survey revealed that piracy is increasing every year, 37% in 2000 to 40% in 2001. Robert Holleyman, CEO of BSA, said "This study reinforces the need to continue working aggressively to educate consumers and law enforcement agencies around the world that piracy is theft, plain and simple,
theft that is robbing the global economy of hundreds of thousands of jobs, billions of dollars in wages and tax revenues. North America had the lowest piracy rate at 26% with Western Europe coming in second. The highest incident of piracy occurs in Vietnam with 94%, followed closely by China with 94%. The rest of the top 10 piracy culprits comprised of Indonesia, Ukraine, Russia, Pakistan, Lebanon, Qatar, Nicaragua and Bolivia respectively. According to Hollyman this is the first time the survey demonstrated an increase in piracy for two years running. BSA has already collected $5.8 million from lawsuits already during 2002. It is worth remembering that most businesses do not intend to cheat software producers. Companies may not be aware of the legal dangers in running illegal software and may not even be aware that they are doing so. According to David Duke from Cryptic Software, any responsible organization should keep up to date records of its software deployment and license purchases. The solution to this problem, involving either a technical or policybased approach, is to find the unknown, i.e. what is actually installed rather than the known.
circulation within their institutions. Permission of the publisher is required for resale or distribution outside the institution. Permission of the publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Contact the publisher at the address indicated. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the publisher. Address permissions requests to: Elsevier Science Rights & Permissions Department, at the mail, fax and email addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by Mayfield Press (Oxford) Ltd