Criminal Law Library Blog

Library of Congress Report: Information Technology Strategic Planning: A Well Developed Framework is Essential to Support the Library's Current and Future Information Technology (IT) Needs
The Library of Congress Office of the Inspector General.

Library-Wide

Report No. 2008-PA-105

March 2009.

"The intent of this review was to access the effectiveness of information technology (IT) strategic planning at the Library of Congress (LC), , to evaluate whether the Office of Strategic Initiatives (OSI) Strategic Plan supports and implements the Library's Strategic Plan as it pertains to the IT infrastructure, the Library Office of the Inspector General (OIG) contracted with A-TECH Systems, Inc."

Findings discussed in the Report includes observations under the following categories in the order mentioned:

1. Strategic Plan Process.

2. IT Investment Process.

3. Organizational Structure.

4. Customer Service.

There are many observations of general value in this Report. As someone who is both interested and concerned about the strategic planning process , the following observations on page 8 caught my attention:

"We do not agree with the decision of the Library's leadership to make strategic planning a management-only activity. We suggest that the Library allow line employees to actively participate in the strategic planning process. The Library Strategic Plan should be part of line employees as well as management training programs. Execution of strategic planning objectives whould be tied to line employees performance plans...."

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , David Badertscher , Information Technology , Library Organization and Planning , U.S. Federal Government Information

Bookmark:

http://www.msisac.org/April 2009 Volume 2 Number 4.

From the Desk of David Badertscher

The use of credit cards to pay for goods and services is a common practice around the world. It enables business to be transacted in a convenient and cost effective manner. However, more than 100 million personally-identifiable, customer records have been breached in the US over the past two years[1]. Many of these breaches involved credit card information. Continued use of credits cards requires confidence by consumers that their transaction and credit card information are secure. The following provides information as to how the credit card industry has responded to security issues and steps you can take to protect your information.

Who regulates the security of credit card transactions?

The Payment Card Industry (PCI) Security Standards Council developed standards and policies that must be met by all vendors which accept credit card transactions. The Council’s members include American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International. The Council created an industry-wide, global framework that details how companies handle credit card data – specifically, banks, merchants and payment processors. The result was the Payment Card Industry (PCI) Data Security Standard (DSS)[2], a set of best practice requirements for protecting credit card data throughout the information lifecycle.

The PCI compliance security standards outline technical and operational requirements created to help organizations prevent credit card fraud, hacking and various other security vulnerabilities and threats.

The PCI DSS requirements are applicable if a credit card number is stored, processed, or transmitted. The major credit card companies require compliance with PCI DSS rules via contracts with merchants and their vendors that accept and process credit cards. Banks, merchants and payment processors must approach PCI DSS compliance as an ongoing effort. Compliance must be validated annually, and companies must be prepared to address new aspects of the standard as it evolves based on emerging technologies and threats.

How is my credit card information protected?

The PCI standards detail what protective measures are required regarding the string and transmission of credit card information. For electronic Point of Sale (POS) transactions, the information is encrypted and transmitted directly to the credit card processor. For an online transaction, the merchant is required to have a secure server and an encrypted connection to the customer. Access to credit card information is restricted based on a business need-to-know. The standards include guidelines for developing and maintaining secure systems and applications. Recent focus includes heightened security requirements for wireless networks due to the jump in the use of wireless POS terminals.

What if a merchant does not follow the standards?

If a member, merchant, or service provider does not comply with the security requirements or fails to rectify a security issue, they may face fines up to $500,000 per incident or restrictions imposed by the credit card companies, including denying their ability to accept or process credit card transactions.

What can I do to secure my credit card information?

You can help secure your credit card information by adhering to the following guidelines:

Don't respond to email or pop-up messages. If you get an email or pop-up message while you're browsing, don't reply or click on the link in the message or any attachments, especially if personal or financial information is requested. Legitimate organizations don't ask for this information in these ways.

Guard the security of your transaction. When purchasing online, look for the "lock" icon on the browser's status bar and be sure "https" or "s-http" appears in the website's address bar. The "s" stands for "secure."

Use temporary account authorizations when available. Some credit card companies offer virtual or temporary credit card authorization numbers. This kind of service gives you use of a secure and unique account number for each online transaction. These numbers are often issued for a short period of time and cannot be used after that period. Contact your credit card company to see if they offer this service.

Limit your online shopping to merchants you know and trust. If you have questions about a merchant, verify it with the Better Business Bureau or the Federal Trade Commission..

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Security Newsletter , Information Technology , Technology News

Bookmark:

"A new zero-day remote code execution vulnerability has come to light, this time affecting Microsoft Office PowerPoint.

The software giant has issued a security advisory about the potential exploit, which affects older Microsoft Office versions up through Office 2003. The current flagship Office 2007 product is not vulnerable."

For more details see article by Jabulani Lefall, "PowerPoint Security Bug Found in Office 2003" at:

http://gcn.com/articles/2009/04/06/powerpoint-flaw.aspx?s=gcndaily_070409

Posted by David Badertscher | Permalink | Email This Post

Posted In: Information Technology , Technology News

Bookmark:

From: Findlaw Case Summaries, Second Circuit U.S. Court of Appeals:

CYBERSPACE LAW, INTELLECTUAL PROPERTY, TRADEMARK

Rescuecom Corp. v. Google Inc. , No. 06-4881

In an action brought under the Lanham Act for trademark infringement, false designation of origin, and dilution, the district court's dismissal for failure to state a claim is reversed and remanded where plaintiff's allegations that Google's recommendation and sale of its mark to Google's advertisers, so as to trigger the appearance of their advertisements and links in a manner likely to cause consumer confusion when a Google user launches a search of plaintiff's trademark, defendant made a use in commerce of the plaintiff's trademark, properly alleges a claim under the Lanham Act.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Court Decisions , Information Technology , U.S. Second Circuit Court of Appeals

Bookmark:

The new Information and Communications Index of the International Telecommunications Union (ITU) compares developments in information and communication technologies (ICT) in 154 countries over a five year period from 2002 to 2007.

The Index combines 11 indicators into a single measure that can be
used as a benchmarking tool globally, regionally and at the country
level. These are related to ICT access, use and skills, such as
households with a computer the number of Internet users; and literacy
levels.

The Index identifies the most advanced countries in ICT as from
Northern Europe, with the exception of the Republic of Korea. Sweden
tops the new Index, followed by Korea, Denmark, the Netherlands,
Iceland, and Norway. They are followed by other, mainly high-income
countries from Europe, Asia, and North America. Western and Northern
Europe and North America are the regions with the highest IDI scores,
and most countries from these regions are among the top twenty ICT
economies. Poor countries, in particular the least developed
countries, remain at the lower end of the index with limited access to
ICT infrastructure, including fixed and mobile telephony, Internet and
broadband.

Globally speaking, most progress has been made on ICT access, which
includes fixed and mobile telephony, Internet bandwidth, and
households with computers and Internet. In terms of ICT use, which
includes the number of Internet users, fixed and mobile broadband,
progress has been much slower. In particular broadband, a more recent
technology, still has to take off in many countries.

For further details of the full report, see the ITU press release on
their website:

http://www.itu.int/newsroom/press_releases/2009/07.html

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , News from Organizations , Publication Announcements and Reviews

Bookmark:

March 2009 Volume 2 Number 3.

Social Networking Sites: How To Stay Safe

From the Desk of David G. Badertscher

The popularity of social networking sites--such as MySpace, Facebook, Twitter and others--has exploded in recent years, with usage in the United States increasing 93% since 2006, according to Netpop Research. The sites are popular not only with teenagers, but with adults as well: the number of adult Internet users having a social networking profile has more than quadrupled in the past four years, according the Pew Internet & American Life Project.

While there are many positive aspects of using social networking sites, it is also important to understand the potential security risks and know what precautions to take to protect yourself and your information.

What are social networking sites?

Social networking sites are online communities of Internet users who want to communicate with other users about areas of mutual interest, whether from a personal, business or academic perspective. The specific functionality of the various sites may differ, but in general, the sites allow you to provide information about yourself and communicate with others through email, chat rooms and other forums.

What are the security concerns of social networking sites?

Social network sites are growing in popularity as attack vectors because of the volume of users and the amount of personal information that is posted. The nature of social networking sites encourages you to post personal information. Because of the perceived anonymity and false sense of security of the Internet, users may provide more information about themselves and their life online than they would to a stranger in person.

The information you post online could be used by those with malicious intent to conduct social engineering scams and attempt to steal your identity or access your financial data. In addition, the sites are increasingly sources of worms, viruses and other malicious code. You may be prompted to click on a video on someone’s page, which could bring you to a malicious website, for example. If you are accessing a site that has malicious code your machine could become infected. For examples of some common social networking scams, visit the Council of Better Business Bureaus.

It’s also important to realize that information you post can be viewed by a broad audience, and could have lasting implications. College admissions officers and school administrators, for example, do visit these sites and in some cases, admissions have been denied to applicants, or disciplinary actions have been taken because of information or photos posted online. Employers also review these sites for information about potential job applicants.

What can you do to protect yourself?

Make sure your computer is protected before visiting sites – make sure you have a firewall and anti-virus software on your computer and that it is up-to-date. Keep your operating system up-to-date as well.

Do not assume you are in a trusted environment – just because you are on someone’s page you know, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code.

Be cautious in how much personal information you provide - remember that the more information you post, the easier it may be for an attacker to use that information to steal your identity or access your data.

Use common sense when communicating with users you DO know – confirm electronic requests for loans or donations from your social networking friends and associates. The communications could be from someone who has stolen the credentials of the person you know with the intent of scamming as many people as possible.

Use common sense when communicating with users you DON’T know – be cautious about whom you allow to contact you or how much and what type of information you share with strangers online.

Understand what information is collected and shared – pay attention to the policies and terms of the sites; they may be sharing your email address or other details with other companies.
Make sure you know what sites your child is visiting - be involved in your child’s activities and know with whom he/she is communicating and what information is being posted by them, or about them by others.

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

ADDITIONAL NEWS:

New York City Cyber Security Summit
May 4, 2009

"The City of New York is committed to providing a secure information technology environment and to the protection of private information collected from the public. People are part of that solution, and as a City employee, your understanding and commitment to good security practices go a long way to bolster a secure computing environment. Therefore, I invite you to participate in the second annual NYC Cybersecurity Summit, where we can explore ways to secure information used by the City as we provide municipal services."

- Dan Srebnick, Associate Commissioner, IT Security & Chief Information Security Officer, Department of Information Technology and Telecommunications (DoITT), City of New York
________________________________

Choosing the Right Hardware and Software for Data Protection Solution
Compliments of Infoworld and HP.

"The latest white paper from the Mesabi Group explores the challenge facing many businesses in deciding what combination of software-hardware best meets their needs for data protection, storage, and business needs. There are a number of good options available and, as data protection grows more complicated each day, businesses should review their data protection from the ground up."

To see the white paper click on the link below:

Commentary: Choosing the Right Hardware and Software for Data Protection Solutions

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Conferences, Seminars and Webinars , Information Security Newsletter , Information Technology

Bookmark:

Written by: Ira Winkler March 24, 2009. For the Internet Revolution Blog:

"The 'CSI Effect' is what people call juror expectations of forensic evidence that unequivocally proves the defendant guilty. Unfortunately, there is now a "Twitter Effect," where defense attorneys hope for mistrials because jurors just can't control themselves and have to tweet what’s going on inside courtrooms or deliberation areas...." See entire posting at:

http://www.internetevolution.com/author.asp?section_id=515&doc_id=173990&

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Technology News

Bookmark:

The Legal Division Quarterly is the Newsletter of the Legal Division of the Special Libraries Association:

The 2009 Winter/Spring issue of the Legal Division Quarterly is now online at:
http://units.sla.org/division/dleg/Newsletter/LDQ%20Winter%20Spring%20v16n1&2.pdf

In this issue:

Get Your Intranet Engines Started
David Whelan

Editor's Notes
Liz Smith

From the Board Room
Martha Foote

Seminar Review: Sylvia James--Researching Private Equity
Anthony McGrath

Legal Bytes: Time Recording for Librarians
Devin GawneMark

SLA Legal Division Programs 2009: Shaping YOUR Future
Cindy Carlson

Legal Division's 2009 Travel Grants
Marilyn Bromley

Membership Update
Geri Heberlie

Legal Division Archives Needs You(r stuff)
Anne Abate, Ph.D.

Free Case Law Websites and the Private Law Firm Library
Tracy Z. Maleef

Water Cooler--Whiteboards Rock!
Constance Ard

International Corner--Letter From Australia
Miz Brmbota

Correction--Conference Review "Ethical Competitive Intelligence"
Katherine K. Coolidge

SLA Adds New Dues Tier for Info Pros Making Less than $18K

Copyright Certificate Program
_________________________________
Many thanks to Liz Smith, M.L.S. at Sites & Harbison PLLC, Lexington, Ky for bringing our attention to the availability of this issue.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research , Library Technical Services

Bookmark:

Stories about popular, exciting topics, often appear almost together , sometimes on the same day. On March 13 two stories published in the InformationWeek Daily Newsletter caught our attention and we wanted to pass them on to our readers:

In "The Intruder Story: Man At His Best", Michael Hickins writes:

"As far as I'm concerned, David Prager is a hero. I would love to meet the man with enough sangfroid (that's French for cojones) to Tweet and to even set up a Ustream of the event, all while reflecting on the relative degree of danger in which he found himself."

The second story, "Twitter's Future Looks More Social that Commercial," by Thomas Claburn is more of a discussion about the direction Twitter developments eeem to be taking and how this relates to the evolution of Facebook and other social networks. Discussing information in a recent industry report about social networks, he writes:

" 'Twitter sent nearly one in five downstream visits to Social Networks and one in five to Entertainment Web sites in February,' said Hitwise's Heather Hopkins in a blog post. 'The top Social Networks visited after Twitter were, not surprisingly, Facebook and MySpace, followed by the Twitter Search page and YouTube.'" Claburn also observes that "when Twitter grows up, its not clear what it will be."

We think Twotter fans, and even those with only a passing interest, will find these articles informatiove and perhaps enertaining. Click on the titles to reach the entire articles.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Technology News

Bookmark:

QUESTION*

For courts who have translated their public website into the Spanish
and/or Vietnamese languages:

Do you have a Spanish and/or Vietnamese version of your court public
website?

Do you have statistics on number of visitors by language that you can
share?

Have you conducted a cost/benefit analysis or impact report?

SOME RESPONSES:

There are several multi-lingual court websites on the Top 10 list of winners, but the most recent are:

District of Columbia Ccourts
http://www.dccourts.gov/dccourts/index.jsp
They do have a Vietnamese translation

NY Courts
http://www.courts.state.ny.us/
They do not have a Vietnamese choice

Rhode Island Courts
http://www.courts.state.ri.us/
They do not have a Vietnamese choice

Check out the whole list, including 10 years of archived winners at:

http://justiceserved.com/top10sites.cfm

Also, one note of caution ... merely plugging in Bablefish.com or some other online translation service is not sufficient for most courts as legal terms do not always translate well.
_____________________________________

To get empirical information on this issue would be great. Too often we
assume that those whom we are trying to reach are literate in their
native language, which is not always the case (for example, the third
wave of Vietnamese immigrants to the San Diego area, who came from rural
areas/refugee camps and from an entirely oral culture). And similarly,
in areas with longstanding immigrant communities (e.g., San Joaquin,
CA), it is also not uncommon for there to be a high level of
bilingualism, making the need for translated materials less critical as
a matter of choice by those folks (we printed lots of Spanish-language
survey forms, but few people used them, taking the English one instead).

The CA AOC Self Help Web site is available in both English and Spanish,
it would be interesting to know what the data say about frequency of
use.
_____________________________________

I am writing an article on my experience translating portions of the Indiana Code. The point I am making is that since the Spanish version (or any other language for that matter) of certain legal document does not have legal force like in Canada, for example, the purpose of the translated version can be different from the source document. This is called skopos theory - an oldie in translation studies but still applicable. The translation can be made in a way that serves a specific purpose, for example informing the public. [.......] makes a good point: knowing the target reader helps deterring the register of the translated version should have.

As for forms and other types of document, I think user often pick the English original because they understand English more than they speak. Quality of the translation may be another factor.
_____________________________________

We are in the process of translating our entire Virtual Self Help Law
Center website into Spanish. We have good analytics on the site, and so
will be able to provide this community with some information on website
traffic, as well as the anecdotal information from clerks, self help
attorneys, and judges about whether they are noticing any impacts at the
window, in the self help center, and in the courtroom. Most likely,
these statistics should become meaningful by fall.

The website (in English) is at: www.cc-courthelp.org

______________________________________

The Superior Court of California, Santa Clara has also translated their self-help website into Spanish and Vietnamese.

The California Courts self-help website www.sucorte.ca.gov makes a special effort to use the Spanish that we hear used in the courtrooms. It is translated by certified translators and reviewed by a fully bilingual - native Spanish-speaking California attorney with a wonderful background in providing a variety of self-help services.
______________________________________

Connecticut has a growing number of its Web pages in Spanish. The top visits for our most recent available month (November 2008) are:

Spanish Pages:

Spanish home page http://www.jud.ct.gov/espanol.htm - 1,100 visits for the month, #110 in top 200 pages

Spanish Traffic FAQs http://www.jud.ct.gov/faq/sp/ - 596 visits for the month, #186 in top 200 pages

Spanish Publication Downloads:

http://www.jud.ct.gov/Publications/Spanish/es211S.pdf - 624 downloads, #65 of top 200 downloads
(A Child Needs Emotional and Financial Support of Both Parents)

http://www.jud.ct.gov/Publications/Spanish/HM015S.pdf - 311 downloads, #123 of top 200 downloads
(A Tenant's Guide to Summary Process (Eviction))

http://www.jud.ct.gov/Publications/Spanish/HM031s.pdf - 309 downloads, #125 of top 200 downloads
(Rights and Responsibilities of Landlords and Tenants in Connecticut)

http://www.jud.ct.gov/external/kids/ColoringBook/JDP_ES_189S.pdf - 230 downloads, #169 of top 200 downloads
(Coloring Book)

______________________________________

*In deference to requests from some readers I have deleted all references to personal names in the above responses. I have however preserved references to geographical areas and to speciific web sites to add relevance to the responses.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research , The Judiciary

Bookmark:

BY:Lynch, C.G. CIO , February 19, 2009.
Excerpt:

"As potential employers or recruiters peruse your work experience on LinkedIn, recommendations from past and present colleagues can be one of the most helpful features to help communicate your value. Here's five tips for doing the most good for yourself with LinkedIn recommendations."

To see the complete article click on the link below:

LinkedIn Recommendations: Five Ways to Make The Most of Them

See also:

About Linkedin

The Linkedin Blog

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology

Bookmark:

The Future of Today's Legal Scholarship:
A Symposium in Honor of Bob Oakley
July 25, 2009
Georgetown University Law Center
Georgetown Law Library
About The Future of Today's Scholarship: A Symposium in Honor of Bob Oakley

The time to debate the role of blogs in legal scholarship has passed. As we approach the end of the first decade of the 21st century, one of our oldest and most conservative disciplines has clearly embraced the era of electronic publishing. Blogging has indeed transformed legal scholarship. Now it's time to move the dialogue forward.

The Future of Today's Legal Scholarship is a symposium that brings together academic bloggers, law librarians, and experts in preservation to tackle the bigger, more imperative challenges that will influence legal scholarship and democratic access to legal information for generations to come.

We must determine how to prioritize, collect, archive, preserve, and ensure reliable long-term access to the burgeoning amount of legal scholarship being published through new, informal channels on the Web.

The Future of Today's Legal Scholarship aims to accomplish this objective through non-conventional means. This symposium is an active, idea-based exchange inviting the participation and contribution of attendees alongside that of expert presenters and panelists.

This unique symposium will seek answers to the questions:

1. How can quality academic scholarship reliably be discovered?
2. How can future researchers be assured of perpetual access to the information currently available in blogs?
3. How can any researcher be confident that documents posted to blogs are genuine?

The symposium will include a working group break-out session to create a uniform standard for preservation of blogs, a document to be shared by bloggers and librarians alike.

Laura E. Campbell of LC and Linda Frueh of the Internet Archive are scheduled to participate. The Law Library of Congress has initiated and led a project in that Library to capture scholarly legal blogs. They expect to make them available on the website by the end of this month.

For more information about The Future of Today's Legal Scholarship Symposium, contact:

Jennifer Locke Davitt
Head of Faculty Services
Georgetown Law Library
(202) 662-9145
jnl8@law.georgetown.edu

or

Kumar Percy Jayasuriya
Associate Librarian for Patron Services
Georgetown Law Library
(202) 662-9151
kumarj@law.georgetown.edu

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Conferences, Seminars and Webinars , Information Technology , Library News and Views , Library Organization and Planning

Bookmark:

The Internet in 2009 is undergoing the most significant set of changes of its entire history, ccording to one of the men who helped create it, Dr. Vint Cerf. At the official opening of the Internet Society's (ISOC) new offices in Geneva, on 26 February, Dr Cerf explained that
technical developments in the Internet's addressing system and the introduction of internationalised domain names are significant milestones.

Such statements carry weight, coming from the man who, in 1972, was one of the inventors of the Transmission Control Protocol (TCP) and the Internet Protocol (IP), two critical technologies that remain at the heart of the Internet today. In addition to his technical
achievements, Dr. Cerf was also one of the founders of ISOC, an international non-profit organisation dedicated to ensuring the open development, evolution, and use of the Internet for the benefit of people throughout the world.

Jon McNerney, ISOC's Chief Operating Officer, paid tribute to Dr. Cerf: "As ISOC reaches out to bring the next billions of users online, we can be sure that the Internet they join will be bigger, more mobile, and more multilingual than ever before. This is very much thanks to the visionary decisions of Vint and his contemporaries to aim for open architectures, open andards, and an inclusive model of development."

Despite the technical challenges, Dr Cerf spoke of his great optimism for the future of the network and Internet applications. "We've now had 35 years of Internet development. It's been an exciting ride, but it's not over yet."

As the Internet expands, nothing is more important than getting the policy right," said Dr. Cerf. While noting that, as in other fields, abuses of the technology do happen, Dr. Cerf explained that technical measures cannot always stop the bad things, which is why governance is
so important.

"The Internet Society's role as a policy commentator and influencer is central," he said.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Conferences, Seminars and Webinars , Information Technology , Library Organization and Planning

Bookmark:

Legal Information Systems & Legal Informatics Resources, http://home.comcast.net/~richards1000/LegalInformationSystemsBibliography.htm , has been updated with new content. This site aggregates resources of interest to those conducting research on legal information systems. Materials listed include the following:

• Articles, Preprints, Journals, Blogs, and Indexes
• Conferences and Conference Proceedings
• Dissertations & Theses
• Departments, Research Centers, Research Projects, and Organizations
• Copyright, Licensing, and Open Access
• Metadata, Knowledge Representation, and Systems Design
• Preservation
• Digital Libraries & Institutional Repositories
• CALR & Publishers
• Knowledge Management
• Court Technology
• Law Practice Technology

Comments and suggestions are welcome. Richard can be contacted at richards1000@comcast.net .

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library News and Views , Library Organization and Planning , Library Technical Services

Bookmark:

The American Association of Law Libraries (AALL) is proud to announce it is adopting a new, powerful, state-of-the-art learning technology, which will provide a new learning gateway to all AALL members.

The new Ed2Go @AALLNET site will provide members with:

Online access to the AALL Annual Meeting program recordings, as well as archived Webinars, audio recordings, and video recordings

Continuing educational program handouts distributed electronically, adding convenience in an environmentally-friendly way

Advanced search capabilities, which will allow you to focus on your key areas of interest with maximum flexibility to find the materials where and when you need them

Online profiles so you can keep track of the continuing education programs in which you participate and determine areas where you need more education

Stay tuned to the AALL E-Newsletter for more news about when the Ed2Go @AALLNET site will be available

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library News and Views , Questions and Answers

Bookmark:

February 2009 Volume 2 Number 2.

CLLB Information Security Newsletter

Monthly Cyber Security Tips
NEWSLETTER

February 2009
Volume 2, Issue 2

Cyber Security Trends for 2009

From the Desk of David Badertscher

The volume and complexity of cyber threats continue to increase. More of our activities—whether at home, school or work—involve computers and the Internet—in fact, in the not-too-distant future, your household appliances may be computerized and controlled remotely from your PDAs; simultaneously, the knowledge required to launch a successful attack continues to decrease. As we develop more defenses, the cyber criminals and hackers come up with new ways to attack our computers. These factors create an environment in which vigilance on a daily basis is required to help mitigate the risks. Threats such as identity theft, worms and viruses, loss of sensitive information and other malicious activity are part of an ever-evolving cyber security threat landscape.

Some of the key challenges we are facing in 2009 focus on application security. Application security is a crucial layer in a multi-tiered cyber security strategy. Building security in at the beginning of development is an important factor in minimizing potential vulnerabilities. We’ve seen the results when vulnerabilities in web applications are exploited, leading to SQL injection attacks, cross-site scripting and other malicious activity.

Cyber criminals take advantage of commercial web sites that have poor security to add code to the web site without the knowledge of the web hosting company. That code may silently re-direct the user’s computer to another site which will download malware to the user’s computer, without the user’s knowledge; the attackers may also add a script to the site that will automatically execute on the user’s computer.

Another alarming trend continues to be the evolution of cyber crime, which has morphed from fairly innocuous web-site hacking and “graffiti” attacks to organized crime syndicates seeking profit. Cybercrime is now big business. Attackers now want your credit card and other financial information as well as your social security number. According to a recent study by McAfee, the global cost of cyber crime due to identity theft and data breaches is an estimated $1 trillion dollars. Many data thefts are orchestrated by organized crime, both in the U.S. and abroad.

The economic recession is another factor that may impact cyber security challenges. The risks due to insider threats are another major concern, and are expected to increase due to the economic downturn. Additionally, phishing scams and other social engineering attacks will increase, as attackers try to take advantage of bank closings, claims for “easy credit” or other online scams. Phishing attempts are no longer easily detected based on misspelled words in the email scam, or claims of large sums of money left to you in some foreign location, for example. The phishing scams are becoming more targeted and more “realistic” in appearance.

Holidays and major news events are still popular vehicles for compromising computers. Valentine’s Day is this month and email messages are already circulating that will infect a user’s computer when the message is clicked. Once the computer is infected, the malware will attempt to capture the user’s personal information and transmit it to the cyber criminals.

What can be done to make to protect my computer and my personal information?

Good security is implemented through a multi-layer approach. Users can minimize risk by following the recommendations below:

· Install and maintain a firewall.

· Use anti-virus and anti-spyware software and set them to auto-update.

· Keep operating system and other software up-to-date by enabling the auto-update feature.

· Be cautious about all communications; think before you click. If an email appears to be a phishing communication, do not respond. Delete it.

· Do not open email or related attachments from untrusted sources.

· If you receive an email appearing to be from a legitimate business, requesting the submission of personal information, it is most likely a scam. Legitimate businesses do not send emails requesting personal information.

For additional information on protecting yourself from the latest cyber threats, please visit:

Phishing: How to Avoid Getting Hooked! www.msisac.org/awareness/news/2008-10.cfm
Web Browser Attacks www.msisac.org/awareness/news/2008-10.cfm

Online Shopping www.msisac.org/awareness/news/2007-12.cfm
Top Ten Cyber Security Tips www.msisac.org/awareness/news/2006-10.cfm

Brought to you by:

www.msisac.org

More News from the February 24, 2009 issue of SC Magazine:

Visa confirms another payment processor breach
Dan Kaplan February 23, 2009
Visa has confirmed that yet another payment processor has been hit by hackers.

Microsoft says password stealers pose biggest threat
Angela Moscaritolo February 20, 2009
The top two threat families on Microsoft's detection and removal list this month are online game password stealers. These threats are now predominantly occurring in the United States -- a shift from last June when they mostly were detected in China.

Senate report calls for new U.S. cybersecurity effort
Chuck Miller February 20, 2009
A new report released this week by the U.S. Senate's Homeland Security and Governmental Affairs Committee calls for a concerted national effort to overcome cybersecurity threats to the United States.

New Symbian mobile malware in the wild
Angela Moscaritolo February 20, 2009
A new worm is spreading in the wild, targeting mobile devices running Nokia's Symbian OS.

Government travel site hacked, remains shuttered
Greg Masters February 19, 2009
A government travel website used by a dozen federal agencies has been hacked and remains shuttered.

New Sality variant contains moneymaking twist
Angela Moscaritolo February 19, 2009
The newest variant of the Sality virus combines a little bit of old and a little bit of new to infect users.

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture.

Posted by David Badertscher | Permalink | Email This Post | Comments (1)

Posted In: Commentary and Opinion , Criminal Law and Justice , Information Security Newsletter , Information Technology , Technology News

Bookmark:

QUESTION:

Does any one use electronic signatures for documents? We conduct video arraignments with detention facilities around our county and this would be most helpful and much more efficient. Any information you can provide will be appreciated.

RESPONSE:

There is a difference between electronic and digital. We use a live electronic, if that is what you are looking for and are gearing up to include digital on some forms.

We have used live electronic in our video bond call for eight years on Orders to Remand, among others forms. We also use an electronic signature for Orders of Protection, electronically certify them and email them directly to the Sheriff. What kind of information do you want?
___________________________________
*All names and other forms of specific identification have been edited out to protect the privacy and confidentialtiy of participants.

Posted by David Badertscher | Permalink | Email This Post | Comments (1)

Posted In: Commentary and Opinion , Information Technology , Questions and Answers

Bookmark:

The transition of evidence from paper to digital imposes new challenges to ensuring a proper "chain of custody'" in the authentication of digital evidence.

The legal group of Merrill Corporation has recently compiled a report which addresses this and related issues:

Report: AUTHENTICATING DIGITAL EVIDENCE: IDENTIFY AND AVOID THE WEAK LINKS IN YOUR CHAIN OF CUSTODY.

From the Introduction:

Introduction
Chain of custody is a familiar concept in criminal law, but until recent years it was foreign
to civil litigators. In the criminal law arena, police would seize evidence, seal it in a plastic
bag, label it and sign it into a locked evidence room. If the evidence was taken out for any
purpose (for example, for laboratory examination or testing) the withdrawal and its return
would be noted on the custody log. Any subsequent removal of the evidence from the
locked room would be unlikely until it was presented as evidence at trial.

Historically, evidentiary chain of custody was rarely an issue in civil litigation. The advent
of the digital age has made it a major issue because the actual nature of evidence in civil
litigation has undergone a radical transformation from tangible paper to electronic data.
In the electronic discovery publication, Arkfeld on Electronic Discovery and Evidence1, the
author notes the following regarding the importance of chain of custody:

The purpose of testimony concerning chain of custody is to prove that evidence has not
been altered or changed from the time it was collected through production in court.
Gallego v. United States of America, 276 F.2d 914 (9th Cir. 1960) (citing United States v.
S.B. Panicky & Co., 136 F.2d 413, 415 (2d Cir. 1943)). Chain of custody testimony would
include documentation on how the data was gathered, transported, analyzed and preserved
for production. This information is important to assist in the authentication of electronic data since it can be easily altered if proper precautions are not taken.

It is also much more complicated to handle electronic data as evidence than it is to sign in
tangible narcotics confiscated at the time of arrest and sign them out again at the time of
trial. That is because electronic discovery (e-discovery) is a multi-stage process and custody is
an issue at every one of those stages....

Please click on the link below to see the entire Report:

Authenticating Digital Evidence: Identify and Avoid The Weak Links in Your Chain of Custody

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , The Documents Corner

Bookmark:

Georgia K. Briscoe* of the University of Colorado School of Law Library has sent the following announcement which we are please to post here for the benefit of all law librarians and perhaps some others as well. Here is her announcement:

In case you haven't heard, there is a new online SSRN journal which academic technical services librarians will find useful. LEGAL INFORMATION & TECHNOLOGY eJOURNAL is edited by Randy Diamond and Lee Peoples. I am pleased to be a member of the editorial board representing technical services issues. The archive already includes over 150 papers and is growing daily. This ejournal provides another avenue for TS librarians to publish.

Subscribers to SSRN will soon start receiving email issues announcing works in progress and recent publications. SSRN will issue a formal announcement soon, but the editors are pleased to provide a pre-launch viewing. Detailed information from Randy and Lee follows. I hope you will check out this new opportunity for professional growth and development.

Best regards, Georgia

View Papers:
http://www.ssrn.com/link/Legal-Information-Technology.html

Subscribe:
http://hq.ssrn.com/jourInvite.cfm?link=Legal-Information-Technology
(If you do not already have an SSRN account, you may subscribe to the ejournal through your law school’s Legal Scholarship Network Site License: http://www.ssrn.com/SiteLic_orgSubscribers.cfm?netid=201

Journal Description:
http://www.ssrn.com/update/lsn/lsn_legal-info-tech.html

We thank the journal's founding sponsor MALLCO, the Mid-America Law Consortium for their generous support. Without MALLCO’s backing, this would not have gotten off the ground so quickly. We also thank the advisory board for their encouragement and thoughtful ideas about direction and focus. And we thank Janet Sinder from LLJ, Mike Chiorazzi from LRSQ, Mark Engsberg from IJLI, and Mary Hotchkiss from Perspectives for their efforts to maximize availability of their journals' content on the new eJournal. One of our goals for the eJournal is to generate more articles for the professional literature.

We are excited about the journal on several fronts. We aim to make it the premier eJournal in the field by featuring the works of law librarians and other academics. Obtaining feedback on works in progress, developing the profession’s scholarly agenda, and presenting our work to a wider audience are just a few examples of the journal’s potential. We hope it will inspire more of us to write, to share our work more readily within the profession, and to extend our knowledge to the broader legal academy and other disciplines interested in our field and expertise. The journal welcomes all significant contributions to legal information scholarship and to the practice of law librarianship http://www.ssrn.com/update/lsn/lsn_legal-info-tech.html

We are in the process of inviting LLJ, LRSQ, IJLI, and Perspectives authors to post their works back to 2005 and welcome all other publications from that time frame fitting within the journal’s subject matter. If you already have an SSRN account please upload your paper and classify it under the Legal Scholarship Network > LSN Subject Matter eJournals > Legal Information & Technology eJournal.

If you do not have an SSRN account it is very easy to set one up and upload your paper for free at: http://www.ssrn.com
We have also attempted to identify papers previously posted to SSRN for inclusion. In the short time frame we have been working, we will surely have missed some. If your paper is already on SSRN and we have not contacted you, please let us know and we can have it reclassified under the Legal Information & Technology eJournal.

We hope you enjoy the eJournal and welcome your feedback and suggestions.

Lee Peoples
Randy Diamond
Editors, Legal Information & Technology eJournal.
_____________________________________
*As mentioned, Georgia Briscoe is a member of the Editorial Board representing technical services issues.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library Technical Services , Publication Announcements and Reviews , Technology News

Bookmark:

Sometimes it seems as though Google has become ubiquitous in the world of searching and may want to repeat its act in the world of books. While thinking about this, two articles, one forthcoming and one published Febrary 1 have come to our attention>

The forthoming article Google and the Future of Books* by Robert Darnton, Director of the Library and Carl H. Pforzheimer University Professor of Harvard has much to say on the subject and should be required reading for all who are concerned about these developments. He writes:

"How can we navigate through the information landscape that is only beginning to come into view? The question is more urgent than ever following the recent settlement between Google and the authors and publishers who were suing it for alleged breach of copyright..."

The second article Some Fear Google's Power in Digital Books by Noam Cahn was published in the February 1, 2009 New York Times. Although more of an overview that the first artice, it is still an interesting read and is also recommended. Mr. Cahn writes:

"In 2002, Google began to drink the milkshakes of the book world.

Back then, according to the companys official history, it began a secret books project. Today, that project is known as Google Book Search and, aided by a recent class-action settlement, it promises to transform the way information is collected: who controls the most books; who gets access to those books; how access will be sold and attained. There will be blood, in other words."

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research

Bookmark:

I received the following e-mail from Scott Frey on January 29 and am posting it here for those who are interested. If you are interested please contact Scott directly as noted below:

I've received a grant from the Wolters Kluwer Law & Business Grant Program to develop a search engine for law-related public domain electronic books (http://www.aallnet.org/news/newsdisplay.asp?nid=146). As part of the project, I'm seeking law librarians and other legal researchers to provide feedback on the search engines' interfaces and results.

I envision that the initial test in April 2009 would take about 30 minutes, followed by tests of similar length in May, August, September, and potentially October. (I figure that 30 minutes would be sufficient for good testing and feedback, without impinging unduly on people's busy schedules.) I might call or email some testers for clarification or elaboration of their feedback.

If you're interested in being a tester, please contact me at sfrey@wsulaw.edu. If you doubt you'll be available during one or more of the testing times, that's okay -- even one test could be useful. This isn't a firm commitment; some testers will have to cancel, while others might sign up at the last minute or after testing has started.

Posted by David Badertscher | Permalink | Email This Post

Posted In: Information Technology , Library News and Views

Bookmark:

January 2009 Volume 2 # 1

Challenge or Secret Questions

From the Desk of David Badertscher

What are Challenge or Secret Questions?

Knowledge-based authentication or the use of “Challenge or Secret Questions” helps computer users access their accounts when they forget their password. The questions are often designed as simple, easy-to-remember “prompts” that only the authorized user should be able to answer. They are in effect a backup to your password.

While some systems allow users to create their own challenge or secret questions, most systems have pre-populated questions such as “What is your mother’s maiden name? What is the name of your first pet or car? What is your favorite color?” While these systems are a great convenience for the end user (they are not likely to forget the responses) and are efficient from the administrator’s perspective (low overhead), they are very weak from a security perspective.

What are the security concerns with using Challenge or Secret Questions?

There is a limited pool of secret questions that most Knowledge-Based Authentication systems use and many of the questions have a limited amount of potential responses, such as “What is your favorite color?” If someone researches you and discovers the answers for your questions, they could gain unauthorized access to your account.

The ability for someone to guess the response to a user’s secret question has greatly increased due to the large volume of information available on the Internet. This was demonstrated during the recent presidential campaign, when one of the candidate’s email accounts was hacked into. The attacker was able to do so by conducting a minimal amount of research about the candidate using information found on the Internet to answer the secret questions and get the password for the email account.

Users need to be aware that there is a tremendous amount of information available about them, not only through Internet search engines, but also social networking profiles and other sources.

What can be done to make Challenge or Secret Questions more secure?

As with the design of a regular password, the responses to secret questions should be something that is hard to guess, but easy to remember. Users are encouraged to not provide the technically correct response to the question. Similar to developing a strong password, the response to a secret question is in effect a password and thus should have the same protections. The use of a combination of upper and lower case letters, special characters and numbers is recommended. There are many ways to obfuscate your response. The key is to develop a methodology that is easy for you to remember but difficult for someone else, even someone you know, to guess. Some examples are:

1. Begin and/or end each response with a number, capitalize a letter a special character. For example, the response to your mother’s maiden name of “Smith” would be “44SmitH!” OR Insert a number and special character in the middle of the word. In this example the response to your mother’s maiden name of “Smith” would be “Smi44!th.”

2. Provide answers that do not correspond to the question, thus making it difficult for an attacker to correctly guess. For example, a user may use the name of a city as the response for “mother’s maiden name.”

3. Use the question itself to create an easy-to-remember passphrase. By combining the main part of the question with one of your favorite catchwords, you can create a passphrase they can remember. If the question is asking for your favorite sports team, you can combine “Sports Team” from the question and combine it with a phrase from your favorite show, such as “CSI.” Their answer is, “Sports Team CSI.”

4. Follow best practices for strong passwords when developing your responses, such as making it at least 8 characters long and using numbers, upper and lower case letters, and special characters. The answers can be different on different websites, even if the same secret question is used. Thus a hacker won’t potentially have access to other accounts if one is compromised.

5. As with passwords, do not share the responses to your Challenge or Secret Questions, or your methodology for developing them, with anyone.

It is also advised to periodically search your name in an Internet search engine so you are aware of what information about you is freely accessible on the Internet.

For additional information on Challenge or Secret Questions, please visit:

US CERT www.us-cert.gov/cas/tips/ST04-002.html

US CERT www.us-cert.gov/cas/tips/ST05-012.html

OWASP www.owasp.org/index.php/Using_Secret_Questions

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. Organizations have permission--and in fact are encouraged--to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Posted by David Badertscher | Permalink | Email This Post

Posted In: Information Security Newsletter , Information Technology , Technology News

Bookmark:

In case you missed it, the results from the 2008 version of Marshall Breeding's Library Automation Survey are available at http://www.librarytechnology.org/perceptions2008.pl. This Survey is international in scope. There were 1,450 responses.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library Organization and Planning , Library Reference and Research , Library Technical Services

Bookmark:

State of New York Supreme Court Criminal Term Library (New York County)

Inspired by the recent New York Unified Court System Report Green Justice: An environmental Action Plan for the New York State Court System*, the New York Supreme Court Law Library, Criminal Term (New York County) is pleased to announce a major upgrade to the section of our website dealing with search engines. Our objective is to best serve your information needs through enhanced access to reference and research sources. Consequently, we have have provided a wide variety of general Internet search engines as well as search engines that specifically target legal information sites. Moreover, we have included in our resource page meta search engines which combine the search results and different technologies of multiple companies (e.g. Google and MSN). We hope that these resources are another means for you to conveniently and best retrieve information from the Internet. Our new search engine page is located at: http://www.nycourts.gov/library/nyc_criminal/search_engines.shtml .

You may wish to reacquaint yourselves with out library homepage which is located at: http://www.nycourts.gov/library/nyc_criminal/ .

If you have any questions regarding the above materials or other library services, please feel free to contact me at dbaderts@courts.state.ny.us or (646) 386- 3890.

David Badertscher
Principal Law Librarian
_______________________________
*The New York State Unified Court System report: Green Justice: An environmental Action Plan for the New York State Court System, is available at http://www.nycourts.gov/whatsnew/pdf/NYCourts-GreenJustice11.2008.pdf

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: David Badertscher , Information Technology , Library News and Views , Library Organization and Planning , News from Organizations

Bookmark:

Michael Gartenberg's predictions as reported in Computerworld - December 17. 2008.

"Well, it's that time of the year again. Time to enjoy the glow of a nice LED-backlit display and huddle with the warmth that only an overclocked PC can produce. Yep, it's time to take a look at what's going to happen in technology in 2009. Here are my five predictions for the new year."

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library Organization and Planning

Bookmark:

"What happens to your mission-critical... application source code should the vendor go bankrupt? This is when you need a Technology Escrow service.Tech Escrow requires vendors to deposit source code into an account held by a third party agent to ensure ongoing accessibility of the software. Recent research by IDG research Services highlights some recent trends and gaps in coverage, making the case for Technology Escrow."

See: How to Minimize Risk with a Software Vendor 'Prenup' Paper by Digital Iron Mountain under sponsorship of IDG Research..

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Security Newsletter , Information Technology

Bookmark:

December 2008
Volume 1

Pop-Ups

From the Desk of David Badertscher

We’ve all experienced Pop-up windows, or “pop-ups,” while browsing the Internet. Pop-ups may appear without any interaction or prompting by the end user. They can be innocuous, such as when used for advertising, but they can be used for malicious purposes as well. This tip will discuss what pop-ups are and what you can do to keep them from affecting the security of your computer and data.

What are Pop-Ups?
Pop-ups are often used for advertising, to entice you to click on the pop-up ad. Pop-ups can also be used in other ways, such as on a “Help” section of an online form. The pop-up can be read without interfering with the form or page you are already visiting. This technique, for example, could be used on banking or ecommerce sites so as to not interfere with the current transaction or form request.

Occasionally you may encounter a “pop-under” which instead of opening on top of whatever website you are viewing it will open underneath the current web page. That way when you close your browser window you’ll be greeted with an unexpected window.

While there are legitimate uses for pop-ups, they can also be used maliciously to entice you to click the pop-up window, which then downloads spyware or malicious code without your knowledge. These kinds of pop-ups often claim to “detect a virus on your computer” or claim to be a “spyware alert!” or offer a “free product” such as laptop or an anti-virus program.

Usually pop-ups are executed through JavaScript, a very popular way of adding content to websites. They can also be executed through online flash programs, though these are more difficult to stop.

What if I encounter pop ups when I am not browsing the Internet?
If you encounter pop-ups, especially an endless stream of them, it is an indication your computer is possibly infected with spyware or a computer virus.
How can you protect yourself against unwanted or malicious pop-ups?

Most Internet browsers include pop-up blockers. They also have a setting to either completely disable JavaScript (and therefore most pop-ups) or to only allow JavaScript with the user’s permission (prompting). Both methods can usually stop advertising and malicious pop-ups. However, sometimes disabling JavaScript (whether via your browser or another program) can interfere with the “look and feel” or even functionality of a legitimate web site.

· Consider using the pop-up blocker function in your browser.

· Consider setting your computer to the “Prompt” setting you before enabling Java scripting.

· Never click inside the pop-up window to close it, even if it has a button or tab that says “Close,” “No Thank You,” or anything else. Instead, either click on the “X” at the top right corner of the title bar, or depending on your browser or operating system you can hold down the “Alt” key then press “F4” to close the currently opened window.

· Browse as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

· Update your operating system and web browser software.

· Set your browser security to at least “Medium” to help detect unauthorized downloads.

· Use anti-virus and anti-spyware software, and a firewall, and update them all regularly.

For additional information on pop-ups and browser protection, go to:

Recognizing and Avoiding Spyware: www.msisac.org/awareness/news/2007-06.cfm

Web Browser Attacks: www.msisac.org/awareness/news/2008-07.cfm

Browsing Safely: Understanding Active Content and Cookies: www.us-cert.gov/cas/tips/ST04-012.html

Evaluating Your Web Browser's Security Settings: www.us-cert.gov/cas/tips/ST05-001.html

Pop-up: http://en.wikipedia.org/wiki/Pop-up

Spyware: www.onguardonline.gov/topics/spyware.aspx

More News:

From SC Newswire, December 18, 2008:

Emergency Internet Explorer patch issued

Angela Moscaritolo December 17, 2008
Users are encouraged to patch immediately.

Firefox joins in security update whirlwind

Chuck Miller December 17, 2008
Along with the updates to Microsoft's Internet Explorer, Apple's Safari fixes and the latest Opera patches, Mozilla has released its own security updates for Firefox.

"Extremely severe" issues addressed with Opera 9.63 update

Angela Moscaritolo December 17, 2008
The security issues could lead to system access, disclosure of potentially sensitive information, cross-site scripting exploits, or a denial of service condition.

XSS vulnerabilities discovered in Facebook, closed quickly

Angela Moscaritolo December 16, 2008
Researchers this week released proof-of-concept code for a number of cross-site scripting flaws on Facebook, but the social networking site said it closed the vulnerabilities within hours.

Apple pushes out Mac OS X 10.5 security update

Dan Kaplan December 15, 2008
Apple on Monday released a security update for for Mac OS X, addressing 21 vulnerabilities.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Security Newsletter , Information Technology

Bookmark:

Source: AALL: From the Desk of James E. Duggan, December 18, 2008.

Some welcome news is today’s tough economy, U.S. News and & World Report last week named librarianship as a "Best Career 2009." The overview dispels the image of librarians as "mousy bookworms," reporting that librarians have become "high-tech information sleuths, helping patrons plumb the oceans of information available in books and digital records, often starting with a clever Google search but frequently going well beyond." Special librarianship in particular is named the field’s fastest-growing job market.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research

Bookmark:

From: New York State Archives - Region 1 Newsletter, December 2008

The New York State Archives is pleased to announce the release of its email policy development guidelines. These guidelines are intended as a starting point for state agencies and local governments to use for writing policies and procedures that will guide a program for managing email. Given the complexity of managing email, not all agencies will have the same needs and issues. Users should adapt the guidelines to meet their own needs and capabilities, and continue to update their policies on an as-needed basis. If users have questions or comments regarding the guidelines, please contact Ann Marie Przybyla at aprzybyl@mail.nysed.gov, or 518-474-5834.

A copy of the guidelines is available at http://www.archives.nysed.gov/a/records/mr_pub85.shtml. If you have problems accessing the guidelines, please contact Sarah Durling at durling@mail.nysed.gov or 518-473-6803.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library Organization and Planning , Library Reference and Research , News from Organizations

Bookmark:

By John C. Tredennick

ABA Publication Announcment:

--------------------------------------------------------------------------------

"Spreadsheet programs are one of the most powerful but underutilized tools in the trial lawyer's toolbox. John Tredennick's concise, clear book shows you how to use spreadsheets powerfully and quickly. I believe that every litigator should be familiar with the contents of this book." -- Joe Kashi, Esq., Author

Did you know Excel can help you analyze and present your cases more effectively or help you better understand and manage complex business transactions? Written by John Tredennick, author/editor of four best-selling books on law and technology issues, a 20-year trial lawyer, and a pioneer in the field of legal technology, The Lawyer’s Guide to Microsoft® Excel 2007 will help you learn how Excel can become a powerful ally in your legal practice.

No matter what your law practice, you will find spreadsheets to be incredibly handy tools for calculating, sorting, filtering, and charting data. This valuable guide is uniquely designed to help lawyers improve their efficiency and increase their productivity with the most used spreadsheet software on the market. Designed as a hands-on manual for beginners, as well as longtime spreadsheet users, you’ll learn how to build spreadsheets from scratch, use them to analyze issues and data, and create impressionable graphics presentations to use in your daily practice.

Bonus! This guide includes a companion CD-Rom loaded with spreadsheets that you can download and use as you work through the book.

December 2008
7 X 10, 148 Pages Paperback
Product Code: 5110665

Regular Price: $69.95
Section Member Price: $49.95

Posted by David Badertscher | Permalink | Email This Post

Posted In: Information Technology , Library Reference and Research , Publication Announcements and Reviews

Bookmark:

November 2008 Volume 3, Issue 11

MAIN TOPIC:

Internet Shopping – How to Enhance Your Security Online

From the Desk of David G. Badertscher
The Holidays are Approaching – Help Protect Yourself and Shop Smart!

The holiday shopping season is upon us and the volume of online shopping is increasing. According to some estimates, holiday e-commerce spending totaled $29 Billion in 2007, an increase from $24 billion in 2006. While online shopping can be convenient and time-saving, you must shop smart and take precautions to mitigate the risks.

Below are some helpful tips to follow for a safe online shopping experience:

Enhance the security of your computer. Be sure to install a firewall and make sure your computer has the most current anti-virus and anti-spyware software before you begin your online shopping. Set your default settings on your computer to “auto update.”

Use strong passwords. When creating passwords for online accounts, use at least eight characters, with numbers, special characters, and upper and lower case letters. Don’t use the same passwords for online shopping websites that you use for logging onto your computer. Never share your login and/or password.

Guard the security of your transaction. When submitting your purchase information, look for the "lock" icon on the browser's status bar and be sure “https” or “shttp” appears in the website’s address bar. The "s" stands for "secure.”

Don't email your financial information. Clear-text emails are not a secure method of transmitting financial information such as your credit card, checking account, or Social Security numbers.

Keep a paper trail and check your credit card and bank statements regularly. Print and save records of your online transactions, including the product description and price, the online receipt, and copies of every email you send or receive from the seller. Read your credit card and bank statements as you receive them and be on the lookout for unauthorized charges.

Don’t respond to pop-up messages. If you get an email or pop-up message while you're browsing, don't reply or click on the link in the message, especially if it is asking for personal or financial information. Legitimate organizations don't ask for this information in these ways.

Check the privacy policy. Know what information the merchant is collecting about you, how it will be used, and if it will be shared or sold to others. You can do this by checking the web site to make sure there is a privacy policy posted, and that you're comfortable with the way your personal information is treated under that policy. Look for seals from privacy enforcement organizations like TRUSTe or the Better Business Bureau (BBBOnLine). Be suspicious if you're asked to supply personal information not needed to make a purchase, such as your Social Security number, mother’s maiden name or other personal information.

Limit your online shopping to merchants you know and trust. If you have questions about a merchant, verify it with the Better Business Bureau or the Federal Trade Commission.

Pay by credit card. Credit or charge card transactions are protected by the Fair Credit Billing Act. (Debit cards are covered under the Electronic Funds Transfer Act, but the potential protections provided will depend upon when you report the error, loss or unauthorized use.)
Under the Fair Credit Billing Act, in the event of unauthorized use of your credit or charge card, you generally would be held liable only for the first $50 in charges. Some companies offer an online shopping guarantee that ensures you will not be held responsible for any unauthorized charges made online, and some cards may provide additional warranty, return, and/or purchase protection benefits.

Use temporary account authorizations when available. Some credit card companies offer virtual or temporary credit card authorization numbers. This kind of service gives you use of a secure and unique account number for each online transaction. These numbers are often issued for a short period of time and cannot be used after that period. Contact your credit card company to see if they offer this service.

Know who you are doing business with before placing your order. Confirm the online seller's physical address and phone number in case you have questions or problems.

What to do if you are a victim of online fraud or encounter problems with the online shopping site:

If you have problems during a transaction, you can contact the seller, buyer or site operator directly. If those attempts are not successful, you may wish to file a complaint with the following entities:

the Attorney General's office in your state

your county or state consumer protection agency

the Better Business Bureau at: www.bbb.org

the Federal Trade Commission at: www.ftc.gov/

For more information about secure online shopping, please visit the following sites:

OnGuard Online: www.onguardonline.gov/topics/online-shopping.aspx

US-CERT: www.us-cert.gov/cas/tips/ST07-001.html

StaySafeOnline www.staysafeonline.org/

Federal Trade Commission: www.ftc.gov/opa/2008/11/smartshopping.shtm and www.ftc.gov/bcp/menus/consumer/tech/online.shtm

National Consumer League’s Internet Fraud Watch: www.fraud.org/tips/internet/

WatchGuard: www.watchguard.com/infocenter/editorial/18714.asp

Online Cyber Safety: www.bsacybersafety.com/video/

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. Organizations have permission--and in fact are encouraged--to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

ADDITIONAL NEWS:

From: CIO & CSO Enterprise Business Alert November 14, 2008

Top 10 Ways to Protect Against Web Threats

You can thwart many web attacks with protections at the Web Gateway. Make sure your Secure Web Gateway provides these requirements to stop malware. Users never intend to visit a malware site, but it can happen innocently enough.

Download now:
http://www.cio.com/download-center?id=50065441&source=cxoalert_entbiz111408

Selections from SC Newswire, November 11, 2008.

Top 10 Ways to Protect Against Web Threats

You can thwart many web attacks with protections at the Web Gateway. Make sure your Secure Web Gateway provides these requirements to stop malware. Users never intend to visit a malware site, but it can happen innocently enough. Read this Top 10 list to protect your enterprise network.

Download now:
http://www.cio.com/download-center?id=50065441&source=cxoalert_entbiz111408

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Security Newsletter , Information Technology

Bookmark:

Notes from Law Technology News Online Update November 17, 2008.

Cell Phones

"If you use a handheld device while driving in California, Connecticut, New Jersey, New York, Puerto Rico, or Washington (state or D.C.), you are breaking the law. Utah and New Hampshire have some mention of handheld cell phone use — but mostly as a means of enacting distracted driver laws. Some jurisdictions have bans in certain cities (including Phoenix and Detroit)."

"If you're a novice driver (and jurisdictions vary on what constitutes "novice"), you are banned from using all cell phones while driving within D.C. and 18 states. D.C. and 17 states have also banned the use of handheld cell phones when operating a school bus when passengers are present (except emergencies)"

"There are some exceptions. In California, commercial drivers are exempted from the ban until the year 2011. Connecticut and D.C. have exemptions for some professions as well. And while certain locales have addressed handheld cell phone devices, no states have completely banned the use of all cell phones while operating a vehicle."

Text Messaging.

"What's more amazing than cell phone use are people texting or reading text messages while driving. Perhaps equally amazing is that it's not illegal in most jurisdictions. Let's break this down. You're holding the device in one hand, texting with the other — so where does that leave maneuvering the steering wheel or watching the road. I've talked to several compulsive texters who say it's O.K. for them but they wouldn't want anyone else doing it. (Are you nuts? Just read about the five cheerleaders killed in a 2007 New York crash where a 17-year-old driver was texting. See http://tinyurl.com/LTNteens.)"

"But only six jurisdictions outlaw text messaging while driving: Alaska, California, Louisiana, Minnesota, New Jersey and Washington. And what will you be fined next year in California when the law takes place if you are caught text messaging while driving: $20 fine for a first offense, and $50 for repeat offenders — but I guess we have to start somewhere."

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Science and Technology

Bookmark:

On Thursday November 6, 2008 the Law Library Association of Greater New York (LLAGNY) presented in conjunction with the Electronic Legal Information Access and Citation Committee of the American Association of Law Libraries (AALL) a program at the New York County Lawyers Association in New York City regarding how findings of the 2007 authentication report published by AALL and its ELIAC Committee can be adopted in the State of New York.

The program consisted of a panel of representatives of AALL, its Electronic Legal Information Access and Citation (ELIAC), and two agencies of New York state government, the New York State Reporting Bureau and the Office of General Counsel of the New York State Department of State discussing the AALL Authentication Report, published in 2007 and approaches, strategies, and challenges to adopting its findings to authenticating and otherwise validating in accordance with accepted standards New York State primary source legal information published on the web.

The following are links to the opening remarks of the moderator, David Badertscher, Slides frm the presentation of Mary Alice Baish,and a summary of the program kindly provided by Theodore Pollack, Senior Law Librarian at the New York County Public Access Library, who attended the program, and to the program announcement from LLAGNY. Other links will be added if they become available.

LLAGNYProgram Announcement.

Opening Remarks - David Baderrtscher

Slides from Presentation of Mary Alice Baish

Summary of Program by Theodore Pollack

Posted by David Badertscher | Permalink | Email This Post | Comments (2)

Posted In: Commentary and Opinion , Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research , News from Organizations , Publication Announcements and Reviews

Bookmark:

The EDUCAUSE Center for Applied Research (ECAR) Study of Undergraduate Students and Information Technology, 2008 is available at http://net.educause.edu/ir/library/pdf/ERS0808/RS/ERS0808w.pdf.

Although this study was done with undergraduate students, it provides useful information relevant to all students in all fields at both the undergraduate and graduate levels. Of particular interest to lawyers and law librarians might be Chapter 4: Ownership of, Use of, and Skill with IT; Chapter 5 IT and the Academic Experience; Chapter 6 Social Networking Sites, and the Bibliography included at the end of the study.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library Organization and Planning , Library Reference and Research

Bookmark:

FROM THE OFFICES OF LESLEY ELLEN HARRIS
Copyright, New Media Law & E-Commerce News

NOTE: THIS CONTENT IS BEING REPRODUCED FOR NON-COMMERCIAL PURPOSES ONLY.
__________________________________________________________________
__________________________________________________________________

Vol. 12, No. 6, October 19, 2008
ISSN 1489-954X

Contents:

1. Studies, Legislation and Conventions:
WIPO Study on Copyright Limitations and Exceptions for Libraries
Creative Commons Launches Study of “Noncommercial” Use
Bill C-61 Dies With Canadian Election Call

2. Legal Cases:
Harry Potter Lexicon Breached Copyright
Peer-to-Peer Magazine Site Settles Dispute

3. Of Interest:
Hollywood Demands Royalties From Irish Playschools
U.S. Music Groups Agree on Royalties for Online Streaming
Copyright Law is a Balancing Act
OCLC Pilots Copyright Registry

4. Seminars and Publications:
Canadian Copyright Law Course
Vote on Copyright Education
Certificate in Copyright Management
Co pyright Questions and Answers
The Copyright & New Media Law Newsletter
__________________________________________________________________
__________________________________________________________________

Copyright, New Media & E-Commerce News is distributed for free by the
office of Lesley Ellen Harris. Information contained herein should not be
relied upon or considered as legal advice. Copyright 2008 Lesley Ellen
Harris. This e-letter may be forwarded, downloaded or reproduced in whole
in any print or electronic format for non-commercial purposes provided that
you cc: lehletter@copyrightlaws.com.

This e-letter, from 1996 to the present, is archived with Library &
Archives Canada at: http://epe.lac-bac.gc.ca/100/201/300/copyright/.
__________________________________________________________________
__________________________________________________________________

1. STUDIES, LEGISLATION AND CONVENTIONS:

WIPO STUDY ON COPYRIGHT LIMITATIONS AND EXCEPTIONS FOR LIBRARIES – The
World Intellectual Property Office (“WIPO”) has released a study on
copyright limitations and exceptions for libraries which has been prepared
by Kenneth Crews. The study discusses issues from the foundation of library
exceptions to their prevalence, scope and structure, and the nature of the
various exceptions in the copyright legislations of all WIPO member
countries. A copy of the study is at:
http://www.wipo.int/meetings/en/doc_details.jsp?doc_id=109192.

CREATIVE COMMONS LAUNCHES STUDY OF “NONCOMMERCIAL” USE – Creative Commons has launched a study to explore the differences between commercial and
noncommercial uses of content. Creative Commons licenses allow creators to
give the public advance permission to use the creators’ work. Works
distributed under the “noncommercial” license term may be used by anyone
for any purpose that is not “primarily intended for or directed toward
commercial advantage or private monetary compensation.” Creative Commons
explained that developments in technology, social practices, and business
models are changing the definition of non-commercial use.

BILL C-61 DIES WITH CANADIAN ELECTION CALL – The October 14, 2008 election
in Canada has killed Bill C-61 (see LEH-Letter Volume 12, No. 5). If the
new government wants to enact similar legislation, it will have to
re-introduce the Bill under a different number.
__________________________________________________________________
________________________ ______ ____________________________________

2. LEGAL CASES:

HARRY POTTER LEXICON BREACHED COPYRIGHT – In September 2008, a U.S. federal
court judge held that a proposed book called The Harry Potter Lexicon
contained no substantially new material and it breached copyright in the
J.K. Rowling’s Harry Potter series. Warner Brothers, who sued Steven Jan
Vander Ark and the proposed publisher of the book, received $6,750 US in
damages.

PEER-TO-PEER MAGAZINE SITE SETTLES DISPUTE – Mygazines, com, a peer-to-peer
site which allows users to upload and share magazines, settled a dispute
with a group of consumer and business-to-business magazines in September.
Mygazines.com has agreed to remove material protected by copyright from its
site, and to put in place a system whereby Mygazines.com is notified
whenever material protected by copyright is uploaded.

__________________________________________________________________
___________ ______ _________________________________________________

3. OF INTEREST:

HOLLYWOOD DEMANDS ROYALTIES FROM IRISH PLAYSCHOOLS – The MPLC, a licensing
company representing companies such as Walt Disney and Twentieth Century
Fox, has written to Irish playschools demanding that each child pay a fee
of more than 3 euros a year to watch DVDs.

U.S. MUSIC GROUPS AGREE ON ROYALTIES FOR ONLINE STREAMING – Five music
industry groups, representing record labels, music publishers, songwriters,
and music Web sites, have reached agreement on how royalties should be paid
for streaming music online. The plan has been submitted to the Copyright
Royalty Judges for approval. If approved, sites such as Napster will pay
royalties of about 10.5% of revenue, matching rates already paid by
download services such as iTunes.

COPYRIGHT LAW IS A BALANCING ACT – Copyright law is about balancing the
rights of users and consumers of copyright-protected mater ials.& nbsp; See a
short article on balance in copyright law at:
https://www.barex.com/barex/appmanager/bx/on?_nfpb=true&articleId=ar2001015

OCLC PILOTS COPYRIGHT REGISTRY – On July 1, 2008, OCLC launched a pilot
service, the Copyright Evidence Registry, which hopes to become a library
community-compiled union catalogue of copyright information. Users can
search for a book, see what others have said about its copyright status,
and add what they know. The beta version is at:
http://www.worldcat.org/copyrightevidence.
http://www.worldcat.org/copyrightevidence
__________________________________________________________________
__________________________________________________________________

4. SEMINARS AND PUBLICATIONS:

CANADIAN COPYRIGHT LAW COURSE – A 5 week version of the 16 e-lesson course
on Canadian Copyright Law will begin on November 3, 2008. Information and
registration at: www.acteva.com/go/copyright.

VOTE ON COPYRIGHT EDUCATION – Help out by voting on which copyright and
licensing courses you would like to see offered in 2009. Cast your vote
at:
www.copyrightlawscom.blogspot.com.

CERTIFICATE IN COPYRIGHT MANAGEMENT – This program, consisting of 5 online
courses and 2 in-person courses, created in partnership between Lesley
Ellen Harris and SLA Click University, begins again in January 2009.
Participants have two years to complete the 7 courses required for the
certificate, or may take any course à la carte. The first course,
Introduction to Copyright Management Principles & Issues, starts January 6,
2009. See: www.clickuniversity.org .

COPYRIGHT QUESTIONS AND ANSWERS – Lesley Ellen Harris has just launched a
new blog designed to answer copyright questions. It includes questions from
issues of The Copyright & New Media Law Newsletter, and gives readers the
opportunity to post questions of their own. See
http://www.copyrightanswers.blogspot.com/.

THE COPYRIGHT & NEW MEDIA LAW NEWSLETTER – This unique publication deals
with copyright law, licensing and related matters for a diverse audience of
copyright professionals including librarians, archivists, curators,
educators, lawyers, publishers, and digital content creators. This is a
print newsletter, begun in 1997. It is published four times per year, with
contributors and authors from around the world. For more information, see:
http://copyrightlaws.com. To subscribe, visit: http://www.acteva.com.

__________________________________________________________________
__________________________________________________________________

This newsletter is prepared by Copyright Lawyer Lesley Ellen Harris.
Lesley is the author of the books Canadian Copyright Law (McGraw-Hill),
Digital Property: Currency of the 21st Century (McGraw-Hill), and Licensing
Digital Content (ALA Editions). Lesley edits the print newsletter, The
Copyright & New Media Law Newsletter. Lesley may be reached at:
http://copyrightlaws.com.
__________________________________________________________________
__________________________________________________________________

This LEH-Letter issue was prepared with the help of Beth Davies.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Conferences, Seminars and Webinars , Information Technology , Library Organization and Planning , Library Reference and Research , News from Organizations

Bookmark:

PC World has named its '5 Sites That Will Boost Your Political Awareness.' Included on this list are some very useful Web sites that many of you are probaly familiar with. Here is their list as posted by the American Association of Law Libraries Washington Blawg along with some helpful comments.:

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Library Reference and Research , News from Organizations , Publication Announcements and Reviews

Bookmark:

October 2008

October is National Cyber Security Awareness Month
Volume 1, Issue 6

Phishing – How to Avoid Getting Hooked!

From the Desk of David Badertscher
What is Phishing?

Phishing is a scam which attempts to entice email recipients into clicking on a link that takes them to a bogus website. The website may prompt the recipient to provide personal information such as social security number, bank account number or credit card number, and/or it may download malicious software onto the recipient’s computer. Both the link and website may appear authentic, however they are not legitimate.

How does it Work?

Have you received an email, an instant message, or another communication that just did not seem right, even though the communication appeared to be from a reputable organization? This communication could very well be a phishing scam. It’s important to note that in the past, phishing scams were often more easily detectable because of misspellings, typographical errors and blatantly bad grammar; however, they are increasingly more difficult to detect because they often appear so legitimate.

Phishing scams try to “bait” the recipient in a number of ways: the malicious email could include notice of an account cancellation, a request to verify/update personal information, a notice of a purchase that you did not make, or just about anything else that would get you to respond to the communication. The types of messages used in phishing are expanding almost every day, so it is important to be cautious of any communications you receive.

If the email communication, with its enticing subject line, is the “bait,” what is the hook? The hook is getting you, the user, to take some action that enables the phisher to obtain information or otherwise gain access. You may be “tricked” into visiting a website, which appears to be a legitimate organization’s website. Once at that site, you may be asked to enter personal information. Another method of attack may be to get you to open an attachment in an email, upon which malicious code, such as a Trojan horse will be installed onto your computer. Other variations include a telephone call, in which the phisher will ask you to provide personal information. Once the phisher has “hooked” you, they may use the information to open accounts in your name, access your bank account or make purchases using your credit card. There is also a type of phishing attack known as “spear phishing” where the attacker targets specific individuals by name or organizations. For example, an email invitation to attend an event that may be of interest could be sent to an organization’s employees. When an employee clicks on the link contained in that email, malware is downloaded to the employee’s computer. The attacker may be targeting specific employee information, such as user names and passwords, or proprietary organization information.

How do I Know it is a Phishing Scam?

If you receive an email appearing to be from a legitimate business, requesting you submit personal information, it is most likely a scam. Legitimate businesses do not send emails requesting personal information.
Use an Internet search engine to research the subject line of a suspicious email to determine if that subject line is a known phishing scam.

What Can I Do?

Be cautious about all communications you receive. Think before you click.
If the communication looks too good to be true, it probably is.
If it appears to be a phishing communication, do not respond. Delete it. You can also forward it to the Federal Trade Commission at spam@uce.gov.

Do not click on any links listed in the email message and do not open any attachments contained in suspicious email.

Do not enter personal information in a pop-up screen. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens.

Install a phishing filter on your email application and also on your web browser. These filters will not keep out all phishing messages, but will reduce the numbers of phishing attempts.

Ensure that your computer is up-to-date on all patches.

Ensure that your antivirus program is installed and up-to-date.

Use bookmarks in your web browser for the organization’s which with you regularly communicate to limit the chances of being redirected to malicious sites.

If you think you have been scammed, visit http://www.ftc.gov/idtheft.

Look for unauthorized charges or withdrawals on your credit card and bank statements/bills.

Review your credit report - visit http://www.ftc.gov for a link to request an annual free credit report.

For more information on phishing, please visit the following sites:

AntiPhishing Work Group: www.antiphishing.org/

OnGuard Online: www.onguardonline.gov/phishing.html

Federal Trade Commission: http://ftc.gov/bcp/menus/consumer/tech/privacy.shtm

National Consumer League’s Internet Fraud Watch: www.fraud.org/tips/internet/phishing.htm

US CERT: www.us-cert.gov/cas/tips/ST04-014.html

WatchGuard Video: www.watchguard.com/education/video/play.asp?vid=budhasmail

National Phishing Webcast- October 9, 2008 2:00pm Eastern: register at www.msisac.org

October is National Cyber Security Awareness Month

The Fifth Annual National Cyber Security Awareness Month is being celebrated during October 2008 as a collective effort among the Multi-State Information Sharing and Analysis Center, the National Cyber Security Division and the National Cyber Security Alliance to raise cyber security awareness nationwide and empower citizens, businesses, government and schools to improve their cyber security preparedness and help promote a safe Internet experience. For more information, and Awareness Materials, please visit the MS-ISAC at www.msisac.org

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Security Newsletter , Information Technology , News from Organizations

Bookmark:

Volume 1 Issue 5

Personal Privacy – How to Protect Your Information

From the Desk of David Badertscher

As we continue to conduct more business online, such as banking, shopping and other activities, our personal information (such as name, credit card account, address, etc) is increasingly utilized. Personal information has become a frequent target for data thieves and the volume of breaches involving personal information continues to grow. According to the Privacy Rights Clearinghouse, there have been more than 240 million records containing sensitive personal information involved in security breaches to-date nationally.

What Personal Information is Collected?

Many types of organizations are interested in obtaining and using your personal information, and it’s important to know what information is being collected, by whom and how it will be used.

Websites track web users as they navigate cyberspace. Data may be collected about you as a result of many of your routine activities including:

· When you make purchases and pay bills with credit cards, you leave a data trail consisting of purchase amount, purchase type, date, and time.

· When you pay by check, data such as phone number, home address, driver’s license number, etc. may often be requested to verify your identity.

· When you use supermarket discount cards, the store is able to create a comprehensive database of everything you have purchased.

· When you surf the web, you leave a significant data trail such as your name, email address, Internet address of your computer, the name of your computer, the last time you visited that particular site, the type of browser and operating system you are using.

· When you sign up for a subscription or service (for a magazine, book or music club, professional association, warranty card, etc.) or give money to charities your personal information is often collected and stored.

Protecting Your Personal Information

The following tips should be used to help you manage your personal information wisely, to help minimize its misuse, and to lessen the risk of your personal information being compromised:

· Most legitimate websites include a privacy statement. This is usually a link at the bottom of the home page and details the type of personally identifiable information the site collects about its visitors, how the information is used—including with whom it may be shared— and how users can control the information that is gathered. Be sure to read the privacy statement on websites you are visiting prior to providing any personal information, to understand that entity’s policy regarding protection of data.

· When shopping online, guard the security of your transactions by ensuring the transaction is submitted securely. When submitting your purchase information, look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmission.

· Periodically check your Internet browser settings (e.g. Security and Privacy) to ensure that the settings are adequate for your level and type of Internet activity.

· If you are not already using anti-spyware or adware protection software, start now. This software is designed to protect against spyware or malware designed to extract private information from your computer without your knowledge. Make sure you keep the anti-spyware or adware protection programs updated.

· Be sure to have a firewall installed and enabled on your computer.

· If you store private data on your laptop or other portable electronic devices (e.g. USB), use encryption software to protect your private data in the event the device is lost or stolen.

· Use strong passwords on all your accounts, such as a minimum of eight characters and a mix of special symbols, letters and numbers.

· To protect against identity theft, always question someone who is asking you to reveal any personably identifiable information. Find out how it will be used and whether it will be shared with others.

· Keep items with personal information in a safe place. When you discard receipts, copies of credit applications, insurance forms, health records, bank statements, or other personal documents, tear or shred them.

· Order a copy of your free annual credit report. Make sure it’s accurate and includes only those activities you’ve authorized.

References

To learn more about protecting your privacy, you may wish to visit the following sites:

· Identity Theft: www.ftc.gov/bcp/menus/consumer/data/idt.shtm
· Consumer Action: www.consumer-action.org

· Electronic Privacy Information Center: www.epic.org
· Privacy Rights Clearinghouse: www.privacyrights.org

· World Privacy Forum: www.worldprivacyforum.org

· Free Annual Credit Report: www.annualcreditreport.com
· US-CERT Tips for Strong Passwords: www.uscert.gov/cas/tips/ST04-002.html

News from SC Magazine Newswire
September 30, 2008.

Study: Few internet users exercise caution
Angela Moscaritolo September 25, 2008
In a recent study, researchers found that most users are susceptible to tricks that could potentially open them up to attacks by malicious software.

Group tells FTC more RFID security guidance is needed
Angela Moscaritolo September 24, 2008
The Federal Trade Commission should tighten regulations around the use of RFID, urged an industry group.

No charges in Palin hacker investigation
Dan Kaplan September 24, 2008
A federal grand jury has failed to return an indictment against the University of Tennessee student accused of hacking into vice-presidential candidate Sarah Palin's webmail account.

The information provided in these Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture.

Organizations have permission--and in fact are encouraged--to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Brought to you by:

http://www.msisac.org

--------------------------------------------------------------------------------

This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Security Newsletter , Information Technology

Bookmark:

Sabrina I. Pacifici Founder, Editor, Publisher:

**LLRX Book Review by Heather A. Phillips - We're All Journalists Now: The Transformation of the Press and Reshaping of the Law in the Internet Age
http://www.llrx.com/columns.bookreview11.htm
Heather A. Phillips highlights attorney John Gant's contention that one's title, income, and employer are at best side issues in determining who is a journalist in the day-to-day realities of issuing press passes as well as in larger policies such as the extension of shield laws.

**The Government Domain: Political Fact-Checking Websites
http://www.llrx.com/columns/govdomain38.htm
Peggy Garvin's well-timed article identifies and evaluates key websites that monitor the accuracy of statements and representations made by political candidates and their respective campaigns.

**Researching Medical Literature on the Internet - 2008
http://www.llrx.com/features/medical2008.htm
Medical journals, dictionaries, textbooks, indexes, rankings, images – all can be found on the Net, and much of it is available free. Sources include publishers, government agencies, professional organizations, health libraries and commercial entities. Gloria Miccioli's completely updated and revised topical guide expertly focuses on what she identifies as the best, content-rich databases and services for researchers.

**Commentary: New FBI Anti-Terror Guidelines
http://www.llrx.com/extras/fbiguidelines.htm
Beth Wellington's commentary focuses on congressional and public response to the guidelines, related public surveillance actions, and current as well as future ramifications to civil liberties.

**Criminal Law Resources: DNA Post-Conviction Resources
http://www.llrx.com/features/dnapostconviction.htm
Ken Strutin's article includes a collection of recent and representative web-based materials concerning DNA technology developments and legal research on the impact of wrongful convictions and DNA exonerations on the justice system.

CONTACT:
Sabrina I. Pacifici
Founder, Editor, Publisher
LLRX.com
http://www.llrx.com
spacificATearthlinkDOTnet

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Criminal Law and Justice , Information Technology , Library Reference and Research , Publication Announcements and Reviews

Bookmark:

Vembu, Sridhar, "Annother View: Why Google Won't Focus on Business Software", Government Computer News. (September 27, 2008).

"So what is Google’s plan? It is fairly obvious the company is in it to put Microsoft on the defensive on its home turf, to diminish that company’s offensive capability in the Internet. It is also perfectly clear why Microsoft wants to be an Internet player: as Google has shown, it is a higher-margin business even than its monopoly-profit core business.

So why is business software so much less profitable than the Internet? I can think of two reasons: 1) purchasing departments that know a thing or two about supplier margins and specialize in putting the squeeze on them and 2) sales and support costs, particularly support costs. When you sell software to businesses, they have all kinds of support expectations, which add to headcount. A search engine or a news portal isn’t expected to provide any customer support..."

To see the complete article, click here.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology

Bookmark:

Legislator's Son at Center of Sarah Palin Hack Talk, Report Says
"Tennessee Rep. Mike Kernell says that his son, David Kernell, is at the center of speculation about the identity of the hacker who gained access to Palin's account."

From: CIO Insider News, September 2008

Posted by David Badertscher | Permalink | Email This Post

Posted In: Information Technology , News from Organizations

Bookmark:

One of the historic functions of libraries has been preserving and providing access to information in various media. In many ways, digitization of information has positively altered the information landscape. However, with the dynamic nature of such information, vital information preservation issues arise.

In a timely September 13, 2008, New York Times article by Robert Pear that is entitled "In Digital Age, Federal Files Blip Into Oblivion," the issue of institutional preservation of digital information is addressed. The author maintains that many federal records created by email, word processing, or posting on the Internet are being lost to history. This is due to federal employees failing to preserve such material due to the incredible volume being generated. Dramatic examples of these preservation issues include, the appearance of non-functioning links on government websites and removal of important reports such as those critical of the Bush administration.

There is another concern about information loss not addressed directly in Robert Pear's article. The issue Mr. Pear raises regarding the apparent failure of federal employees to implement adequate procedures to preserve the huge amounts of significant digital materials being generated may also relate to the ongoing necessary maintenance of such information to keep it trustworthy and authentic. No matter how carefully information in digital formats is maintained on an ongoing basis there is always a possibility that it may become corrupted or otherwise tainted, making it untrustworthy and therefore "lost" in terms of its value and relevancy to users. The American Association of Law Libraries (AALL) is very concerned about this issue because the trustworthiness of all online legal resources, including federal. is fundamental to permanent public access and is inherently a matter of great concern to the legal community

The global issue of digital information preservation has been a significant concern of the American Association of Law Libraries. This was demonstrated by a AALL letter to members of Congress last April regarding the problematic and troubling decision of the National Archives and Records Administration not to preserve agency websites at the end of this administration. Consequently, as Mary Alice Baich the Washington representative of AALL comments within the above article saying that the expectation is to see the "wholesale disappearance of materials on federal agency Web sites.... When new officials take office... they want to make a fresh start." Thus the implications for the preservation of our national historical record are grave and warrant a change in federal policy.
_______________________
*This posting was revised on September 24, 2008.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , David Badertscher , Information Technology , Library Organization and Planning , Library Reference and Research

Bookmark:

Volume 20 Issue 3 September 2008

Table of Contents

The Preparation of Narcissistic Witnesses

Solution Focused Mediation

Some Juror Rules for Determining Damages

The 3 Cs in Using Visual Communication to Tell Legal Stories: Communication, Credibility,
and the Central Image

Using the Science of Persuasion in the Courtroom

Our Favorite Thing(s) for September

Lawyers Learning to Communicate

Witness Preparation: Hidden False Assumptions, Real Truths, Recommendations

A Jury of Your Peers: Venue, Vicinage and Buffer Statutes

To see complete issue click here.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Publication Announcements and Reviews , Questions and Answers

Bookmark:

From: Government Computer News, September 19, 2008.

"InfoWorld breaks down the highlightsand the lowlightsfor the Mozilla Firefox 3.1, Google Chrome and Microsoft Internet Explorer 8 Web browsers. and lowlights of each offering and where it stands as far as a full release".

Posted by David Badertscher | Permalink | Email This Post | Comments (1)

Posted In: Commentary and Opinion , Information Technology , Library Organization and Planning

Bookmark:

From: eWeek Emerging, Technologies August 29, 2008

Slide show:

First Look: IE 8 Beta 2
By Jim Rapoza
August 29, 2008

"Despite its market dominance, Internet Explorer has been in many ways the browser that was left behind. Beta 2 of IE 8 shows promise with strong privacy controls and new usability features".

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library Organization and Planning , News from Organizations

Bookmark:

From: CIO Insider, Posting by Esther Schindler, August 26, 2008.

Sharing Microsoft Office Files the Easy Way: A Five Minute Productivity Tip

"Need to create a report or presentation with the input of several people? Don't e-mail that large file to all the participants. Microsoft Office makes it simple to share Word, Excel or PowerPoint documents over the corporate network."

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Information Technology , Library Organization and Planning

Bookmark:

Here are some questions and responses about Twitter. I have followed the usual practice of deleting any personal information about any of the respondents. That being said I have already found these responses very useful and would like to share them with readers of this blog.

David Badertscher

QUESTIONS: :

What is Twitter? What does it do? How can one use it in a workday enviornment? Should one use it in a workday environment?

RESPONSES:

Twitter is a form of microblogging. And it's free, which is always good. It differs from Instant Messaging in that IM is specific between two people; Twittermessages go out to the world at large. You know what someone is saying by going to their profile page on Twitter but usually by choosing to follow them. Anyone who follows my feed gets everything I send out, whether it's related to serial renewals and OPAC features or links to recipes and Weight Watcher blogs.

Some people make clear distinctions about how they will use a Twitter account - work only, personal life only, or a combination. Mine is a combo but primarily work. Remember that deciding to do a work-only account means that's all you will talk about -- but if you follow me, you will see other things being discussed by seeing my responses to other people. Right now that's mostly reference/electronic services librarians. To see my conversations, check out: http://twitter.com/annemyers

I downloaded a little Firefox Add on called "twitterfox" which lets me monitor tweets from the people I follow while I'm in Firefox. It's my method of choice; there are others, including just keeping a window open to the Twitter site.

Does it take time? Sure, but you can spend as much or as little as you like. One really good way to limit it is to not follow every single person you know. Check their tweets for a while and if they're distracting or not useful, just remove them from your list. I mostly work in Millennium working on serials problems and don't see or worry about tweets while I'm there.

At first most people (including me) put up little things like "Had pizza for lunch" or other statements of fact. After a little practice, though, and seeing how others were using it, I jumped in with comments to the world at large or as replies to specific people. And I've discovered I'm building a little social network that brings me information, makes me giggle, points out interesting links, or simply scrolls by while I work on other things.

How would I use it with [Library] Technical Services people? Maybe tweet something short and sweet such as "Anyone go to the Charleston Conference?" instead of sending it in an email. Tweets are limited to 140 characters so you can't say a lot! It's also good for quick communication with others on the library staff.

I hope this helps a little. I'm still figuring how how Twitter will work for me but so far I just love it and haven't found it taking over my life. I'm saving Facebook for that!
_____________________________________________________

I saw Twitter for the first time at the conference in Portland. I was working at the local arrangement booth and a librarian from [...deleted...] showed it to me. Remember that "Family Reunion" that was going on at the same time in the Convention Center? He asked one of the attendees what it was all about, and then he went on Twitter to post what he learned (it was a direct sales group similar to Amway).
_____________________________________________________

We used Twitter at the SLA conference to report little gems from
sessions and that was great! It was a great learning experience and it
made the conference feel like a community effort. I highly recommend
separating out your work and personal accounts.
______________________________________________________

Posted by David Badertscher | Permalink | Email This Post | Comments (1)

Posted In: Commentary and Opinion , Information Technology , Library News and Views , Library Organization and Planning , Library Reference and Research , Library Technical Services

Bookmark:

QUESTION:

"I am looking for any courts that have a video system that displays the docket or room assignments for patrons of the court. I looking for any specs that you have in place. For instance are you using LCD TV screens or just normal computer screens. Do you have a system that is doing real time updates or do you have set times to up the list? "

"Do you have a scrolling list or a static display with the screen changing every x seconds?"

RESPONSES:

"We use a bank of 4 32" LCD monitors in our lobby that display the Name, Case #, Courtroom & Time of all criminal courtroom (5 courtrooms) events for the day via a windows based application using a quad output video card."

"It was written in house (VB.NET) and displays events for x hours before current and x hours after current (can be changed via configuration screen). Colors are also configurable so each courtroom has its own color. It is also configurable for how long it is active (so monitors go to sleep after hours). The refresh time is also configurable and we have currently have it set for 15 seconds."

"If the amount of names takes more than the 4 screens can display, it will spill over to next refresh for remainder, and then start from beginning again (we display them alphabetically). The program uses a generic query written against a view on our database server that just returns the name, case #, courtroom, and time needed for the display in case we ever change databases."
___________________________________________

"...[Our State] does have a system available that displays scrolling court dockets in the lobby of the facility. Various information is available, depending on the type of calendar, including name, case number, judge and room number.

It is scheduled at regular intervals, to accommodate add-on cases. It does not update to remove cases that have been completed; we found that latecomers were better directed to the courtroom to receive information about completed cases rather than asking at the counter.

Two of our 10 districts currently use this feature and others are considering it. They use LCD (not computer) screens.

We also have a system that is designed to display cases that are ready to be called so attorneys, defendants and other interested parties know when to be present. It displays in the courtroom or hallway and in some locations in the holding area of the jail to assist the jail in preparing in custody defendants. It is continually updated to display current information. "

______________________________________
*Identifying information has been removed from the above responses to preserve confidentiality.

Posted by David Badertscher | Permalink | Email This Post | Comments (0)

Posted In: Commentary and Opinion , Information Technology , Questions and Answers

Bookmark: