Andrew Patrick

Today I am launching NetSafetyGuide.com, an ad-supported site offering practical, up-to-date news and tips about Internet safety and security.

I believe that there is very little down-to-earth, practical information available for individuals and small businesses who want to stay secure on the Internet, but don’t know how to do it. My intention with this site is to provide current, direct advice and news that people will find useful.

Drop by and check it out.

As part of the Financial Cryptography and Data Security Conference to be held in January 21010 in Tenerife, there will be a workshop on ethics in computer security research. This is an important topic since conducting ecologically valid research is often at odds with adhering to ethical principles. In particular, security research can sometimes involve having people taking risks, with their systems and personal information, and/or involve the use of deception, where people may not be informed of the true purpose of a study. This should be an interesting workshop.

WECSR 2010 CFP

Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts.

A must-see attraction for ultra-geeks visiting Silicon Valley is the Computer History Museum.

Two notable reactions: it is amazing how much computing technology has changed in such a short time; and it was amazing (and perhaps sad) how many of these old computers I have used.

This is one museum where your kids would be bored silly, but old geeks will be happy.

Computer History Museum

One of the benefits of changing jobs and offices is digging through old files and messages. I still have warm memories of the work with did with CBC in the early 90’s creating the first on-line radio programs. This article describes some of that history, although there never was a thesis, just a research project.

CBC.ca – 10th Anniversary

Williamson told the group about an Ottawa scientist named Andrew Patrick, who was writing a thesis about audio on the internet. Patrick, who worked for the Communications Research Council, was a CBC listener and fan. He approached CBC about putting some CBC Radio programming online. It seemed like a natural pairing.

Cormac Herley, Paul van Oorschot and I recently led a panel discussion session at the Financial Cryptography and Data Security conference. The topic was passwords, which everyone agrees are problematic forms of authentication, but nobody seems to be doing much about it. We wrote up a summary of the issues and discussion at the conference and the paper is now available. Here is the Abstract:

While a lot has changed in Internet security in the last 10 years, a lot has stayed the same — such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to password forgetting and theft. In fact, despite large numbers of proposed alternatives, we must remember more passwords than ever before. Why is this? Will alphanumeric passwords still be ubiquitous in 2019, or will adoption of alternative proposals be commonplace? What must happen in order to move beyond passwords? This note pursues these questions, following a panel discussion at Financial Cryptography and Data Security 2009.

Citation: C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We’re So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados, Feb. 2009 (post-proceedings to appear, Springer LNCS).

Financial Cryptography & Data Security was held in Barbados recently. I have posted a few photos from the island on Flickr. Next year…. the Canary Islands!

Geek time (also known as Unix epoch time) is about to reach a cool milestone: 1234567890 seconds. Watch the fun at

http://coolepochcountdown.com/

Trust 2009

2nd International Conference on Trusted Computing:
Socioeconomic Strand

http://www.trust2009.org

6th – 8th April 2009
St. Hugh’s College, University of Oxford, UK

Building on the success of Trust 2008 (held in Villach, Austria, in March 2008), this conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself will have two main strands, one devoted to technical aspects and one devoted to the socioeconomic aspects of trusted computing.

This call for papers is for contributions to the socioeconomic strand. The conference solicits original papers on any aspect of the social and economic aspects of the design and application of trusted computing. Topics of interest include, but are not limited to:

* Usability and user perceptions of trustworthy systems and risk
* Effects of trustworthy systems upon user, corporate and governmental behaviour
* The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight
* The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
* Economic drivers for trustworthy systems
* Group and organisational behaviour with trustworthy systems
* The impact of trustworthy systems upon user autonomy, social capital and power relationships
* Cross-cultural definitions of trustworthiness
* Can systems be truly “trustworthy” without any capacity for moral reasoning?
* Trustworthy systems and precursors of trust such as honesty, benevolence, value similarity or competence
* Trustworthiness, regret and forgiveness
* Trustworthy systems as enhancements or constraints on government power
* The role of independence from vested interests as a driver of trust
* The game theory of trustworthy systems: prisoner’s dilemmas, chicken and other game theoretic concepts of trust, reputation and risk
* Experimental economics studies and their limitations in studying trustworthiness
* The interplay between privacy, Privacy Enhancing Technologies and trustworthiness
* Regulatory vs peer-produced trustworthiness, including reputation systems
* Global governance initiatives to manage trust

Submissions should take the form of extended abstracts, no more than two pages in length, which will be blind peer-reviewed by the Programme Committee.  Abstracts should include the main research question(s) addressed and methodologies employed, with up to five key citations. Do not include within the abstract any affiliations or information that would identify the authors. The submission deadline is 1st February 2009.

Please go to the submissions page and use the iChair system to submit your abstract:
https://www.isg.rhul.ac.uk/iChair/Trust2009-SE/index.php

Successful applicants will be asked to produce a short paper of 5,000 words to be presented at the conference.

Important Dates

Submission due: 1 Feb 2009
Notification: 1 Mar 2009
Conference: 6-8 April 2009

General Chair: Andrew Martin, Computer Laboratory, University of Oxford, UK
Programme Chair (socioeconomic strand): Ian Brown, Oxford Internet Institute, University of Oxford, UK

Programme Committee
Dr. Andrew A. Adams, Reading University, UK
Dr. Johann Cas, Austrian Academy of Science
Prof. Lorrie Faith Cranor, Carnegie-Mellon University, USA
Dr. William Drake, Graduate Institute of International Studies, Switzerland
Dr. Peter Gutmann, University of Auckland, New Zealand
Dr. Tristan Henderson, St Andrews University, UK
Dr. Adam Joinson, Bath University, UK
Eleni Kosta, Katholieke Universiteit Leuven, Belgium
Dr. Meryem Marzouki, French National Scientific Research Center (CNRS)
Dr. Tyler Moore, Harvard University, USA
Prof. John Mueller, Ohio State University, USA
Dr. Anne-Marie Oostveen, Oxford University, UK
Dr. Andrew Patrick, National Research Council, Canada
Prof. Jonathan Zittrain, Harvard University, USA

We have just made arrangements for Ross Anderson to give the SOUPS keynote address. I am very please to have him on the program. This is shaping up to be another wonderful conference. (July 23-25, 2008, Pittsburgh, PA)

SOUPS 2008

Ross Anderson is Professor of Security Engineering at Cambridge University. He is one of the founders of a vigorously-growing new discipline: the economics of information security. Many security failures can be traced to wrong incentives rather than technical errors, and the application of microeconomic theory has shed new light on many problems that were previously considered intractable. This work is particularly important for understanding auctions, fraud, and online liability. It is also giving insights into system safety and dependability, and into more traditional security problems of interest to law enforcement and the insurance industry.

I am giving another public talk on practical Internet security. This presentation will be focused on providing specific advice and demonstrations of tools that you can use.

Thursday, January 10, 2008
10:30 to noon

Building M-50, Auditorium
1200 Montreal Road
Ottawa, ON

Attendance is free-of-charge but prior registration is required. Please visit this link for instructions:

http://iit-iti.nrc-cnrc.gc.ca/colloq/0708/08-01-10_e.html

Abstract

It is not safe to connect to the Internet without first learning about security risks and solutions. This presentation offers practical advice on how to protect yourself when using the Internet. This presentation is designed for novice Internet users and people who want to keep up-to-date about security issues. Topics to be covered include:

• understanding the risks;

• developing a security strategy;

• connecting for the first time;

• what to do every day, week, month, and year;

• broadband and dial-up connections;

• hardware and software firewalls;

• anti-virus and anti-spyware solutions;

• free and low-cost security tools;

• updates and patches

• email issues;

• phishing, pharming, and social engineering;

• passwords and tokens;

• fraud and identity theft;

• understanding web encryption;

• safer Internet banking.

The examples and live demonstrations will focus on computers running
Microsoft Windows XP, but most of the advice can also be applied to Vista, MacOS, and Linux systems.