My friend Paul Mason sent me an article in late April about how cyber attacks are putting student data at risk. I read the article with interest, but couldn't help rolling my eyes throughout, as I know that what was reported in this article is only a tiny hint at the real problems in cyber security for universities. This isn't just a problem in Scotland. It's a problem for most -- for all I know, maybe all -- universities.
Let me start off by saying that leading the article with the huge volume of spam email and the potential malware in that email was a complete non-story. Your personal email has more spam than real mail. If you have decent spam filters, you are saved from most of that. If not, gods help you. I wouldn't want to see the Inbox of an unfiltered account.
Last night I watched the second half of a documentary about Richard Feynman on TV. It was great. He was such a character as well as a brilliant man. He's become a icon for science geeks of all stripes. Obviously, I loved the show.
Today, I decided to close down some open tabs in my browser, deciding what to read now, what to send to Pocket, and what to just close because I'd never get around to it anyway. The last tab left to be closed had the title, My Mother, The Scientist. Of course, I had to read that one.
Imagine my surprise when I realized that it was a post about Joan Feynman, Richard's little sister. Did you know that Richard Feynman's little sister is an astrophysicist? I didn't. Why didn't I know that?
Information security is serious business. It shouldn't be a political game for management to hold over people's heads in battle but ignored at all other times.
I've come to the conclusion that it must be. The way that the US and other governments prosecute computer related crimes makes no real sense. Look at the absurd level of pressure that was leveled against Aaron Swartz. Look at what happened to the founders of The Pirate Bay. Look at the punishment that Andrew ‘Weev’ Auernheimer just received. It's nuts. Completely nuts. There is no connection between the crimes and the punishments.
Weev is not a nice guy. He's an idiot and a jerk. He has been no Aaron Swartz, that's for darned sure, but he just got sentenced to 41 months in prison for doing something that didn't even break the security of AT&T. The Next Web describes his actions as being equivalent to pinging a server and having it tell you all its secrets. What Weev did was write a script that ran a program exactly as it was written to run. That's no more criminal than writing a web spider to find all the web pages on a single web server.
