The KRACK Attacks and Libraries

By Galen Charlton Earlier this week Mathy Vanhoef of the imec-DistriNet research group at the Katholieke Universiteit Leuven announced his discovery of a set of related vulnerabilities in WPA2, a protocol used to encrypt communications over wireless networks. KRACK, as Vanhoef dubbed the vulnerability, expands to Key Reinstallation Attacks. The vulnerability exploited by KRACK lies with how Wi-Fi devices set up keys for encrypted...

Read More

Data Exchange and the Art of Iterating Security Checkups

By Galen Charlton One trope of data security discussions envisions a perfectly secure database as one that exists on a computer that is turned off, encased in concrete underground, and under the supervision of a very cranky cat who refuses all visitors. The flaw in this vision is clear: a database that can never be queried is of little use. Assuming that the database should exist in the first place — and that’s an assumption that bears...

Read More

Privacy News and Views, April 22-28

Choose Privacy Week, May 1 – 7, 2017 Let’s Get Practical for Choose Privacy Week Join the librarians who are getting practical for #ChoosePrivacy Week to improve #privacy protections for their users. Libraries and Privacy Literacy How to protect patrons’ digital privacy | American Libraries 4 critical points to consider when receiving cybersecurity and privacy advice | TechRepublic “One of the findings of particular interest is...

Read More

Choose Privacy Week 2017 Webinar: Learn Practical Privacy Practices on April 13

Defending patron privacy in the library means more than advocating against the PATRIOT Act; it also requires a commitment to utilizing practical privacy tools and tactics that secure patron data and help counter unwanted online data collection.  Learn more about these tools and tactics during the 2017 Choose Privacy Week webinar, Practical Privacy Practices, which will take place on Thursday, April 13, 2013 at 2:00 p.m. Eastern/1:00 p.m....

Read More

How Libraries Can Respond to the Repeal of the FCC Privacy Rules

by Deborah Caldwell-Stone and Michael Robinson This week Congress, voting along party lines, passed a resolution that repealed the groundbreaking privacy rules adopted by the Federal Communications Commission last October under the Obama administration.  The new rules would have required ISPs to adopt fair information privacy practices in regards to their customers’ data, including a requirement that the ISP obtain affirmative...

Read More

Almost, but not too late to tell @SpeakerRyan to #StopCISA

by Adam Eisgrau Managing Director, ALA Office of Government Relations Cross-posted from District Dispatch Loyal District Dispatch readers know that, literally for years, ALA and a strong coalition of groups and companies from across the political spectrum have been fighting privacy-unfriendly “cybersecurity,” aka “information” sharing, legislation most recently unveiled as the Cybersecurity Information Sharing Act (S. 754). CISA was...

Read More