Alienation  

A hypothetical example to help technical communicators think through ethical issues in the workplace (before they occur in real life).

Bryan, John G. Intercom (2003). Articles>Workplace>Ethics>Security

Asking for Usernames and Passwords on the Web  

The Web has moved beyond purely open content available to all. We now want to use it to collect and provide information that we want to restrict in some way – to members, or to staff, or because it is sensitive or personal data. One common method of restricting access is to ask users to enter username and password. Even this simple combination can be a source of annoyance and frustration to users but it does not have to be. This paper compares options for setting up and maintaining usernames and passwords, and also shows how to design a screen so that users are guided easily to the correct choices.

Miller, Sarah and Caroline Jarrett. STC Proceedings (2002). Design>Web Design>Security

"Backing Up" Doesn't Mean Retreating

Recently, several friends and colleagues have lost important files as a result of viruses, power failures, computer crashes, and miscellaneous other disasters that accompany working with computers. Each person could have minimized the consequences if they had developed and rigorously followed a simple backup strategy for their data. The fact that this happened to experienced computer users in each case leads me to believe that data loss is symptomatic of a broader problem: As technical communicators, our tight focus on documenting how to use a product sometimes makes us forget to document the consequences of using the product.

Hart, Geoffrey J.S. TECHWR-L (2006). Articles>Technology>Security

Community Creators, Secure Your Code!

Don’t be like MySpace. Protect your community site from malicious cross-site scripting attacks.

Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax

Community Creators, Secure Your Code! Part II

In part one of this two-part series, we discussed the threat of cross-site scripting in general terms and introduced a number of important security concepts. In part two, we’ll take a more in-depth, hands-on approach: How does an attacker actually exploit the weaknesses found? How can you protect yourself? For reasons of length, we’ll limit our discussion to two specific, representative examples.

Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax

Dangers of Personal Blogging

Bloggers who recklessly gush all types of personal details in their blogs may regret it. Stalkers, child predators, identity theft criminals, fanatics, and others are seeking photos and names of children, home addresses, home phone numbers, etc. Learn about the Dark Side of blogging and be smart.

Streight, Steven. Blogger.com (2005). Articles>Writing>Security>Blogging

Datensicherung und Archivierung

Many computer users ignore the risk of data loss - until it is th late: Imporant Data have vanished. Who then desperately seeks advice in any of my mailing lists might get my try answer: "Simply restore from your last backup." OK, I do confess: This might contribute to a nervous break down. So better be prepared!

von Obert, Alexander. Techwriter.de (2003). (German) Articles>Computing>Workflow>Security

Encryption Basics Decrypted

Most people sending e-mail nowadays take no steps to prevent their messages from being intercepted. That's fine for many types of messages, but just as there are written messages that you wouldn't want to put on a postcard and would prefer to have protected by an envelope, there's a need for encryption in electronic communication. Besides, encryption can do more than keep things secret. The concepts on which encryption is based can be difficult, and most of the complication is handled behind the scenes by software. Nevertheless, it's useful to have a general understanding of how encryption works. Encryption software (often part of a Web browser or server, e-mail client, or other program) is built around the use of a special number, called a key, to convert information into a form that can be read only by someone who has the key needed to decrypt it.

Ivey, Keith C. Editorial Eye, The (1997). Articles>Writing>Email>Security

Encryption Tutorial

Dishes up the why and how of real-life data encryption, covering PGP and GnuPG, and using PHP and the mcrypt and mhash libraries.

Meloni, Julie. Webmonkey (2000). Design>Web Design>Security>PHP

Good Times, Bad Times

The first 'macro viruses' attached to Microsoft Word documents emerged within weeks after Office 97 was released, and sounded the warning that a new era was upon us.

Hart, Geoffrey J.S. Geoff-Hart.com (1999). Articles>Computing>Security>Viruses

Hard Passwords Made Easy

In this article, I’ll discuss how to create a strong password, and how to keep track of all your strong passwords, if you have a definite need to keep more than a couple. Don't bother creating and remembering strong passwords for low value systems, and certainly don’t use the same passwords for low value systems that you use in high value systems.

Locke, John. Free Software Magazine (2005). Articles>Software>Security

How Safe is the Data on Your Hard Disk?

As a technical writer with above average organizational skill, you likely already keep your files in nice little subdirectories in logical little groups -- User's Guide illustrations here, research notes there, stuff for the service manual over yonder. But what if, in an instant, your files were all taken out of their subdirectories and put in one big directory? Could you distinguish one file from the other without opening them up? You can only assume that files with identical names disappeared.

Varney, Gord. Boston Broadside (1991). Articles>Technology>Security

httplib2: HTTP Persistence and Authentication

In this latest Restful Web column, Joe Gregorio explains HTTP persistent connections, pipelining, and the sad state of HTTP authentication.

Gregorio, Joe. XML.com (2006). Articles>Web Design>XML>Security

The Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web

A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia. This document examines a number of potential solutions that allow systems to test for human users while preserving access by users with disabilities.

W3C (2005). Design>Web Design>Accessibility>Security

An Introduction to Cookies   

Put simply, cookies are 'caller ID for the 'Net.' They store small pieces of text in your browser and can only be retrieved by the site that stored them in the first place. Although many sites use cookies only for user identification, others developing CD or standalone help and courseware recognize the cookie's ability to imitate server behavior by generating dynamic HTML content.

Nelson, Mark. STC Proceedings (2003). Design>Web Design>Security

Introduction to Web Security

Computer security is a give and take situation. You can never be safe so long as you offer services. However, without offering services you may as well not have the computer in the first place. Thus, security becomes more about acceptable risk and emergency recovery than impregnability. It is your job to make sure that the cons of a break have far less impact than the pros of having a web site.

Extropia. Design>Web Design>Security

iScribe - Information Security Documentation

A blog on documentation requirements of the InfoSec domain, security implications of documentation technologies, tools and practices, and the information security perspective on information standards with occassional blurbs of the writer's views and lessons in technical communication.

Jithra, Khushbu. iScribe (2006). Resources>Documentation>Security>Blogs

Mask Your Web Server for Enhanced Security

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version.

Lima, Joe and Thomas Powell. evolt (2005). Articles>Web Design>Security

Minimal-Feedback Hints for Remembering Passwords

Passwords are a widely used mechanism for user authentication and are thus critical to the security of many systems. Strong passwords (e.g., b5j#Kv!8N) are less vulnerable to attack but at the same time more difficult to remember. Minimal-feedback hints are introduced to support users in remembering their passwords and thereby enabling them to choose stronger passwords.

Hertzum, Morten. uiGarden (2006). Design>Web Design>User Interface>Security

The New Digital Divide

Five years ago, having access to the Internet and a healthy computer required quite a low level of knowledge. Now, you need a veritable technology armory to stand any hope of staying safe.

Usability by Design (2005). Articles>Usability>Security

Password Security: What Users Know and What They Actually Do

This study investigated the common password generation practices of online users. Three hundred and fifteen undergraduate and graduate students completed a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information. Results indicate that, in general, users do not vary the complexity of passwords depending on the nature of the site (bank account vs. instant messenger) or change their passwords on any regular basis if it is not required by the site. Users report using lower case letters, numbers or digits, personally meaningful numbers and personally meaningful words when creating passwords, despite the fact that they realize that these methods may not be the most secure.

Riley, Shannon. Usability News (2006). Articles>Usability>Security

Password Usability

Poor password usability can ruin your web registration process. While passwords are a painful fact of life, there are ways to minimize the problems that users face. This article contains suggestions on how to best collect passwords during the registration process, and it will help you determine if you should allow users to save their passwords.

Ledwell, Joshua. WebWord (2001). Design>Web Design>Usability>Security

PHP Login System with Admin Features

I have written and am presenting here a complete Login System that can be easily integrated into any website.

evolt (2005). Articles>Web Design>Security

Protecting Yourself Against Viruses and Hackers  

Discusses how business owners can protect themselves from computer viruses and hackers. The article includes a sidebar listing anti-virus resources.

Fugate, Alice E. Intercom (2002). Articles>Technology>Security>Viruses