My report from UK GovCamp 2013
First session was on Open Data.
The room was full of people like me passionate about Open Data. We nearly all felt that councils should take the lead and publish more Open Data We should try more to promote the use of Open Data and the benefits it brings to the community but we acknowledge that it is never high of councils priority list. Except in cases where legislation forces councils to publish Open Data. It is a pity that this is the only time the councils really take Open Data seriously.
How to Hack into a Government Website
A very intriguing title for a gov camp session. Talked about the security around networks and systems. First of all the issue of passwords was discussed.
No matter how robust an organisations password system is, bad password choice by users would still create holes within the security system. If you want to hack into a government system that the password system is an early port of call.
The presenters were amazed about the number of times that they came across the word password being used as a password. Some organisations insist on a capital letter being used in a password as well as lower case. In the majority of times the user will make the first letter of the password the capital letter. Some organisations insist on a number being in the password. For this the majority of users will add these digits to the end of the password and in 30% of cases they will add the number 1. If a special character is required this is most often an exclamation mark added to the end of the password. The more rules to add the more likely it is that users will create complicated passwords and then write them down and stick them under their keyboard or around their desk somewhere.
13% of passwords have 6 characters
17% have 7 characters
21% have 8 characters
16% have 9 characters
13% have 10 characters
Meaning that 80% of passwords are between 6 and 10 characters.
There is a temptation to add system names to passwords to obey the different passwords to different system e.g. Passwordtwitter, PasswordYammer, FacebookPassword etc. This should be discouraged as once you know the format you'll be able to access all that persons systems.
Also the use of names are common. Wives, Girlfriends, Lovers, Secretaries names being the most common. Research has shown that where a man has a name as a password in 80% of cases that name is female.
Going back to the use of digits. Whilst 30% will use the number 1 other popular variations would be persons age when setting up the password, their house number, Office room number etc If a 4 digit number is required then most popular choice would be either 19xx or 20xx.
Password good practice should be implemented from the day someone starts in the office and that security should be part of the induction process. An example was given of a US organisation which ran a competition to see who could break into their system the quickest. It was won one year by a guy who called IT helpdesk and got through to someone who had just started that day. He told the called that as he just started he might not be able to help, to which the caller replied. Don’t worry, I think you are the perfect person to help me..
One side issue about the helpdesk was mentioned in that in so many organisations one call to the helpdesk can get someone’s password reset without any cheking as to who the caller is. The helpdesk will even give the caller the new password.
Cross Site Scripting and SQL injection
These were also mentioned but these deserve a whole blog posting to themelves.
Wordpress was initially released in 2003 and its current version, version 3 has been reported to have been downloaded over 65 million times. Initially it was a blogging tool but now it is claimed to be more of a CMS. I attended this session to learn more about Wordpress. I use blogger.com for my blogs but I’m not happy with their stats package. Looking around the web and looking at my twitter friends blogs I see that many use Wordpress. Indeed the @weeklyblogclub which I support with my own blogs, use Wordpress for their site.
The hosts of the session were experts on Wordpress and it seemed that a lot of the attendees were at the same level as myself. Though there were some there that seemed to be experienced users of Wordpress and praised the software. The basic Wordpress software can be downloaded free of charge from their site main site wordpress.com but it’s main advantage is the over 1,700 themes and nearly 25,000 plugins that are also free to download from Wordpress.org. These have been written by other Wordpress users. A question was asked on how to know which plug-in were safe and which were not. The hosts of the session advised that it states on each plug in it shows the number of times each has been downloaded and users give a rating on each one. They suggested that you can be confident that those with high download figures and a high rating would be the best to use.
I had no idea at the time on how many themes or plug ins were available otherwise I would have seeked advise on how to search through the huge list to find the right plug in to use.
Had a small chat afterwards with someone from Department for Environment Food and Rural Affairs (DEFRA) who use Wordpress for their site. They use it as a more fully fledged CMS. This is something that I am defiantly going to explore further.
The final session of the day was hosted by someone who I have got to know very well on Twitter after meeting him at last years UK Gov Camp. Since then Andy Mabbett has received the (well deserved) honour of being awarded a Fellowship of the Royal Society of the Arts for his work in the fields of Open Data, Wikipedia and Social Media. So who better to give a talk on Wikipedia.
I first created an account on Wikipedia back in September 2004 and have made hundreds of changes to the site since then, created some pages, added some photos to Wikipedia commons etc but nothing to the extent of Andy.
He talked about the time he spends being Wikipedia in residence at various museums, art galleries etc around the country. He talked about the time that he (and others) spent in Monmouthshire creating Wikipedia articles about the area and adding QR codes around the place to make it easy for people to access those articles via their smart phone. This really helped visitors get more from their visit to the area. It must also have been incredibility interesting for them to do such work and learn about that area. This is something that all councils, art galleries, museums can do. Editing Wikipedia is free and creating QR codes is free.
I also quizzed Andy about how I could use Wikipedia to help with my Historic Churches of Great Britain website and he gave me valuable help with this. Pointing to the many articles on churches on Wikipedia and we talked about the photographs on Wikipedia commons that are licensed for re-use by anybody under the creative commons licence. Since then I too have added to the collection of photographs on Wikipedia commons.
I was truly inspired by this sessions and feel that despite its detractors Wikipedia is a valuable tool.