Monthly Archives: February 2014

Plagiarism: everything you should already know

Here are some things worth knowing about plagiarism:

The term ‘plagiarism’ refers to representing something you’ve written as original when it is in fact not.

Things that require citation include quotes, ideas, summaries, illustrations, and photographs.

When copying an exact phrase, sentence, or block of text from a source it’s not enough to cite it (and by that I mean including a link to your source or a mention of the author’s name in parentheses.) You must enclose the copied text in quotes to avoid plagiarizing the work.

It is possible to plagiarize yourself. Since plagiarism refers to misrepresenting something as wholly original, even using your own previous writing in a new paper will get you in trouble.

Plagiarism is illegal. Youngstown State University’s ‘Plagiarism FAQ‘ does a great job of discussing how different organizations approach the legalities of plagiarism, but the bottom line is that you could face both fines and jail time for plagiarism.

This is a big problem in education due to the ease with which students can copy material from electronic sources into their work, and the matter is not helped by the fact that many students are simply unclear on what this academic integrity stuff is all about. If you are a student who faces the problem of figuring out how to manage external sources for your papers the least you need to know is that it is incredibly easy to get caught. Services such as TurnItIn provide faculty with an automated means for precisely examining the authenticity of papers submitted for a class.

Here is a bit of information about the state of plagiarism today according to TurnItIn:

Plagiarism in Education

If you’re in one of my classes, don’t do it.  I hate to fail you for any reason at all, but the seriousness of plagiarism means each school with which I work has strict policies on handling it.  Failing an assignment is the least of the consequences you will face.

Mobile device security policies

I recently ran into a situation at work where a colleague of mine was traveling overseas and lost her iPhone. After the initial ‘oh crap what would I have done?’ reaction to this scenario I got thinking about the implications of mobile devices and information security. This doesn’t require a very high level of training in IT security to think through. Someone who has your phone in hand probably has access to:

  • Your contact information and the contact information of everyone you call or text
  • Your photos and personal experiences
  • Some browsing history
  • Your music
  • Your ability to purchase things through either the iTunes store or Google Play
  • Saved credential -based access to<
  • websites you frequent from your phone

How much of this would you be willing to give away?

Many people scoff at this loss since they have already wisely configured a passcode to prevent unauthorized use of their phone. This is great for keeping your nephew away from Angry Birds, but several methods exist for bypassing passcodes, depending on your model and operating system version. Dedicated phone intruders could skip these junior high approaches, however, and jump right in with tools designed for digital forensics like enCase or Sleuthkit.

By the way, if you think in terms of a hardcore attack of your iPhone data, keep in mind the possibility of someone attacking your iTunes backup of your phone, stored on the local disk of your computer. Even if you chose to encrypt that backup, it’s subject to brute force attacks. And it contains pretty much every single thing your phone holds. I happened to find someone’s paper on attacking mobile device backups and mobile devices themselves pretty easily on the web. Check it out at SMU.


Protecting a mobile device once it has been left behind in a taxi is pretty tough, so how should we protect ourselves in advance of this? Obviously using a passcode and encrypting things where we can is the bare minimum, but a broad mobile device policy seems to be the smart thing. This policy ought to include the following components:

To whom does the policy apply and under what criteria? (Are iPads included? Surface tablets?)
How is the mobile device provisioned under the policy? (Are technical policies pushed from a central resource? Is the device documented in inventory?)
What are acceptable uses of the device?
Under what conditions will the device be excluded from the policy?
What actions need to be taken in the event of a lost device?
What actions need to be taken when the device is de-commissioned?

The SANS Reading Room is one of my favorite places to go for academic discussions of stuff like this, and I was able to quickly find a paper there on the subject of mobile device policies in corporate environments. This is a very practical discussion of all the moving parts of such a policy, and does a great job of outlining the vocabulary and the process of getting something of this rolling. Nice work, Nicholas.