Creativity games – such as those found in the Gamestorming book – can help teams generate fresh thinking, structure their ideas and make decisions about what to do next. They’re fun and high-energy and easy to understand and play.

In this session, Mark Dalgarno will take us through 3 games that will illustrate the concepts of idea generation, idea evaluation and prioritising areas for further investigation.

Mark is an agile coach and delivery manager. He’s used creativity games in his coaching and management work for around 10 years now with great success. Mark has mainly worked in the private sector with software teams but in the past few years has focussed on consulting in government. You can follow him on Twitter at @markdalgarno

Time: 4pm – 6pm
Location: Mezzanine café, Curzon Victoria, 58 Victoria Street, London, SW1E 6QW

How does teacamp work?
If you want to come to teacamp, just turn up on the day, it is open to everyone. It is in the corner of the cafe and very informal and friendly. If you are coming for the first time or on your own, ask for Jane, Ian or Sarah and we will introduce you to some teacampers.

4.00 – 4.30pm:  free tea and cake, kindly provided by @thedxw
4.30 – 4.40pm:  introductions and you can plug any events, projects, etc
4.40 – 5.10pm:  speakers slot
5.10 – 6.00pm:  Q&A, group discussion
6.00pm: #beercamp in nearest pub, often led by @baskers….

Contact info
@teacamplondon Jane O’Loughlin
@_ianw  Ian Dow-Wright
@baskers Sarah Baskerville

This month we are joined by Rose Rees Jones. Rose is a user researcher of public sector services. Across a range of public sector projects she has focused user research to be lean and quick to action.

User research makes digital services, not 100 page reports. Rose’s talk will explain how to move from research describing problems to solving them by giving five tips on how to analyse and communicate findings so that digital teams can act on them.

Time: 4pm – 6pm
Location: Mezzanine café, Curzon Victoria, 58 Victoria Street, London, SW1E 6QW

How does teacamp work?
If you want to come to teacamp, just turn up on the day, it is open to everyone. It is in the corner of the cafe and very informal and friendly. If you are coming for the first time or on your own, ask for Jane, Ian or Sarah and we will introduce you to some teacampers.

4.00 – 4.30pm:  free tea and cake, kindly provided by @thedxw
4.30 – 4.40pm:  introductions and you can plug any events, projects, etc
4.40 – 5.10pm:  speakers slot
5.10 – 6.00pm:  Q&A, group discussion
6.00pm: #beercamp in nearest pub, often led by @baskers….

Contact info
@teacamplondon Jane O’Loughlin
@_ianw  Ian Dow-Wright
@baskers Sarah Baskerville

We have no speakers this month but we’d love you to come along and let us know what you’d like to hear about at teacamp this year. If you have suggestions, you’d like to volunteer a talk or you’d just like to be involved come and join us.

Time: 4pm – 6pm
Location: Mezzanine café, Curzon Victoria, 58 Victoria Street, London, SW1E 6QW

How does teacamp work?
If you want to come to teacamp, just turn up on the day, it is open to everyone. It is in the corner of the cafe and very informal and friendly. If you are coming for the first time or on your own, ask for Jane, Ian or Sarah and we will introduce you to some teacampers.

4.00 – 4.30pm:  free tea and cake, kindly provided by @thedxw
4.30 – 4.40pm:  introductions and you can plug any events, projects, etc
4.40 – 5.10pm:  speakers slot
5.10 – 6.00pm:  Q&A, group discussion
6.00pm: #beercamp in nearest pub, often led by @baskers….

Contact info
@teacamplondon Jane O’Loughlin
@_ianw  Ian Dow-Wright
@baskers Sarah Baskerville

Lucinda Blaser will be joining us to talk about the work she’s been doing with the House of Commons:-

“Some people think that they can only get involved in politics at election time. Many don’t think that they have the relevant experience or knowledge to take part in debates with MPS. Through the development of digital debates, the House of Commons Digital Outreach team are trying to help people be aware of what is happening in Parliament and that there are opportunities whey they have the experience and knowledge to confidently participate and have their voices heard on issues that affect their lives.

The Digital Outreach Team are trialling getting the public involved with Westminster Hall debates and getting their thoughts and opinions heard by MPs taking part in the debate. As a result I would love to hear your thoughts, opinions, suggestions on how to make this trial a success.”

Time: 4pm – 6pm
Location: Café Zest, 2nd floor House of Fraser, 101 Victoria St London SW1E 6QX.

(The postcode will take you south of the river so it’s probably best to search for “House of Fraser Victoria” on google maps)

How does teacamp work?
If you want to come to teacamp, just turn up on the day, it is open to everyone. It is in the corner of the cafe and very informal and friendly. If you are coming for the first time or on your own, ask for Jane, Ian or Sarah and we will introduce you to some teacampers.

4.00 – 4.30pm:  free tea and cake, kindly provided by @thedxw
4.30 – 4.40pm:  introductions and you can plug any events, projects, etc
4.40 – 5.10pm:  speakers slot
5.10 – 6.00pm:  Q&A, group discussion
6.00pm: #beercamp in nearest pub, often led by @baskers….

Contact info
@teacamplondon Jane O’Loughlin
@_ianw  Ian Dow-Wright
@baskers Sarah Baskerville

We hope you can brave the (potential) tube strike to join us on the 6th August for a Security themed #teacamp. We’ll be joined by everyone’s favourite whitehat hackers Glyn Wintle and Terence Eden (and maybe some of their peers). They’ll be talking about security, common exploits, passwords and other related themes.

It will definitely be an enlightening and entertaining session so you should bring some friends along to spread the importance of security. Plus there will be free tea and cake provided by dxw!

Time: 4pm – 6pm
Location: Café Zest, 2nd floor House of Fraser, 101 Victoria St London SW1E 6QX.

How does teacamp work?
If you want to come to teacamp, just turn up on the day, it is open to everyone. It is in the corner of the cafe and very informal and friendly. If you are coming for the first time or on your own, ask for Jane, Ian or Sarah and we will introduce you to some teacampers.

4.00 – 4.30pm:  free tea and cake, kindly provided by @thedxw
4.30 – 4.40pm:  introductions and you can plug any events, projects, etc
4.40 – 5.10pm:  speakers slot
5.10 – 6.00pm:  Q&A, group discussion
6.00pm: #beercamp in nearest pub, often led by @baskers….

Contact info
@teacamplondon Jane O’Loughlin
@_ianw  Ian Dow-Wright
@baskers Sarah Baskerville

Summary of the talks

Terence Eden’s talk focused on WordPress, which accounts for something over 23% of the top 10 million websites (according to Wikipedia) and is widely used in government. There have been a number of well-known WordPress hacks, but the system is reasonably secure if a couple of conditions are met:

• Users select good passwords (a common, recurring problem that is difficult to fix even if we use a password manager to generate random passwords and assign them to users – either the users will change them to something easier (which stereotypically winds up with a high percentage using very insecure choices like “password”) OR they will forget them and we will have to deal constantly with issuing new ones.
• The site owner implements two-factor authentication. That means that when users log in they would be required to, for example, type in a code sent to their phones. Users typically find this inconvenient.
• Both WordPress and any plug-ins that are installed are kept rigorously up to date.

Eden went on to demonstrate the kinds of issues that arise when these conditions are not met. Because WordPress is in such widespread use, it is a high-value target for hackers looking for vulnerabilities, and any vulnerabilities that are found are rapidly exploited to hack sites.

Using Google to search, type in the string: “rolex site:gov.uk” or “viagra site:gov.uk“.

Doing either will turn up myriad links to pages on government sites that are being used to sell dodgy goods like fake Rolexes or Viagra. Many that show up in such a Google search have already been fixed.

Eden went on to demonstrate inserting his own content into an abandoned NHS breast milk site. That is a particular danger for consumers, because anything sold on such a site appears to have the full support of the organization that owns the site.

Because departments are so frequently reorganized, it’s quite common for sites to get lost in the shuffle. An important aspect of security, therefore, is ensuring that such sites are either handed over or decommissioned.

Glyn Wintle gave two talks.

The first, on passwords, discussed a number of well-known problems. The first is that people tend to think in similar ways and choose passwords that are easily guessed. Despite years of user education, the most commonly used password is still “password”. The typical response is to restrict password design: one letter must be a capital, one character must be a number. That gets you: “Password1”. If you add enough restrictions, you wind up with passwords no one can remember and users write them down. Rotation policies often also work out well for attackers because many users implement them by simply incrementing the number at the end of the password or use the date of the change (which is usually at highly predictable intervals). This allows attackers to predict the new passwords with great accuracy.

Other commonly used passwords and patterns in Wintle’s experience include:

• personal secrets. Bear in mind that any password you choose may have to be disclosed to a support person at some point.
• “I love”
• “I hate”
• “I want to have sex with”

“Special characters” are almost always ., !, or *.

Wintle noted it’s often possible to tell from passwords how users feel about their job. Also popular: train stations, football clubs, and the names or usage of the sites where passwords are used (something we know from a theft of 2 million inadequately encrypted passwords from LinkedIn). The strategy suggested by the famous XKCD comic is good advice, but don’t use the password they demonstrate.

For content management systems there are two solutions: two-factor authentication (which, as noted, users don’t like), or reduce the risk by reducing the number of privileged users.

Wintle’s second talk was on how to read a penetration test report.

The report should always be provided in writing so it can be shared, shown to whomever needs to see it, and checked up on later.

The front page should be largely boring details.

Next should come the scope of the test, which should be reviewed thoroughly to ensure it’s correct.

Next is an executive summary that should be written in completely non-technical language and explain what attackers can do.

Next, the report will have a CVSS table of scores. People often use these to prioritize what to fix by choosing a threshold and deciding not to fix anything below it. This is not, however, what these scores are for. Decisions should instead be guided by the executive summary: does what the attacker can do affect something that matters?

Finally, the report will have a list of vulnerabilities in detail. While much of this will be technical, it can be useful for checking up on suppliers – for example, if the report says something can be fixed by changing one line of code in a configuration file and the supplier claims it will take three weeks’ work to remediate.

Summary by Wendy M. Grossman