Thursday, March 27, 2008

Teaching our kids to fish

Ok, using this analogy on a blog where I’m commonly writing about “phishing” (where a stranger tricks people into giving up their private information) probably isn’t my brightest idea!

But … I’ll continue with the analogy anyhow.

We can give our kids fish for dinner tonight, or we can teach them to fish for a lifetime. OR – we can protect them online today while we’re with them, or we can teach them the skills they need to make good decisions while we’re not there!

I found a great resource a while back, and I’d like to share it. Netsmartz.gov seems to be the most up to date, kid friendly (and parent friendly) site that I’ve seen addressing the area of internet safety. Here’s an example of what is available


NSTeens - Terrible tEXt

Some teens say and do terrible things to each other online
because they don’t see the direct effects of their actions. So what should you
do if you’re cyberbullied? Watch the NSTeens
in their latest video, “Terrible tEXT,” about a
young girl who is troubled when a cyberbully sends mean text messages to her
cell phone at all hours of the day and night.
Visit NSTeens.org.

Wednesday, March 26, 2008

Full Service ScamWare!

this story is a good eye opener (well if it hasn't happened to you yet!
Spyware 'scammer' sued over PC pop-up invasion Channel Register

the company caused some people surfing the net to receive a torrent of pop-ups that advertised porn links and other sketchy sites ...With end users' nerves rattled by the mysterious pop-ups, the company would then send out a new batch of notifications that were designed to look like official Windows alerts. They warned that the computer was vulnerable to malware attacks and directed the end user to reduce the threat by installing one of the software titles.


As with anything else, know who it is you're buying from, and do a little research first. I use consumer search as a consolidated review page - it's a pretty easy read, and a great place to start. Looking at it today for spyware - I see Webroot, and Panda as their top two recommendations. that sounds about right!

Friday, March 21, 2008

Search engine for kids??

Here’s a question that was recently passed on to me –

Can anyone advise me on a good, safe internet search engine for kids?

Sure! Here’s a resource written by an expert in the field. I’ve used Danny Sullivan’s work many times when trying to figure out how to get Search Engines to find the website I’m working on! I figure if he knows how to make one find something, he’ll also know the ones that won’t find the things you don’t want.

Of the group, I like the sound of this one

Looksmart's Kids Directory
http://search.netnanny.com/?pi=nnh3&ch=kids

The Kids Directory is a listing of over 20,000 kid friendly websites that were hand picked by employees of Looksmart subsidiary Net Nanny and vetted for quality. Looksmart also offers a safe search of the entire web, using Net Nanny software to filter Wisenut search results, as well as a free toolbar that uses the same service.

Also, I’d recommend using the NetNanny software as a content filter. That way your computer will constantly verify the content about to be viewed meets up with the standards you established BEFORE jr. started browsing!

There are more extreme measure of computer monitoring, but for pre-teens, this should be sufficient.

Wednesday, March 19, 2008

Major flaw in State of Pennsylvania online voter registration

quickie!

I LOVE how the most conservative response to protecting against identity theft is to refer someone to a government site like this one from the FTC (which actually looks good!)

Of course *they* must know what to do right? Well, not if you're in Pennsylvania apparently

Major flaw in State of Pennsylvania online voter registration puts user data at risk

Tuesday, March 18, 2008

Front door policy: What about the Wii and Lego Star Wars?

I ran into someone who attended one of my lectures the other day, she told me the single thing that stood out to her the most was when I pointed out that most bad guys don’t pick your computer to attack, they’re invited in.

‘what do you mean?’

Well when you visit a website, and see a pop up window that says ‘ most computers are not properly protected, click here for a free virus scan’ they might be legit, then again, they might not be. By clicking ‘ok’ you’re giving the owner of that application permission to do something to your computer. It’s like a stranger knocking on your door and you letting them in, and then not watching them. Once the stranger has access to your home or computer, it’s up to them what they’ll touch – not you.

No one knows for sure where computer viruses, Trojans, or malware comes from. These days I’m reading more about it coming from the manufacturer pre-installed! But one thing is for sure, the more time spent on websites that you wouldn’t want your mom to see, the higher your chances are in getting infected.

My kids are getting to the age of independence and wanting to explore more online than just the websites I’ve found for them. They are good kids, so I really have no reason to be too concerned. But the other day when we were driving home from baseball practice my son tells me – ‘hey dad, guess what Bobby showed me today – he helped me find cheat codes for Lego Star Wars on the Wii!’

Ya gotta love the friends that have older siblings and just know more about the world.

I just ran a couple of searches on ‘wii cheats’ and found a TON of pages. I wasn’t really looking for the codes my found – I was looking for who ever else was using those pages as bait for kids! Using Google and McAfee Site Advisor I found most of the pages weren’t known hazards, but a few had been tagged as having excessive popups. (yellow) All in all, no biggie, but it was a nice ‘heads up!’ to me from him that there will be times when he innocently searches for something that may not be entirely safe!

Canceling CIC Triple Advantage: Get Your Money Back and Get Justice!

quickie - something to think about ...

a few months ago I went looking for equifax et al, to get a free credit report. Apparently their website with the word 'free' in it is not, and their website without it - is!

here's a good link if you've found yourself in the same bind
Canceling CIC Triple Advantage: Get Your Money Back and Get Justice!

Card data stolen from grocery chain

I haven't said much about identity theft lately, but it's still going on. Here's a story about a grocery store chain back east Hannaford that lost the NPI (non-public information) of 4.2 million of their clients.
"We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry," Ronald C. Hodge, president and CEO of Hannaford, said in a statement. "The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization."

Card data stolen from grocery chain

I find the presidents declaration that their data security is among "the strongest in the industry" interesting. He may be right. But considering what just happened, it's more a warning to the public that they have to watch over themselves than a comfort that Hannaford is a safe place.

Wednesday, March 12, 2008

Homeland Security bulletin

It's not often I get to cite something from the department of Homeland Security - but here's something related to what our government is doing relative to the threats from china etc.

Cyber Storm II National Cyber Exercise

I think it's a great idea - though if they really wanted to test their chops, I wouldn't go through existing corporate structures. There are much better and much scarier real world scenarios to try out!

1. the honeypot.org - this group is consistently floating 'user' credentials and priviate information out there for real bad guys to come get them. They work like 'Jim' in the Mutual of Omaha's Wild Kingdom. They tag data, so it can be tracked later.
2. the blackhat conventions -- this organization of white and blackhat hackers probably have the best resources to create a 'bad guy' squad.

Then again, when you've got pandoras box in your hand ... does it make sense for anyone to open it?

Thursday, March 6, 2008

U.S. military flags China cyber threat

quickie ...

U.S. military flags China cyber threat
The U.S. Department of Defense warned in an annual report released this
week that China continues to develop its abilities to wage war in cyberspace as
part of a doctrine of "non-contact" warfare.

Portable Data

Maybe you’ve seen the article – Stolen VA laptop caught in safety net. The Veterans Administration (VA) made several policy improvements after the news story of 5/22/06


The Veterans Affairs Department today revealed that personal, identifying data
for as many as 26 million American veterans was stolen from a VA employee's home
in May. The information is a list of all veterans who served in the military and
were discharged since 1975.
I’m really glad organizations are starting to understand that the reason portable devices were created were to allow for people to have access to their electronic date from more places than just their desktop! Of course once they’re out of the office they are more at risk, but that’s the nature of the beast of being portable.

So – what data do you carry around town? Names, phone numbers, birthdates on your phone? Email on a PDA? A personal laptop with Quicken?

Window’s Vista’s BitLocker or Apple’s FileVault are both steps in the right direction. With most security topics it’s like the old joke

Q. you and a friend are in the woods when a Grizzly Bear decides you look
like breakfast and starts to chase you! how fast do you need to
run?
A. Faster than your friend!

If you have implemented anything to prevent identity theft, you’ll be ahead of most people. Depending on the sophistication of your thief – it should be enough, but these products are not perfect.

A write up from the SANS institute on ‘cold boot’ In memory of hard disk encryption?
With the appropriate replies from the vendors 'Cold boot' - vendor reactions
PGP: press release
Utimaco: original link broken now, new press release
Mobile Armor: note and press release
Winmagic: support note
GuardianEdge: news article
Bitlocker: blog (protection) and technical explanation
Pointsec: advisory
Bitarmor: article and press release
Jetico: FAQ entry related to a new release to mitigate "coldboot" effects



ps. for those of you keeping score, yes - this area would be a new one that we haven't talked about before adding a new dimension to your personal threat profile. :)

Saturday, March 1, 2008

Beyond the 'normal' protection

I swear – the next blog I create and run will be a LOT happier topic than this one!

Here’s a sobering website from the family of Kristin Helms that sounds like they did all the normal right things related to internet safety to protect their daughter, and the story did not have a happy ending.

I found this site after reading the comments on the fairly positive sounding headline from computer world Child Internet Safety Task Force then I read the comments below the article.

My position on this tough issue is we need more from both sides. Parents absolutely are the first, second and third lines of defense, but Corporate America needs to be held accountable. Unfortunately there is a large gap of misunderstanding between lawyers and the law – and technologists and software. So it may be a very long time before a solution similar to checking a drivers license before letting a kid in a bar exists.

The words of Ronald Reagan are coming back to me now – “Trust, but verify”.

Train, educate, take all the right steps. Then take the steps you need to avoid the Helms family tragedy. You can log the key strokes of your computer – you can harden your computer such that the kids can’t work around your limitations – you can establish timers and use content filters … it’s just a matter of knowing you should be looking for them!