Do you know what your children are up to online?


As I was reading the news today, the headline “Predatory woman scams boys” grabbed the immediate attention. Here we have a woman with a fake identity chatting up boys with the hormones raging through their systems in order to obtain sensitive information like credit card details. Police confirmed that there was a groping side to her activities. (Read the article here >>>)


While it is great that children are able to be connected through sites such as Facebook I am also convinced that parents have an important role to play in keeping our youngsters safe. I know for a fact that there are several children that are between 6 and 10 that already have their own Facebook profile, despite all the age restrictions. My own boys come home and want a Facebook profile because “everyone else in my class has one.” Once children seemed happy with sites like “club penguin” specifically designed for our young ones and others like that. But no, they need a Facebook page. I will not go into the question whether or not a parent should allow their kid to break age restrictions, as the same would apply to movies, tv programmes, computer games and more. What I do think is that in all this, as parents we have a responsibility to keep an eye on what your kids are doing. I admit that it becomes harder and harder, with mobile and smart phones at every decreasing ages, bit it does not seem to make sense to just let our children go out there unattended, unprotected and basically left to their own devices.

The news story confirmed such a viewpoint:

“It comes down to parents knowing what their children are doing on Facebook and who they are talking to,” he said.

NetSafe executive director Martin Cocker said it was a rare case.

“It is fairly uncommon for an adult female to groom and scam teenage boys. More effective scammers understand the needs of the victim and play on those. With teenage boys, they want to be liked by teenage girls, so that makes it a target,” he said.

Parents should make sure children were aware that scammers operated online, he said.

I previously posted on similar subject matter:

Here are tips to enhance your safety and more importantly that of your child:

  • Most importantly be open and make sure your child can talk with you, make sure it knows it is being loved
  • Be clear in the agreements with your child in what is and what is not allowed and what to do in case of an incident
  • Explain the risks of online sexual solicitation and the risk of talking to strangers
  • Discuss the risks of meeting face to face and be very cautious about it
    • Do some checks first before you give your ok
    • Make sure meetings if any are in public places
    • Make sure that you know where your children are
  • Teach your children to be very careful with sending and posting personal information
  • Install firewall, filtering software, anti spy ware, anti virus software and monitor what is going on on the internet
  • Be open about that and discuss your worries
  • Encrypt wireless networks at home
  • Discourage downloading games and other media that could contain undesired content
  • Supervise contacts and friends the same way as in real life
  • Monitor on line activity of your children regularly
  • Set security settings high of your software (windows, browser and email) high
  • Understand and approve used screen names and ensure they don’t guve away too much private details
  • Make sure that children post only what they and you are comfortable with when others see it
  • Discuss the need of posting a photo in profiles
  • Discuss that flirting with strangers can be risky and even dangerous
  • Trust your gut feeling if you are suspicious or uncomfortable
  • Report suspected behavior
    Read the rest of the post here >>>

Besides that I recommend you reread my 85 tips for staying safe online here >>>. In relation to social networking and child safety I posted the following tips

SOCIAL WEB

  1. You don’t need to use you real name at all times, nicknames are an accepted practice and can help protecting your privacy for instance in chat rooms and on forums and newsgroups. Consider using a web based email address (www.gmail.comwww.hotmail.com etc).
  2. Think carefully before giving out personal information during IM, in chat rooms, newsgroups etc. You don’t always (very often if not always) know who you are talking to.
  3. Remember that people can change their identity or lie about who they really are.
  4. If you want to meet someone you met in a chat room in person, talk on the phone first, meet in a public place and let someone else know what you are doing.
  5. Be careful what you post on your profile at for instance myspace, facebook, hi5, hyves, and consider your privacy options.
  6. If your sharing photos online, check the meta data you are sending out and if necessary remove it. Depending on the camera you used there could be private information on there you may not want to share.
  7. Bloggers and tweeters, keep in mind that people have gotten in trouble about what they post with third parties and employers. Think before you hit the publish button or consider blogging anonymously.

KEEPING THE KIDS SAFE

  1. Place the computer where you can see it.
  2. Set clear rules, which may include time spent online and what is and is not allowed online. Punishing inappropriate behavior afterward. may not be the best solution if there were no clear rules upfront. Banning your child from the net may lead to them finding ways to access the internet out of sight and your control (at a friend’s place, the library an internet cafe).
  3. Make sure you know the password of your children so you can check what they have been doing and where they have been.
  4. Don’t scare your children away from the net and explain that like in the real world there are some fruit loops out there that they may run into.
  5. Take an interest in your child’s activities online, even if you don’t feel confident about your own abilities, encourage them to open communication.
  6. Encourage your child to report anything out of the ordinary or unpleasant they encounter online an be seen to follow up on it.
  7. Do not be intimidated by technology, ASK IF YOU DON’T UNDERSTAND. The dumbest question is the one not asked.
  8. Don’t overreact. Not every incident is as serious as it may appear. Try to determine if incidents are of an isolated, coincidental nature and best to be ignored or a signal of potential trouble that needs closer monitoring. (Keep the communication open see 5.)
  9. Keep credit cards away / out of reach of your children, you could end up with unpleasant surprises.
  10. Check whether any chat rooms your children use are moderated (for instance the Penquin Club). This means that the site has arrenged for someone overlooking the chat sessions and throw anyone out that is a nuisance.
  11. Discourage your kids from having one-on-one conversations as opposed to addressing the complete chat room.
  12. Instant messaging = one-on-one and if you find your child doing that, make sure you know who the person on the other side is. Preferably allow this only with people they and you know.
  13. Consider installing a content filtering system or join with an ISP that tries to filter websites. Remember that there are no 100% fail safe systems so don’t get complacent or a false sense of security.
  14. If possible check your child’s surf history and keep in mind that computer savvy kids may be able to get rid of what they don’t want you to see. If you are of a paranoid nature, consider having all your child’s email coming through an email address under your control.
  15. Don’t think children are just curious about sex and porn, there is a wealth of stuff out there that will be interesting to the explorative youngster including things such as drugs, hacking an cracking, illegal downloading, and even things like making bombs.
  16. Don’t isolate talks with your children from the rest of life, it is all part of the same bigger picture of safety in general.
  17. The internet may be able to assist your child in learning about a lot of things including life but IT CAN NOT BE A REPLACEMENT FOR PARENTAL GUIDANCE.
  18. Don’t automatically assume that inappropriate behaviour is your child’s fault. Building trust and confidence may well be more constructive.
  19. Keep yourself informed about what is going on on the net.
  20. Don’t forget that mobile phones may have internet access as well. If your child has a mobile, make sure you set similarly clear ground rules.

Stay safe everybody

JOHN JOINS THE TEAM AT IRS, ROTTERDAM, NETHERLANDS





I am pleased to advise that as per 7 September 2009 I have started work at IR}S as a Senior Consultant.

IRS is an initiative of recognized top specialists in the area of integrity, security, forensic investigations, compliance, IT-security and restructuring. Staff at IRS consists of dedicated professionals keeping office in Rotterdam – The Netherlands.

The multi-disciplinary approach of IR}S makes the difference in:

  • integrity management
  • fraud and fact-finding investigations
  • forensic IT
  • transaction & restructuring services
  • security risk management

Clientele mainly consists of governments, enterprises, financial institutions, shareholders, advisory boards and venture capitalists. Do not hesitate to contact me should you have any enquiries.

 

More information can be found at http://www.irsnl.com.

 

I can be contacted at

 

T +31 (0)10 511 9555

F +31 (0)10 511 9556

M +31 (0)6 51438205

E john.dierckx at irsnl dot com

I look forward to hearing from you soon.

 

85 tips for keeping safe online


A list of points to keep in mind in relation to computer and internet security. This is of course far from complete but makes a good start. Please help further extend this list. Leave a comment with your suggestions (full credit of course to good suggestions).

Security (1 of 1)SECURE YOUR SYSTEM

  1. Run anti-virus software on your home computer, maintain and update regularly.
  2. Use a personal firewall.
  3. Run and maintain spyware an adware protection products and update regularly. More on IObit products (free) that can help you here >>>
  4. Don’t run or install programs from an unknown origin unless you are sure that it can be trusted.
  5. Secure your passwords.
  6. Don’t give out your password to anyone.
  7. Change your internet banking passwords regularly (some banks automatically have you change your password periodically).
  8. Use strong passwords and avoid using passwords that relate to your personal details, especially when some of them are on line publicly (name, name partner, children, date of birth). Consider a password generator.
  9. Avoid storing your passwords on your computer (unless in a password manager with good encryption).
  10. Be sure to install  patches, fixes for your operating system and software, especially security updates.
  11. BACK UP YOUR WHAT YOU WANT TO KEEP. Keep a copy of that work on a separate storage device.
  12. Create a bootup disk, so you can recover things when your computer crashes. For a howto: http://computerhope.com/boot.htm
  13. Buy a board that protects against unexpected power surges, especially if where you live the power supply is less stable.
  14. When you are not using your computer, turn it of, that enhances security and saves power.
  15. Change passwords regularly, make them strong and impossible to guess.

EMAIL

  1. Check email regularly so you can reply quickly.
  2. Emails that ask you to forward an email you receive to everyone you know may can conveniently be ignored. They are usually hoaxes. If in doubt check at www.hoaxbusters.org.
  3. Don’t give out other’s email addresses when sending the same mail to a number of recipients, don’t use CC, USE BCC (blind carbon copy).
  4. Remember that words can read differently than they were meant to be in a normal conversation where you have the advantage of tonal and facial expression. If you do still feel rush, count to ten at least befor hitting any reply button.
  5. Whilst like texting email is very quick in terms of communication, keep the normal human gestures like a greeting and a farewell in mind especially in more formal communications.
  6. Before forwarding someone’s email to another party, consider how they would feel about you giving out their email address. Consider taking out those details (copy and paste the body of the message into a newly composed email).
  7. Make sure when your reply to an email that has been sent to many, that you reply to that particular person and not to the whole group unless it is deliberate.
  8. Don’t open attachments in emails from people you don’t know or an email you were not expecting. This is amongst others how viruses are spread.
  9. Keep in mind that viruses and those spreading viruses are getting smarter and smarter. The apparent sender of the mail even when that is a familiar name person, may very well not be the actual sender. Email addresses are gabbed from email address books all the time.
  10. Use a good spam filter.
  11. Never send out credit card or online banking details via email, treat emails like an open postcard.
  12. If you are extremely concerned about your email safety consider using encryption.

KEEPING YOURSELF SAFE

  1. Remember that what you read on the web is not always accurate. Keep that in mind especially when looking around for reference material. Check sources before you use the material; site owner, author, edited or not, does it corroborate with other INDEPENDENT sources.
  2. Be careful about what you write about others, liability for defamation could be the result of your actions, or loss of employment. Also remember that once you post it, it is there forever.
  3. If you keep a family site, remember that anyone can pass by and see it. That’s great for family and friends but when there is a lot of graphic material on there it may well be great for burglars as well. Review your site in relation to personal information in the broader sense, or consider setting it it up as a private site (for instance using ning) where you are in control who has access or not.
  4. Keep an eye on a site’s privacy policy, the requirements may differ substantially from jurisdiction to jurisdiction. For sites you visit regularly, keep an eye out for changes to these policies.
  5. When you download software (especially freeware) make sure you read and understand the EUA, to avoid unpleasant surprises and agreeing to other software being installed as well.
  6. Copyright is increasingly turning into a minefield as the internet is getting more popular. Be careful about using other’s materials especially when it is copyright material. Sometimes you need to ask for permission which can be obtained by one simple email. Otherwise, consider  using small fractions/quotes and refer to the original source.
  7. Be suspicious about (unsolicited) offers that seem to good to be true. WHEN IT SOUNDS TO GOOD TO BE TRUE IT USUALLY IS. Never give out confidential details.
  8. Be careful when typing web addresses (url’s) typo’s can get you in undesired places on the web (such as porn sites or malicious attack sites).
  9. Keep your browser updated as this may assist in such undesired sites opening up in your browser.
  10. When you sign up for web based mail (see above) don’t automatically let yourself get listed in the site’s directory. Check the tick boxes and make conscious choices.
  11. Update your software regularly, don’t automatically follow links that are sent by email, use the software’s own update functions preferably.
  12. Don’t assume that people won’t break into your computer (what is there to get anyway….YOU’D BE SURPRISED!). Confidential data is big business. And for the wireless users in regions where data caps apply: a piggy back rider may turn an expensive experience. Get a firewall and use it and secure your wireless internet access. A firewall not only protects you from traffic trying to come in but more importantly about programs trying to connect to the internet you were not aware of. My personal favorite personal firewall: Zonealarm
    (www.zonealarm.com), free version is available.
  13. Gadgets in the latest webbrowsers are great but some have some concerns, especially about Java and Active X.
  14. Be in control of your cookies.  I delete them all after every time I have been online. More about the ins and outs of cookies at www.cookiecentral.com.
  15. Check yourself online periodically to see what personal stuff is out there. Google your own name.
  16. Be careful with adult sites that offer free videos but ask you to download and install software to view these videos, you may end up with a lot of nasties on your computer or disconnects you from your ISP to replace your connection with one abroad that turns out to be charged as a toll call to the ISP in that country. You won’t like your next telco bill.

SOCIAL WEB

  1. You don’t need to use you real name at all times, nicknames are an accepted practice and can help protecting your privacy for instance in chat rooms and on forums and newsgroups. Consider using a web based email address (www.gmail.com, www.hotmail.com etc).
  2. Think carefully before giving out personal information during IM, in chat rooms, newsgroups etc. You don’t always (very often if not always) know who you are talking to.
  3. Remember that people can change their identity or lie about who they really are.
  4. If you want to meet someone you met in a chat room in person, talk on the phone first, meet in a public place and let someone else know what you are doing.
  5. Be careful what you post on your profile at for instance myspace, facebook, hi5, hyves, and consider your privacy options.
  6. If your sharing photos online, check the meta data you are sending out and if necessary remove it. Depending on the camera you used there could be private information on there you may not want to share.
  7. Bloggers and tweeters, keep in mind that people have gotten in trouble about what they post with third parties and employers. Think before you hit the publish button or consider blogging anonymously.

ONLINE BANKING AND BUYING

  1. Reconcile your accounts frequently and regularly. If you have any suspicions that something or someone got hold of your account details and is accessing your account: immediately contact your bank;
  2. Delete emails in which you are asked to provide your confidential  details. No bank sends out emails like that.
  3. Change your internet banking passwords regularly;
  4. Check that your connection to a website is a secure one (https connection, in which the s stands for secure) You will also see a small padlock icon at the bottom of your window. Double clicking the padlock icon should show you the owner of the certificate that verifies the identity of the site);
  5. Follow your own path to a site instead of links sent in emails, which could be false and could lead you to fraudulent sites that may look very bona fide but are not. Consider first whether the message you have received, seemingly from your bank, is one that your would expect to receive. Incorrect spelling or grammar are a red flag or indicator of a suspicious email or website;
  6. Buy online from business that you know and can be trusted. If you are not sure, check for a physical address of the online business, a phone number and return policy. Ask around to see if others have dealt with the business before or search the net for comsumer reactions (see for instance www.complaints.com, www.complaintsboard.com, www.ripoffreport.com.)
  7. Do not buy from a website if it does not properly protect the confidential information you provide in the process, such as credit card details. The padlock at the bottom of the screen is already a good indicator. If in doubt, contact the website and ask whether they use secure server and if they can prove it.
  8. Don’t let price be the only thing you care about, convenience and trust are equally important. Have a good look at the freight/shipping costs as they may differ substantially and sometimes there are good shipping saver bagains you may want to take into consideration.
  9. Keep a close eye on your credit card statements to ensure nothing out of the ordinary is recorded on there. Remember that when you buy from overseas there may be taxes due upon arrival of the goods.
  10. When you buy from overseas, check the currency prices first. I usually use www.xe.com
  11. Check what the store’s policy is regarding insurance, refunds, returns. Keep print outs of all your online transaction just in case you need proof of purchase.
  12. Warranties need to be checked especially when buying from an overseas store. Ensure that any warranty applies if something happens where you are.
  13. If you have any questions about the product or sale, contact the site and wait for a satisfactory reponse. If that does not eventuate keep look around for an alternative supplier. It also gives you an immediate impression about the shop’s customer service. No response, don’t buy there.
  14. As you go through checkout, you may be asked to sign up for newletters. Make sure you actually want them, think carefully before agreeing to anything.
  15. Check the store’s privacy policy before you give out an email address to be sure that it will not be passed on to other parties that end up flooding your inbox with junk and other unsolicited mail.

KEEPING THE KIDS SAFE


  1. Place the computer where you can see it.
  2. Set clear rules, which may include time spent online and what is and is not allowed online. Punishing inappropriate behavior afterward. may not be the best solution if there were no clear rules upfront. Banning your child from the net may lead to them finding ways to access the internet out of sight and your control (at a friend’s place, the library an internet cafe).
  3. Make sure you know the password of your children so you can check what they have been doing and where they have been.
  4. Don’t scare your children away from the net and explain that like in the real world there are some fruit loops out there that they may run into.
  5. Take an interest in your child’s activities online, even if you don’t feel confident about your own abilities, encourage them to open communication.
  6. Encourage your child to report anything out of the ordinary or unpleasant they encounter online an be seen to follow up on it.
  7. Do not be intimidated by technology, ASK IF YOU DON’T UNDERSTAND. The dumbest question is the one not asked.
  8. Don’t overreact. Not every incident is as serious as it may appear. Try to determine if incidents are of an isolated, coincidental nature and best to be ignored or a signal of potential trouble that needs closer monitoring. (Keep the communication open see 5.)
  9. Keep credit cards away / out of reach of your children, you could end up with unpleasant surprises.
  10. Check whether any chat rooms your children use are moderated (for instance the Penquin Club). This means that the site has arrenged for someone overlooking the chat sessions and throw anyone out that is a nuisance.
  11. Discourage your kids from having one-on-one conversations as opposed to addressing the complete chat room.
  12. Instant messaging = one-on-one and if you find your child doing that, make sure you know who the person on the other side is. Preferably allow this only with people they and you know.
  13. Consider installing a content filtering system or join with an ISP that tries to filter websites. Remember that there are no 100% fail safe systems so don’t get complacent or a false sense of security.
  14. If possible check your child’s surf history and keep in mind that computer savvy kids may be able to get rid of what they don’t want you to see. If you are of a paranoid nature, consider having all your child’s email coming through an email address under your control.
  15. Don’t think children are just curious about sex and porn, there is a wealth of stuff out there that will be interesting to the explorative youngster including things such as drugs, hacking an cracking, illegal downloading, and even things like making bombs.
  16. Don’t isolate talks with your children from the rest of life, it is all part of the same bigger picture of safety in general.
  17. The internet may be able to assist your child in learning about a lot of things including life but IT CAN NOT BE A REPLACEMENT FOR PARENTAL GUIDANCE.
  18. Don’t automatically assume that inappropriate behaviour is your child’s fault. Building trust and confidence may well be more constructive.
  19. Keep yourself informed about what is going on on the net.
  20. Don’t forget that mobile phones may have internet access as well. If your child has a mobile, make sure you set similarly clear ground rules

If you have more please leave a comment so I can update this list.

Reblog this post [with Zemanta]

Black Hat 2009: SSL insecurity and MultiFactor


New flaws with how SSL is implemented were revealed at Black Hat 2009, but SecureAuth can’t be tricked.

These flaws can trick a user in to thinking they are at a legitimate web site. The main problem with SSL is not that the attack is undetectable, but that end-users have to inspect the server-side certificate, and know what they are looking for. (How often do you click on the ‘lock’ icon in your browser? And, would you know if something was not right?)

SecureAuth protects against these and other attacks by automating the process. SecureAuth, as part of the authentication process, makes sure the end-user is connected to the legitimate server, before asking for a password.

This level of security is simple to deploy to your cloud services, web servers and remote access VPNs, providing two-factor authentication that satisfies PCI and other regulatory mandates, and goes beyond other 2-factor solutions that are really just password replacements.

Check out the website at http://www.multifa.com for more information about what Multifactor can do for you. The product comes recommended by some of my professional contacts.

Posted via web from John Dierckx

Hackers expose weakness in trusted websites | Stuff.co.nz


A powerful new type of internet attack works like a telephone tap, except operates between computers and websites they trust.

Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way web browsers weed out untrustworthy sites and block anybody from seeing them.

Posted via web from John Dierckx

Fake Security Software Steals $34 Million Monthly — InformationWeek


Posted via web from John Dierckx