Category Archives: security

‘Digital babysitters’ place younger children at

‘Digital babysitters’ place younger children at risk

Kids are only ever three seconds from online danger at home as parents unintentionally neglect to protect young children

News has emerged  that children as young as eight years old are at risk of emotional damage from social media – prompting a review by MPs into smartphone usage.

However, new Kaspersky Lab research has revealed that children even younger than this are at risk of psychological harm – as the average three-year old spends more than four hours a week with what amounts to a ‘digital babysitter’ and is only ever seconds away from accessing inappropriate content featuring guns, violence and nudity.

Parents are not toddler-proofing their online world, with a huge 87 per cent of parents admitting that they don’t restrict how much time their young children spend online – three-year olds are spending more than four hours a week with these ‘digital babysitters’ and being exposed to potential psychological harm.

The average child spends 40 minutes per day, or 4.6 hours a week, watching online video content on a mobile device. Yet only 13 per cent of parents install online security on their smart phone, laptop or tablet – and 49 per cent have never reviewed the default settings to prevent the child viewing inappropriate material. Examining YouTube’s suggested videos, which sit visibly alongside clips or episodes of popular children’s television programmes such as Peppa Pig, users are just clicks away from content aimed at a more mature audience – featuring violence, guns and nudity.

Young children at high risk of emotional damage from accessing adult content. So how can you protect your family online?

Kaspersky Lab’s top tips for protecting your family online are:

  1. Supervision – This may seem obvious, but supervise your child’s internet use. Encourage them to visit and stay on websites you’re familiar with. If you have any concerns, look at their browsing history. Be sure to know about any password-protected sites they may be accessing and ask them to share their login details with you.
  1. Be open – Encourage your child to be open about what they are doing online and who they are socialising with. Promote a culture of safety within the home and talk about the possible dangers which exist.
  1. Protect your family – Use parental controls to block access to sites you don’t want your child looking at as part of your online security product – it’s an easy way to avoid disaster. Review the default settings on each app that your child uses to ensure that the camera or microphone, for example, aren’t needlessly turned on as these can pose a threat.

 

 

Tchapper gives mobile messaging privacy by shaking your phone

Enterprises want to make sure that their mobile devices are as  private and secure as their servers across the organisation. Users want privacy when using their phone.

A Paris-based app, which renders messages unreadable by a simple shake of the phone, seems to meet both needs.

While Facebook Messenger, Kik, or WhatsApp are considering security options to compete against the Telegram app, they miss the needs of users who want privacy in the bus, at home, or at the office.

Tchapper is a privacy messaging app available for Android and iOS that delivers a range of tools for private messaging conversations.

A shake of the phone renders messages, photos, videos, and notifications unreadable. Text is replaced by random symbols which change each time the phone is shaken.

Messages are both encrypted and unreadable. Messages look like a set of random characters and symbols. Messages can be deleted by both sender and receiver, or they can be stored in a private messaging cloud.

The coded messages can be created and stored locally on the device if preferred. Users can deactivate the coding for sending traditional messages, or delete the message even after it has been sent.

Tchapper gives mobile messaging privacy by shaking your phone

The message disappears from both the sender’s and the recipient’s screen. The app can also send “flash messages” that disappear after 20 seconds.

The app provides a privacy channel for mobile users without restricting them to a single privacy app.

All mobile messaging conversations can be made private, giving the user control over their communications.

Messages can be decoded by shaking the device — or by using the fingerprint sensor — to read direct messages or private messages within a group.

The app has gamified mobile privacy, enabling users to take control of their interface by simply shaking their device.

The beta version of the app is currently available in English and French. It has more than 150,000 users and will be made available in more than 10 languages.

It enables privacy features on iMessage, and it plans to deliver privacy features on additional messaging platforms, including WhatsApp, Facebook Messenger, and Skype.

So why would you need Tchapper on your device? If you want to protect your privacy, you can decide exactly when you want to read a particular message or open an image.

You could be in a meeting, with the phone on the desk, or on the train, and perhaps you do not want your notifications or messages to be visible to other people around you.

For parents who let their kids play with their phone, it can ensure that if a personal or professional message arrives during that time, it will be unreadable. You have complete control of message privacy.

Daniele Amsellem, founder of Tchapper, said: “Mobile messaging users expect to have their conversations kept private, not necessarily secret, and with more than 3 billion messages sent daily from the leading messaging platforms, this is a growing issue.

We want to make privacy a fun thing to do when communicating with your device, not something burdensome. Tchapper takes advantage of your smartphone in a way that literally ‘shakes up’ the conversation.”

Embedded into the OS, or globally across all apps, it will render a device unreadable if it falls into the wrong hands. Phone snatchers will not be able to read any of the garbled information on the phone.

This technology is currently limited to scrambling the characters and images within the app. Extended to the whole device, tablets, PCS and other devices, all data will be worthless.

A simple activity like shaking, dropping or suddenly moving the phone will guarantee the data will stay safe. It will not be long before someone buys this technology to widen its reach.

Almost fooled by the Facebook photo virus mail

Oh Yikes. this is a screenshot of an email I received…

image

I VERY nearly clicked on this link whilst triaging my email.

The only thing that alerted me to the fact that there might be an issue, was the wierd URL that popped up when I hovered over the link.

I was also curious about the port number 8887 so I checked online.  something dodgy seemed to be going on…

I also went to the URL http://sv001.facebook–security.com – which of course doesn’t resolve to anything.  Even more reason to be suspicious.

But for me, the worst thing is… I don’t know anyone called David Ross… and Facebook never send mail to that particular email address.  so why did I, still geeky, still technical, almost fall for it?

I’m kicking myself now for ‘almost’ clicking the link.  I was SO close…

But how many others have just clicked on it and suffered the consequences.. Grrr…

 

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Technorati Tags: ,,,,

Facebook Timeline: Sharing more than you thought?

Since Facebook changed its User Interface to compete more effectively with Google+ there has been lots of reports concerning the interface.  86% seem to dislike the new interface according to Sodahead with women and teenagers being especially resistant to the Facebook changes.

The real time Ticker has been introduced onto the right hand side of your activity stream. This means that every post you make on a page will show up on all of your friends real time activity stream. Friends who weren’t aware that you’d liked a page can now see your interactions with the page.

The new timeline has brought significant changes in the way you can see information.  When you apply the Timeline mode, your profile gets a new look.

image

In Timeline view, all of your friends can see all of your posts and can move the slider on the right to see what interactions you’ve had right back to the date you joined Facebook.  The timeline also makes it possible to find out the exact time date you became friends with someone on Facebook.  Perhaps this is information you might not want to share. 

Friends can see all of your timeline information – even before you became their Facebook Friend.

Frictionless sharing now means that anything that you read online could potentially be shared with everyone in your time line – whether or not you explicitly share the content.  Imagine everything you read online going onto your Facebook page – and everything that others read online filtering down onto your Facebook page.  How on earth are you going to find what’s relevant amongst all of that noise?  Open Graph applications such as Spotify will automatically share what you’re listening to.  This “Ambient Intimacy” might suit some of us – but it doesn’t sit too well with those of us who feel the need to carefully manage our privacy.  Even Facebook cookies might cause further alarm as they track users’ activities even after they have logged out of Facebook.

But is this type of behaviour pushing the boundaries of online Privacy? Once you’ve authorised that application, the “set it and forget it” way are you going to go back and revisit the settings to check what’s being broadcast on your timeline?  Are you going to delete back posts and remove applications that you no longer use of do you trust that Facebook will do it for you? 

Or do you prefer to keep some things to yourself and your close friends?  If that’s the case, be very careful about what you post or have already posted onto Facebook…

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

What is the value of your digital life: Getting hacked

Here’s a great infographic from PC Mag showing the real cost of being hacked..

Trend Micro Digital Life

There are several ways to minimise your risks:

– Change your birthday.  If you adjust the birthday by a couple of days either way, then folks who know your name and birthdate can not steal your identity.  They will have the wrong person

– Clear your cookies and your internet cache regularly.  Yes, i know it’s a pain, retyping your passwords, but you’re less likely to have malware on your downloadable files if you clear the cache regularly

– Do backups.  Regularly.  Invest in something like Home Server or similar, set it up and forget about the backups. If you’re not to techy, you can rest assured that it’s all going on automatically.

– If you get a Twitter direct message from one of your friends with just a link, or a strange message asking you to click the link, respond to them asking them why.  Chances are they won’t know that they sent the message.image

– Be cautious.  All the time.  Even your friends could be victims…

And, as the infographic states, this could cost you a heck of a lot of time – and money to repair things…

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

 

Password security: Telling stories with passphrases

When we change passwords why do we choose passwords that are so complicated that we can never remember them?    Or we choose passwords with such poor security that they are easily cracked.  In our always connected online world, surely passphrases are easier to remember than these complicated passwords?

Here’s an infographic from Zonealarm showing the importance of having a strong password.  This segment is especially relevant

image

 

and a great cartoon from XKCD showing how easy it is to remember daft password phrases instead – and how hard it is for computers to crack them..

image

 

Off to change my password now – to another part of the limerick I’m memorising.  There was a collection of vicars…. Smile

Eileen is a social business strategist and author of Working The Crowd: Social Media Marketing for Business. Contact her to find out how she can help your business extend its reach.

Technorati Tags: ,

Stopping Spyware from installing

How easy it is to install spyware – especially for the unsuspecting person.  It almost happened to me yesterday.  I logged out of my account on scribd.com to take a screen shot of Scribd from a not logged in perspective and got a dialog box pop up saying that Windows needed to perform an urgent scan of my PC.  The dialog box just ‘didn’t look right’ Normally I get Security Essentials dialogue box would pop up and the box would be orange.  Then the next thing I saw is a new browser window pop up showing me the following:

imageest

A few things to note here:

  • System udgtrnbl – not a normal system volume name
  • The Shared Documents and Hard Drive folder were flashing warnings that there were 5 infections on each folder
  • This view of Control Panel is viewed through a browser window – not the normal control panel GUI
  • This view of Control Panel is an XP view – I’m running Windows 7 with a totally different look and feel for the dialog box
  • undefinedappmgmts.dll doesn’t exist
  • Windows doesn’t have a ‘Start Protection’ button

I closed the initial dialog box (the ‘urgent scan’ warning) and got the download box for AntiSpy2011.exe which is captured in the snip above.  This is the same spyware / worm / virus / trojan that paralysed my friends machine which now needs a total format and rebuild before I’ll be happy with it

A new process started – Companionuser.exe which is a valid process used by Windows Live but is often used by malware and other malicious programs

image

So how did I fix this?

  • I closed all editions of iexplore.exe using task manager.
  • I stopped the companionuser process
  • I and watched as it re-invoked itself… over and over again

Hmmm.

Every time I stopped the process, it started again… Damn thing.  And then I remembered where the virus was stored on my friends machine.  The virus / worm lived in the Temporary Internet files. C:\Users\%Username%\AppData\Local\Microsoft\Windows\Temporary Internet Files.  In Internet Explorer, I clicked on the View files button, sorted the files by time accessed, and deleted all of the files, images and cookies that had been accessed in the last hour.

Only then did the companionuser.exe process stop re-appearing in Task Manager.

But…

I can see how so many people install this worm.  It pops up unexpectedly – all I was doing was logging out – and I must have rolled the mouse over an advert or something.  Quick as anything, and to the unsuspecting person, worried about getting a virus or a worm, so simple to install. 

But i thought it was certainly worth highlighting so that others can back themselves out of this problem safely – or know who to call when they have a problem…  And delete cookie files regularly – just in case…

 

Technorati Tags: ,,,

Safety settings on Facebook

Another infographic – this one is worth bookmarking and telling your less social media savvy friends about .  This is how to navigate Facebooks Safety settings from Zone Alarm..

 

If in doubt – say no.  Deny instead of accept, restrict instead of open.  Then you will worry less Smile

Dealing with the ‘Your computer has malware’ call from ‘Microsoft’

image

 

 

I had an interesting phone call today from someone who told me that I had issues with my machine – ‘Right now’.  I was curious to find out the technique that they used to scam people so I acted dumb and asked him why he knew. 

 

The caller – and the delay on the line  – sounded like I was talking to someone from India.  He said his name was Michael and he was calling from the Windows Service Centre and worked on behalf of Microsoft.  Pah!!

He assured me that this was a British company with offices in Manchester.  He gave me the phone number too: 0161 4085 067.  Hmmm…

 

He stated several times that if I called the company, then it would prove he was legitimate.  He then asked me if I was sitting in front of the computer and asked me to do a few things for him…

 

 

He asked me to access the Start button and type in Run, then cmd

He then told me to type ‘assoc’ and hit enter, told me not to worry about all of the text scrolling down on my screen, but as proof that my computer had sent him a message, he read out the line at the bottom of the screen

image

He quickly read out: CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} – whilst I tried to slow him down, pretending to write everything down… He said that the number proved that he knew it was my machine (actually this number exists on EVERY Windows machine!)

Then he asked me to type EVENTVWR and asked me what appeared Smile

He took me into the Application log in Event Viewer and told me that all of the application information messages were being sent to him so he knew that there was malware on my machine, quoting the errors and warnings on the screen. He asked me how many entries I had, and I told him 763!  He said.  That’s how many times your computer has been messaging us with this information.

Unfortunately, my dumb act must have made him a little bit suspicious. I asked him if he worked for Microsoft, which division, and how he knew it was my machine ‘sending him messages’.  I spent a little bit too long grilling him on how this relationship with Microsoft worked.  I was rumbled,  so I never got to the URL part of the script. 

Of course this is a telemarketing scam, which has been reported on several times,  where the scammer tries to gain access to your machine to run a script and gain access to your machine.  But so often, people fall victim to the scam.

Microsoft have a page dedicated to common scams stating that they NEVER call anyone to help them fix their computer (they’re busy enough on the forums and dedicated support lines)

image

I kept him chatting for as long as he could – my reasoning is that the longer I kept him talking, the less calls he’d be able to make that day, but I think I was rumbled.  Unfortunately, a search of the web shows that too many people fall for this type of scam…

Sure, he asked me if I had a PC, and if it was a Windows machine.

But he didn’t ask me if I was actually connected to the Internet… Oh Drat… Hopefully I’ll be able to get the punch line out next time..  Smile

Beware of Internet dating and duping…

I was truly horrified to read Dare’s post the other day which talks about how Craigslist has been compromised, several people have been seriously embarrassed, and there are separations occurring due to people looking for love on the web.    Warning.  This is explicit stuff.  Don’t follow the links if you’re easily shocked.

I did a bit of research on social software earlier on this year, and created myself an account on MySpace.  I sort of did a search (in the interests of social networking you understand), and tried to find a guy aged between 40 and 50 who was interested in dating, socialising, networking and romance.  Within 5 miles of my postal code ( I live in the country in a house in a field outside the town boundary).  I got 83 search results which scared me a little.  all of these men live within 5 miles of me??? and just want to socialise? hmmm.  What to do now then…

Dare notes that: “The blog post indicates that there is a growing trend of people posting requests for romantic liaisons on CraigsList only to turn around and embarrass all the people who responded by posting their responses on the Web”  Truly scary stuff I think.  The potential for damage is huge here.  So be careful with what you do on the Internet.

And if you ever see my profile up there on the Internet, I hope you’ll understand that I’m only doing this in the spirit of research you know.  Honestly….  It won’t stand up in court will it?