Categories
Engineer online safety security

How to achieve a PCI Compliant network

Trefor DaviesA lot of effort goes into achieving PCI compliance for a network. Without going into huge detail I thought some of you would like to know the type of work we had to do to get the badge.

Implementation of secure LDAP cluster

This consists of a master server and three read-only slaves, the master server is locked down heavily and the read-only slaves are used for applications to authenticate against. All communication is authenticated and encrypted. All of our new systems have been moved over to authenticate against this LDAP cluster.

TACACS+ / RADIUS (2-Factor) authentication front ends

TACACS+ is an authentication protocol used by all our network equipment and passes authentication through to the LDAP cluster. This system was rebuilt to use encrypted communication, a well structured user/group system, and various security features.

RADIUS (2-Factor) was implemented to pass one factor of the authentication back to the LDAP cluster and the second factor back to a Yubi Key server so that Yubi Keys can be used.

Secure VPN, was implemented using

Categories
Business online safety social networking

Parliament and Internet Conference – Privacy

portcullisThe Parliament and Internet conference wound its annual way to Westminster yesterday. The conference usually comes up with a nugget or two and made the BBC news site with a comment from Andy Smith, PSTSA1 Security Manager at the Cabinet Office that he wouldn’t recommend using your real name when registering with sites like Facebook.

Lord Merlin Errol also noted that he used to give his date of birth as April 1st 1900 but that drop down boxed rarely went that far back these days. I guess there are still one or two 112 year old people around though whether they would be interested in social networking is another  issue.  Privacy  on the Internet, or lack of it, is something I’m still trying to get my brain around.

This came to the front of mind again this morning as a Facebook message appeared in my timeline asking me to confirm my mobile phone number. I did so, particularly as a mobile number is one way of recovering a lost password. Didn’t feel particularly comfortable doing it though. I don’t trust Facebook though

Categories
Business online safety Regs

More Draft Comms Data Bill analysis & Gary McKinnon

blogspot broken link landing pageGary McKinnon has been in the news this week. Unless you have just surfaced for internet air you will remember that he is the guy with Aspergers who hacked into the Pentagon computer and who the marshalls Feds in US of A wanted to extradite so that they could extract revenge.

This post is not about Gary McKinnon or the rights and wrongs of his case. It is about the fact that he was able to hack into what must surely be one of the most secure computer systems in the world (wide web).

Next up is the breach of Google’s webmail service in December 2009.

Categories
Business online safety

I could never be a politician – The Queen hath spoken

I could never be a politician. The Queen’s Speech today included a Lords Reform Bill, Draft Communications Data Bill, Banking Reform Bill, Energy Bill, Enterprise and Regulatory Reform Bill, Children and Families Bill, Pensions and Public Service Pensions Bill, Crime and Courts Bill, Croatia Accession Bill, Electoral Registration and Administration Bill, Defamation Bill, European Union (Approval of Treaty Amendment Decision) Bill, Groceries Code Adjudicator Bill, Justice and Security Bill,  Small Donations Bill together with Draft Draft Care and Support, Local Audit and Water Bills and Carry Over Bills on Civil Aviation, Financial Services,  Finance (No. 4), Local Government Finance and Trusts (Capital and Income).

I’ve listed them in one long string for effect. I guess I must be interested in the outcomes of some of them as they affect me – comms data for one. It has to take a very particular sort of person to want to become a politician. We pay politicians to sort this stuff out but do have to keep an eye on them because as we all know they can get a bit out of control.

The Communications Data Bill which caused such a lot of fuss a few weeks ago when it was leaked to the Sunday Times that it would include surveillance seems to not be getting any attention in the media today with things like Lords Reform hitting the headlines.

This must be remedied. We must rally the troops, man the battlements. In fact I think Shakespeare foresaw all this as you will see from this early version of another monarch’s speech:

Scene 1. France. Before Harfleur (Life of King Henry 5th)

Once more unto the breach, dear friends, once more;
Or close the web up with our English censorship.
In peace there’s nothing so becomes a man
As modest browsing in the privacy of his own home:

Categories
End User online safety social networking

The Online Garden Shed – the answer to internet privacy issues

Google Opt out - the online garden shed?We all need our private space. This true in our virtual lives as much as in the touchy-feely-smelly real world that we once inhabited.  In those days man could retire to his shed if he felt the need for a bit of time to himself. He would only let you in if you were a pal.

There are no sheds online.  What do we do about privacy when using the internet? The fact that Google seems to know what I’ve been up to is a concern.  Do we all sign up with proxy services?  The proxy service provider will still know what you are up to.  Switching on “private browsing” seems a bit of a faff and all that does is prevent PC from storing usage data.

A reader (thanks HmmmUK) just Tweeted me a link to the Google Opt out page:

“Opt out of customised Google Display Network ads

Opt out if you prefer ads not to be based on interests and demographics. When you opt out, Google disables this cookie and no longer associates interest and demographic categories with your browser.”

I thought “great, the answer to the problem” and proceeded to that page to opt out. Then I paused

Categories
gadgets online safety piracy Regs

How to bypass the Virgin Media web filter to access Pirate Bay

How to bypass the Virgin Media web filter to access Pirate Bay

Before you start reading this post, and many thousands have, take a look at Broadbandrating – if you are looking to move ISP then the site will help you choose which one to go for.

Now the post:

Industry colleague Gary Hough left a comment on my blog post on Pirate Bay the other day. He has now written a guest post (tagged on to the end of this one) outlining how easy it is to bypass web filters to access “blocked” sites. I asked myself whether this was a responsible thing to publish. After all it flies in the face of the process of Law and Order and I am not in favour of promoting unlawful activity.

However the process described below is such common knowledge1 and there are so many sites out there providing proxy services used by millions of people that I feel that the story needs to be told in an environment/on a vehicle that promotes sensible discussion of the issue. We certainly need those in places of power to have the opportunity to read about and properly understand the problem.

The issue is not just Pirate Bay or any other site promoting the music downloads that have engendered such emotion within the Rights Holder industries. The issue is the fact that the same process can be used to bypass any web filter. This means that were we to enforce blocking of other types of website – pornography, for example, or sites promoting racial hatred or extreme political views the blocks would be ineffective.

Moreover in encouraging the move underground,

Categories
Business online safety Regs

EU cookie legislation – a look at some of the implementations

EU Cookie Directive 2009/136/ec of the European ParliamentUK Cookie legislation  (DIRECTIVE 2009/136/EC) became law on May 25th 2011. This is the one where websites are meant to give you the opportunity to opt out of visiting them if they are using cookies. Cookies can be very “invasive of privacy” though in varying degrees and some potentially not at all. The law, whilst being passed with good intentions has had some unintended consequences, notably affecting some cookie functionality that is useful and likely unintrusive.

I imagine that most of us with a website use Google Analytics. We all like to look at our traffic levels – well I do anyway. There has been some confusion as to exactly what is being required of website owners – rumours for example that sites only using Google Analytics cookies would not be made to comply as GA was “beneficial and not intrusive”.

You may or may not know that I am on the Information Commissioner’s Office Technology Reference Panel. This is an expert body of representatives from stakeholder groups in information and technology related industry sectors.

The ICO, which is the industry regulator, has given the UK a year to implement the cookie directive. This year is up at the end of this month and naturally there has been press comment and a flurry of businesses making adjustments to their websites in an attempt at compliance.

One year on exactly what will the ICO do re enforcing the law

Categories
End User online safety security

Should you worry about your own personal information security – yes – notes from Infosec2012

crimepack - toolkit for cybercrimeI spent a day at Infosec2012 this week. I could easily have spent another day there as I only met a fraction of the people that would have been good to talk to. It’s not often I say that about a trade show.

I stopped by the Sophos stand for a looksee.James Lyne of Sophos - top cybersecurity guy James Lyne, Director of Technology Strategy of Sophos does a magnificent talk on security. He prefaces the talk with a warning not to visit any of the websites he mentions yourself because of the certainty of picking up malware. I’d take his advice.

James picks up malware for a living!  On any given day the Sophos labs identify 185,000 new discrete pieces of malware. Yes you did read that right. One hundred and eighty five thousand different pieces of malicious code designed to try and penetrated your computing device with a view to stealing your cash, new every day.

This malware is computer generated and churned out in crimepack control panela wholesale manner. The whole game is run by organised crime and is big business. Customers get access to a control panel that they use to organise criminal “campaigns”. This control panel (screenshot inset – hacked by JL) gives them feedback on their successes – how many machines infected with what, for example. They can also use it to pick their “threat vector” ie what sort of virus/trojan/malware they want to use for their particular spamshot/offensive.

These platforms even have APIs so that crooks can build them into their own resources or add their own specific features!

The gangs involved collaborate. They collate data on anti-malware products produced by Sophos, McAfee et al and can tell in real time whether these companies can detect specific threats. In real time! They also collectively contribute to produce a blacklist of IP addresses used by security products manufacturers so that they block access to their online resources from these addresses.

Many people get caught out. Very many people. They must otherwise these guys would not be in business and I’m sure that most of us know someone who has lost cash or had their PC compromised.

What on earth can you do to protect yourselves in the face of such criminal activity? Sometimes there is nothing you can do as many devices have known vulnerabilities. I saw James Lyne tap into an iPad using a fake hotspot and steal some data. He used a known iPad vulnerability. I switched off the WiFi on my own iPad and even considered wiping all those hotspot credentials stored on my pad that make it easy for me to log on the next time I visit!

It does make sense to make sure that all your software is patched up to date, especially applications such as Adobe. It might sound obvious too but don’t click on a link you aren’t sure of. It doesn’t seem to matter whether you use Microsoft, Apple or Linux. Use sensible password policies. It also makes sense, if you can, to have one separate PC that you only use for banking or ordering stuff online.

I left the show with my head buzzing and thinking I didn’t stand a chance in the big bad world of the interweb. I certainly will be reviewing our home cyber security defences. Stay safe now.

PS you should take a look at Sophos, a British company turning over £600m with 2,000 staff! Not bad.

 

Categories
Business online safety Regs security

Government surveillance in a free society?

Time was when MI5 (or whatever they are called) wanted to listen in on your conversation they sent someone round to the local telephone exchange with some wires and a couple of bulldog clips.

The breadth of things that could be monitored was actually fairly large. I remember once, many years ago, being shown satellite photographs of the lake at the Chernobyl nuclear plant in the days running up the announcement that there was a problem with the reactor. The thermal imagery of the lake showed it warming up substantially over a few days. The information showing that there was a problem was being collected by our “security forces”.

The fact is whilst the data was there nobody saw it as it was buried in so much other information, photos etc, that you had to specifically been looking for it to see that something was wrong. The amount of personal information that they could gather about you was fairly limited and the number of people they could do this to was not huge. It was not a scalable system.

Nowadays the game has changed.

Categories
Business online safety piracy Regs

Government plans to track emails and websites visited – my take

The fuss in the media today regarding the government’s plan to make Internet Service Providers capture personal communications data is nothing new. It was brought up under the last Labour government as the “Intercept Modernisation Programme” and received heavy criticism from the Tory party in opposition.

Now with the responsibility of government the conservatives seem to have seen things differently and the word is that the forthcoming Queen’s speech will contain measures to enable the collection of personal information that includes who you have telephoned and emailed or have received emails from and which websites you have visited. The details of what is being sent in the emails isn’t being asked for at this time.

Apart from the obvious privacy issues

Categories
Apps End User online safety

Pipe dreams and privacy – is your private life a thing of the past? or no Google doodle for privacy muddle

Today is all about privacy. No Google doodle to go with it because Google is at the centre of the debate with its harmonisation of privacy rules across all of its services.

The European commissioner of justice, Viviane Reding says there are “doubts” over what Google has done. I’m not going to go into detail on the ins and outs – read about that in the Guardian. Commissioner Reding though in my experience is someone worth listening to so she is expressing concern there is likely to be something in it.

It is worth thinking about privacy for a moment because in our modern age it is a hugely complex subject.

If I do a search for “Trefor Davies” Google comes up with

Categories
End User online safety

Louis Vuitton sells handbags but follow that link at your peril

Louis Vuitton sells handbags. He also features very prominently in the comment spam caught by good old Akismet on this blog. I haven’t clicked on any of the links offered – domain names such as “limpidity” seem to  be selling Louis’ stuff online – soft and flexible handbags for soft and gullible people perhaps?

I took a straw poll in the office and the first person I asked, Director of Account Management Andrew North said his wife owned two Luis Vuitton handbags. Blimey, I’d better not tell Anne although Tesco carrier bags are more in her line:)

So then I Googled Louis Vuitton and found 199,000,000 results – blimey again, I searched for Trefor Davies and only got 408,000. Must be a lot of Trefor Davieses out there – it is a common name. I wonder how many of us there actually are? Not as many as there are Louis Vuittons perhaps – I imagine the fashionably types around town went through a phase of  naming their kids after him – the ultimate one upmanship. Pushed around no doubt in a LV pram and when small left on a sideboard at A-List parties to sleep in a matching handbag (are they called handbags these days?).

Imagine going to a posh nursery school just around the corner from Harrods and being one of several Louis Vuittons! In my day it was Dave or Andy or Llywelyn if you lived in Wales.

Anyway when I started this post I didn’t know where it would take me and I still don’t.  Perhaps something relating to Safer Internet Day 2012? It didn’t happen. You will have to Google it (30,900,000 results) or follow that link to find out more.

I wonder how many of the Google results for LV are actually spamming pages? I will probably never find out.

That’s all folks – back to writing the Timico ITSPA Awards entry.

Categories
Business online safety Regs security

Codes of practice and regulation of tinterweb – Home Affairs Committee report on radicalisation

When I was a kid my dad asked me what I wanted to be when I grew up. I of course said I wanted to be the CTO of a fast growing ISP with prospects 🙂 Dad was somewhat confused with this and told me not to be a silly boy because the internet hadn’t been invented yet and I should learn to be a doctor or a judge or pursue some similarly respectable form of employment.

Some days it feels as if dad will end up having his own way and I will end up as a judge. In the news this morning is yet another report suggesting that ISPs should put together a code of practice in respect of taking down websites that do something we aren’t supposed to like.

There is a lot of this going on. If it isn’t the movie and music industry rightsholders wanting us to block sites promoting copyright infringement it’s Nominet in cahoots with the police trying to suspend domains allegedly supporting criminal activity.  Today its a Home Affairs Committee reporting on radicalisation suggesting that ISPs need a voluntary code of practice that supports the  taking down of websites containing violent extremist material.

Glancing through the report the committee did cover the issues

Categories
Business ofcom online safety Regs voip

Sat in an ITSPA council meeting discussing strategy.

Many of you will perhaps not have heard of the Internet Telephony Service Providers’ Association. It is one of hundreds of industry trade associations serving their stakeholders in the UK. ITSPA was formed about 6 years ago at the “dawn of the hosted VoIP industry in this country”.

In its early days ITSPA was involved in the formation of codes of practice – working with Ofcom to define how an internet telephony provider should behave/operate. Things then went quiet for a while though the organisation has top notch networking events where executives get the opportunities to meet other people in the game to catch up on issues (and gossip).

Over the past 12 months industry affecting issues have started to come out of the woodwork.

Categories
Engineer online safety security spam

Akismet is a seriously good spam catcher

Akismet is a seriously good spam catcher. I just took a look at the comments it has trapped recently. Not clicked on any of the links but there is a wonderful range of products being pushed:

pre-workout supplements, SEO, LA Weightloss (to offset the pre workout supplements presumably), healthy food ideas, free online background checks, pharmaceutical delivery service, wedding photography, kitchen appliances, custom cabinet design!, Scottish mountain biking, a bar in London for stag nights.

Some of the comments appear to be quite carefully crafted responses the the post – as if they really are relevant. Anyway I’ve just deleted 103 of them. Sorry if yours was a genuine comment and is not approved. Keep em coming 🙂

Categories
Engineer internet online safety security

Vint Cerf, Internet 2, Project Phoenix, Twitter, BYOD & #ITDF

Jonathan Radford our CFO is one of the least techy guys you could hope to meet.  He is often also the source of ideas for this “technical” blog because technology now reaches absolutely everyone on this planet one way or another.

Today he came up for a chat about Internet 2 and Project Phoenix and left me with a newspaper clipping from the FT (I said he wasn’t a techy – anyone else would have sent me a link). The point is though that the technology related article interested him because he could understand its implications for him personally.

The article concerned internet pioneer Vint Cerf’s comments re the need to start again with internet security. The internet is an open network currently running on the basis of trust. Starting again Cerf says he “would have put a much stronger focus on authenticity or authentication” and quoted Ori Eisen’s Project Phoenix as an example of the way forward (see original FT article for more on this).

You only have to note the recent spate of

Categories
dns Engineer online safety security servers

Telegraph Register and UPS DNS servers hacked

The Register DNS hackedIf you have been trying to access the telegraph online or TheRegister tonight you might come in for a bit of a surprise as the sites look as if they have been hacked.  More specifically it looks like some  Domain Name Servers have been hacked, diverting traffic to other pages.  Many people will not notice.

Click on the header to see more of what the Register site currently looks like. At this point in time the hack is less than 30 minutes old so I don’t have any more info but if I get a chance I’ll update the post as news comes in. Or just Google it. I saw it first on Twitter.

Categories
Business Cloud online safety Regs

The Google View of the Forthcoming UK Comms Regulatory Landscape #deappg

Google’s Sarah Hunter impresses at the Communications Bill Forum.

Google’s Head of UK Public Policy, Sarah Hunter was a breath of fresh air at last week’s Communications Bill Forum.  Firstly she was one of the few speaking without just reading out a prepared speech. It can get boring listening to someone reading out their notes.

Secondly she offered a perspective based on a platform as opposed to most of the other speakers who were largely either content providers or  pipes.

  1. The government should not make policies that favour specific industries without considering the wider impact elsewhere.
  2. Open platforms should be protected – both content and pipes need them and they are expensive to build and maintain
  3. Keep a sensible approach to data protection. In other words allow targeted advertising.  The direction the EU is going is not good in this respect.
  4. Encourage and promote investment in computer science and engineering – engineers are taking over the world.
  5. Concentrate on consumer education – digital literacy and consumer empowerment. In other words keep kids safe online by education (and not mandatory web filtering – my words).
As always we have to strike a balance and how well the government does this will greatly influence how UK industry thrives online Her first point was a reference to the proportionality of the Digital Economy Act.
The data protection issue is a difficult one.  Whether they like it or not I get the feeling that the long term future of revenue generating for businesses operating online, certainly for content providers, is going to be substantially driven by advertising.
If this is the case then the advertising model needs to be one that works for all parties, including consumers and this either means we accept the degree of “intrusion” being sought by the likes of Google, Phorm et al or we very carefully define what is and isn’t permissible. Not the subject of a short blog post but perhaps one that might usefully be covered in a 2 year debate running up to the next Communications Bill.
Categories
Business online safety piracy Regs security

SilkRoad FTTC and Bitcoin!

Interesting to note that 8 out of the top ten keywords for visitors to this blog over the last month have been related to either FTTC or silkroad with 4 each.

I can understand the FTTC interest and I was an early writer on this subject so get decent Google rankings. As far as SilkRoad goes either there is not much written out there about the subject or there are huge numbers of people trying to find out more about it – human nature I guess!

As far as Bitcoin goes the underground currency seems to have recovered following the Mt. Gox crash. My original source for info seems to have stopped publishing at the time of the crash – 19th June. However it is now visible elsewhere and is trading at not far off the levels seen at Mt.Gox before the crash (for what it’s worth!).

PS whilst the two subjects seem totally separate FTTC and SilkRoad do obviously inhabit the same online universe. People will be using FTTC to access Bitcoin trading sources. I’m not sure that we will ever see the day when BT accepts payment for FTTC using Bitcoin though.

Categories
Business internet online safety Regs

ISPA Parliamentary Advisory Forum – ISPs likely to promote opt in parental controls to block kids access to porn

Attended the ISPA Parliamentary Advisory Forum this week. The debate, sponsored by Claire Perry MP was on the subject of online child protection. The issue, as previously posted (just search for Claire on this site), is that Claire Perry wants ISPs to block access to pornographic websites by default, requiring people who want to go to these sites to opt in.

This must have been one of the most informed debates I have been to with an A-Z of stakeholders (100+ people) present ranging from what looked like the committee of the local parish church, academics, libertarians, ISPs, MPs, security technology vendors, press, child safety organisations etc etc.

Several things stuck in my mind:
Internet Minister Ed Vaizey and MP Claire Perry emphasised their position that ISPs need to do something to protect kids or they will legislate.

Many references to studies on the effect of pornography on children were made.

Categories
Business internet online safety piracy security

Psst wanna buy a racehorse? #silkroad #bitcoin #torproject

silkroadmarket

Yesterday I read a flurry of reports on a new web service called silk road. This is a “totally anonymous” website that looks like it has initially been set up to facilitate drug deals. Payments are made using Bitcoin, a “virtual” digital currency that allows “untraceable” transactions to be made using distributed Peer to Peer technology.

A quick Google search for Silk Road last night revealed nothing but changing search terms this morning I found it.The first result took me to the following post:

Hi everyone,

Silk Road is into it’s third week after launch and I am very pleased with the results. There are several sellers and buyers finding mutually agreeable prices, and as of today, 28 transactions have been made!

For those who don’t know, Silk Road is an anonymous online market.

Of course, it is in its infant stages and I have many ideas about where to go with it. But I am turning to you, the community, to give me your input and to have a say in what direction it takes.

What is missing? What works? What do you want to see created? What obstacles do you see for the future of Silk Road? What opportunities?

The general mood of this community is that we are up to something big, something that can really shake things up. Bitcoin and Tor are revolutionary and sites like Silk Road are just the beginning.

I don’t want to put anyone in a box with my ideas, so I will let you take it from here…

-Silk Road staff

This is a fairly astonishing post in itself. It was published on 1st March and has since then attracted 36 pages of responses and comments.You can see for yourselves.

Categories
Business internet online safety Regs surveillance & privacy

What a complex world wide web we have woven #UN #LaRue #deappg #DEAct

I have on many an occasion written about the complexities of life on the internet and the difficulties imposed on governments wanting to flex their controlling muscles thereon.

We have recently seen the Bailey report (child protection) and Hargreaves (Intellectual Property) and not so long ago it was The Digital Britain Report (economics), The Byron Report (children) and others, I’m sure before I started commenting.

These reports all look to a greater or lesser extent at how we should conduct our lives in the internet world.

Now, from the United Nations we have the La Rue Report of the “Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression”.

This is very interesting because it works as a counter to some of the forces being unleashed by the other reports mentioned.

For example website blocking is being sought by a number of interest groups including those wanting to protect children from online pornography, those wanting to protect their own private commercial interests and those wanting to protect the rest of us from people with extreme political views.

The United Nations

  • comes out against website blocking with the one exception of tightly controlled blocking of child pornography
  • emphasises the importance of freedom of expression – you better be really sure about a site’s illegality before doing something about it (ie taking it down/blocking)
  • considers the disconnection from the internet, including on the grounds of violating intellectual property right law, to be to be disproportionate and thus a violation of article 19, paragraph 3, of the International Covenant on Civil and Political Rights.
  • wants the right to online privacy and anonymity guaranteed
  • thinks that ISPs as intermediaries should be protected as mere conduits of data to and from the internet

This is a very important report and worth a read. There is an element of “Magna Carta” about it. Not being a lawyer I am unsure as to where it stands in respect of legality of the points it makes but I’m sure someone can chip in here.

It would also be worth getting some feedback from the UK government as to how it might affect its stance regarding some legislation such as the Digital Economy Act.

Categories
End User online safety Regs

We can start by not letting kids buy games rated for older ages #Bailey

A few years ago when my daughter was around 10 years old she was given a voucher for a free photographic modelling session at Olan Mills.

We went along, she fully made up, and had many photos taken. She was allowed to choose one of them for printing off free of charge. The one she wanted was very glamorous. The one I let her have was different. It was nice, not sophisticated. I didn’t want my little girl “looking like that”.

In the car one the way home I was taken aback by how upset she was. I felt bad about it at the time but by then it was too late. “Just one of things you put down to experience.”

Published today is the “Bailey Report: Letting Children be Children – Report of an Independent Review of the Commercialisation and Sexualisation of Childhood”.

The report looks at the issue of children growing up too quickly and seeks to find a way to build a safer society for the young. The conclusion is that here is not one single solution but that a mix of approaches is necessary.

Bailey suggests “both putting the brakes on an unthinking drift towards ever greater commercialisation and sexualisation, while also helping children understand and resist the potential harms they face.”

He also says “For us to let children be children, we need parents to be parents.”

It is clear to me that this is one of the most important aspects of the report.

Last year my 10 year old son wanted me to buy him Call of Duty Black Ops for his Xbox. I looked into it and it carries an “18” rating – in the eyes of those who profess to know, unsuitable for a 10 year old.

The problem is all his mates have it. They also have many other 18 rated games. Sons of friends that might be deemed sensible people. They just laugh it off with “I know we shouldn’t let him but…” or “ He used his own money, what can you do?”

I polled my Facebook friends and 14 out of 15 responses were against my letting him have the game. He didn’t get the game, nor did he get any other “18”s. He feels aggrieved.

I had to compromise. I found that he already had a number of “15” rated games so he got to keep those and has had more since. It is difficult to see how parents can manage against this tide of peer group pressure. It only takes one or two to give in to queer the pitch for the rest of us.

Anything that Reg Bailey and the government can do to help will be welcome. We do have to be careful not to cross civil liberty boundaries but why shouldn’t every right minded person want to help?

The Bailey Report can be downloaded from the Department of Education website. I haven’t tried to condense its 117 pages into this single blog post so you should take some time to read it.

Categories
End User internet online safety scams security

Internet scam awareness

I’m very proud of my wife. She got one of those phishing calls yesterday saying that a problem had been reported with a virus on her PC.

She is one of least technically savvy people going but told the caller (who was, from his accent, not from ’round here) where to go without batting an eyelid.

She said we have Radio 4 to thank as she had heard an item regarding such scams on the Today programme sometime recently. Good old Radio4, good old Mrs Davies.

Categories
Business internet online safety security social networking

Consumerisation of the workplace – part 2 #TREF @EmpireAve

This morning I joined Empire Avenue and got the ticker symbol TREF – v important I’m sure you agree. I did it because people I interact with on Twitter have done so and being a sheep I followed. I hooked my Empire Avenue account up with Linked In, Facebook, Twitter and YouTube and then bought 100 shares in eBay.

Whether this was a sensible thing to do I know not – the account hook-ups not the eBay purchase which I don’t care about either way. I am really trusting the application.

After a bit of a browse I decided not to waste any more time and left. TREF was secured. At this point the responsiveness my wireless keyboard and mouse began to slow down significantly and I was hit with anti virus messages on my screen. Uhoh.

To cut a long story short thanks to Michael our IT guy I eventually got rid of the screen and am running full system scans using AVG and malwarebytes.

The last time I picked up a virus it wiped me out for a week and we had to rebuild my machine. That was the week I really road tested the iPad and found it deficient. So this time you can imagine what was going on in my mind. I can’t afford to be without a PC for any length of time.

I write all this because I am also currently thinking about device security

Categories
Cloud End User online safety scams

Phishing – direct mail style

Just received my first ever phishing attempt via direct mail! With a second class stamp on it:) The only means of contact are a  ymail address and two Chinese telephone numbers, one of which is a fax line.

The funny thing is if I had received this letter ten years ago I might not have been so certain it was a scam but because it is such a common feature of email spam nowadays I know to just bin it. I wonder what he return on investment is – we are talking an envelope, a sheet of A4 paper, some ink and a stamp. It’s a lot more expensive to do it this way than to send out millions of emails.

I’m not going to reveal anymore details though. The writer has asked me to keep this totally confidential:)

PS the header photo was taken at dawn on the breakwater at Peel in the Isle of Man. Regular readers will know that I am the Mayor of Peel breakwater.

Categories
Business online safety

mother knows best? – mumsnet withdraws support for Claire Perry porn blocking initiative #deappg

At the tender age of 49 I still call my mum for a chat and ask her advice on things. Usually regarding how to cook Welsh Cakes etc. Well I note today  that mumsnet, the “by parents for parents” family site seems to have withdrawn its support for the “Claire Perry porn blocking” campaign.

I can’t add much to the Malcolm Hutty post over at LINX on this subject. He also supplies some useful links.

Whilst I am not denigrating Mrs Perry’s desire to protect children mumsnet has displayed some realistic common sense and now understands the issues associated with web blocking.

The original campaign page at mumsnet is no longer available but it was still visible in the Google cache. Click on the header to see more.

Categories
Business Cloud gaming online safety Regs

Today is Safer Internet Day #MMORPG #UKCCIS

Safer Internet Day

Today is Safer Internet Day. This year’s topic is ”It’s more than a game, it’s your life” and the aim of the initiative is to promote safer and more responsible use of online technology and mobile phones, especially amongst children. The website reports some interesting statistics:

  • Gamers spend on average 8 hours weekly playing online.
  • Young people sleep 2 to 3 hours less per night than 10 years ago.
  • In January 2010, 18 million accounts were registered on Second Life.
  • Facebook reports more than 500 million active users.
  • Users spend 700 billion minutes on Facebook each month.
  • 13 million players of World of Warcraft (WoW), the world’s largest MMORPG (Massively Multiplayer Online Role-Playing Game).
  • MMORPGs generated $1.5 billion in subscription revenues worldwide in 2008, forecast to reach $2.5 billion by 2012.
  • Up to 250,000 players are simultaneously online on WoW.
  • Transactions and sales of virtual goods in virtual worlds were estimated at $18 billion in 2009.

Its is amazing but I can identify with many of these bullet points. My kids spend far more than 8 hours online playing MMORPGs (it is a truly great acronym). All my kids are on Facebook even though two of them are below the recommended age limit. I vet their friends lists and have the logon details of the youngest who is not allowed to post photos. All his spare cash goes on online games – and we are talking £40 a pop here which is truly irritating as a parent (thats about fifteen pints of beer in real money! 🙂 ).

Parents need to jointly develop a survival strategy here. It only takes one to let the side down and let their kids have free rein to spoil it for the lot of us.

Note in connection with Safer Internet Day, Eurostat, the statistical office of the European Union, published the results of two complementary surveys that indicate that only 21% of UK individuals who live in a household with dependent children use parental control filtering software. This is higher than the EU average of 14% but considerable lower than the results of the EU Kids Online survey that was published a couple of weeks ago and reported that 54% of UK parents (28% across the EU) use parental controls or other means of blocking or filtering some types of websites.

The UK Council for Child Internet Safety (UKCCIS) has published a “Good practice guidance for the moderation of interactive services for children” which you might want to take a look at.

Publicising Safer Internet Use is very important and I suggest more needs to be done to educate parents on what they might be able to do to help themselves. This is particularly important in the light of the fact that politicians are constantly trying to take control of the internet “for our own good“.

PS one fact that coaught my attention in the EU report was that in the EU2 in 2010, almost one third of individuals (31%) who used the internet in the 12 months prior to the survey reported that they caught a virus or other computer infection resulting in loss of information or time during this period.

PPS thanks to ISPA for drawing my attention to these data.

And finally – I have to say were are entering a truly great era for acronyms – MMORPG!!!!!

Categories
End User online safety scams security

Phishing by”Microsoft” engineers

I’m getting reports of increased levels of phishing attempts on broadband customers. People get a call from someone purporting to either work for Microsoft or on their behalf. The flavour of the calls go something like this:

  • “We are working on a password security breach”
  • “We are working with Microsoft and your ISP to increase your broadband speeds
  • “We have identified a problem with one of your servers and can fix it for £250”

By and large they want you to click on a link and then of course “you’ve been had”. Unfortunately as in many aspects of life on the internet the only real way to avoid being had is by being internet savvy. There is no quick fix.

Categories
Business online safety piracy Regs surveillance & privacy

Swedish ISP Bahnhof provides anonymity to customers by default – #deappg #deact #Wikileaks

Swedish ISP, Banhof, is offering a service that provides its customers with total anonymity on the internet.

We have the privilege to be able to offer a solution for those who want to remain anonymous on the net. When you go online with our partner, all traffic to and from the Internet to go through their servers through an encrypted “tunnel”, which means that nobody can see what you are doing.

Bahnhof, which apparently now hosts the Wikileaks website, does not keep logs of customer activites and would not be able to provide this information to anyone requesting it for the purposes of litigation (*eg Rights Holders in pursuit of copyright infringers – a hot topic at the moment with regard to the Digital Economy Act).

This raises quite an interesting point.