Bradley Howard's Blog

Views of digital media, innovation, loyalty and business in the real world

Tags

5 child safety online tips

Oct 24, 2011 at 12:07pm
 

Capture
I remember that when I started studying Computer Science at University (in those days it was a Polytechnic), in the first lecture we were told that at any social gathering we shouldn't tell anyone we were studying Computer Science because the conversation would either stop immediately, or follow the route of "ah, that's interesting, do you know how I can fix my [insert electrical item here]?"

One of the questions I get asked a lot is how I help my kids stay safe online.

I'll start these tips with the viewpoint that the Internet is 99.9% a good thing for kids. I think it's better than television, which is a passive, brain-switch-off experience. It's a type of entertainment as much as educational experience for children (and adults) which should be embraced.

My kids range between five and nine years old although I think this advice is useful for any children up to about twelve. Here are my top tips:

  1. Keep the family computer in a visible place. I don't agree with kids (under twelve) having a PC in their bedroom, or for that matter, a laptop which can move around the house. We have a family computer on the corner of our living room and kitchen, so we can always glance across and see what the kids are doing.
  2. Enable fast escalation. Our kids can approach my wife or I at any time and say "Why is this happening?" on the computer and we'll always try to help. Like anything with children, if they feel they might be told off, they won't talk to an adult, so whatever happens online we'll always make them aware it's not their fault.
  3. We use free Family filtering software - the Windows Live Family Safety filter. Each of the kids has their own user accounts and we have another one for guests. Family Safety provides time limits (which we enable for weekday mornings) as well as stopping some sites. For our five year old, it's on maximum control setting and for the nine year old it's set to block anything adult and allow most other sites. At the moment none of the kids are allowed Facebook, although we do allow YouTube because they like listening to music and you'd be surprised how young kids don't realise that YouTube contains videos that aren't music related. 
  4. Using the family filtering software we regularly check their accounts (it takes seconds) and make it very clear that we check what they've been doing online.
  5. Stay aware of latest scams, websites and general web trends and behaviour. This is easier for our household because of my job, but my wife is still aware of most online 'problem areas'.

Even with all these tips, my wife phoned me at work last week to say one of the girls had asked her to look at a website she'd been using. On the site, which is a Flash games-based website aimed at young girls, there is a chat functionality, and someone on the site had been chatting to our daughter and been totally vulgar.

My wife took a number of screenshots, of which part of the chat window is shown above. I contacted the website to make them aware of the incident and haven't heard anything back from them.

I started off with these tips saying how the Internet is 99.9% a good thing for kids. Our experience highlighted that you need to be extremely vigilant of that 0.1% element.


 
tags:
children, education, tips, web security,
0 Comments

Voice mail hacking vs website security

Jul 29, 2011 at 1:26pm
 

Thankyou1

Whilst I think the actions of the journalists at News of the World (and perhaps other 'press' organisations) have been totally guilty of their conduct, I find it interesting how the phone companies have managed to get away relatively unscathed.

When a website user database is hacked, the press consider the lack of security of the website to be the guilty party. In the voicemail scenario, I've hardly seen any commentary around the mobile phone operators.

There are two main ways of hacking voicemails:

  1. The first method is to use the remote dial in number to access voicemails, enter the phone number of the person you're trying to gain access to, and guess the PIN code. The PIN is usually 4 digits, and companies simply 'brute force' their way into mailboxes. Brute force is simply a case of guessing 0000, then 0001 and so on.
  2. The second method is to clone a user's phone number using a proxy-style service. It's very simple - you dial a phone number (the proxy) and you'll hear a message asking what number you want your phone number to appear to be to the person you're about to call. You stay on the call and then enter the phone number you want to call, and the recipient sees the 'new' phone number you entered earlier. A number of offshoring cold call sales companies use this type of service to make it look like they are calling you from the UK. Voicemail hackers phone a proxy, enter the phone number of the person they are trying to hack, and the mobile phone voicemail thinks the incoming call is from that victim's number (and there's no need to enter a PIN number).

Neither of these methods are particularly elaborate. A simple Google search provides a long list of companies who offer the proxy service (although to be fair all the ones I went to said they didn't allow the service to be run for UK phone numbers).

In my opinion, the phone companies should do the following:

  1. Every time the remote voicemail is accessed a text message should be sent to the phone number. At the very least, each unsuccessful PIN number attempt should send a text message to the mobile warning of the attempt.
  2. If the wrong PIN number is entered more than say, four times, the voicemail should be "locked".
  3. Phone companies should be able to work out if a phone number has been cloaked (run through the proxy) more accurately.

 
tags:
legal, mobile, news, web security,
0 Comments

Census completed

Mar 23, 2011 at 10:21am
 

Logo-census-landing1
Last night I completed the census form online. If you haven’t filled in the census yet, I recommend completing it online because it will be a much quicker experience. No worrying about conditional questions such as ‘Now skip to question 7’.

The website is fast, and although I didn’t need them, there are helpful ‘bubbles’ on each questions.

Despite having many children, and the census needs to be completed for each one, the entire process took less than 10 minutes.

Well done to the Information Architect(s) and whoever implemented the website.

The next stage is voting. Why can’t we vote online? The census felt very secure (long PIN number to enter the site and SSL throughout the site). It’s 2011 – half the country should be voting online and via mobiles by now.

The next step after online voting is micro-voting. Richard Watson described this in his book, where citizens constantly vote on detailed topics. E.g. should the UK be involved in Libya? 

The step after that is where citizens of one country are able to vote on international issues – such as an English person voting on whether the US should be involved in Libya.

The technology is already here – as the census proves. Politics needs to catch up with the technology.

 


 
tags:
census, future, politics, technology, trends, web security,
0 Comments

Data security: unsexy now yet soon vital

Jan 8, 2011 at 9:55pm
 

3460993750_7b81638f6d_z1

To most people the phrase 'Data security' is boring and irrelevant to them.

Expect over the next few years to see this being pushed higher up the marketing agendas of web sites that users register their details with.

You can already buy login details to 50,000 iTunes accounts to buy music, videos or book on these users' accounts:

 

For merely 200 yuan ($30) a pop, an Internet user in China can purchase up to $200 worth of digital products at Apple Inc's vast music, movie and applications vault.

Far from being a benevolent offer by the fruit-favoring giant, this offer is the result of the theft of iTunes user account details stollen by hackers who then auctioned them online.

The Global Times discovered Wednesday that about 50,000 illegal accounts are being sold at taobao.com, China's largest online store, at prices ranging from 1 yuan to 200 yuan.

Source: http://china.globaltimes.cn/society/2011-01/609351.html

 

I predict that within the next 2 years similar lists will be available for the major social networking sites as well. These credentials don't enable users to do a great deal at the moment, however as soon as a currency is available within the networks, these account details will become highly valuable.

The social networks need to start planning security measures quickly. Security teams need to review processes and procedures quickly.

As users, if the website 'loses' login data, there's nothing that can be done. If users set long, complicated passwords it won't work. Regularly changing a password will only help if you change your password quicker than a list has been resold.

As a developer it's one thing being agile in a garage environment, it's another thing when you are responsible for millions of user accounts. 

Photo courtesy of keummi


 
tags:
CRM, iTunes, web security,
0 Comments

A cheap answer to the impending UK cyber attacks

Oct 24, 2010 at 10:30pm
 

287171643_5fbb72e2571

The news over the last week has been the biggest threat to the UK is cyber attacks on our power plants, transport infrastructure and water plants.

A simple solution - just disconnect them from the Internet. Anyway, why are they connected to the Internet in the first place?


 
tags:
future, news, politics, power, web security,
1 Comment

The Internet equivalent to keying a car

Aug 5, 2010 at 8:21am
 

Well, clearly I've been upsetting a few people recently, because since yesterday this blog has been a victim of a DOS (Denial of Service) attack!

A DOS is the Internet equivalent to keying a car - pure hate, no 'reward' for the criminal, and just sucks up the victim's time and resources for several days.

To help prevent DOS attacks, websites can use technologies such as CDN (Content Delivery Networks), such as Akamai. So if you go to a site such as FIFAManchester United or The R&A, you're actually going to a server hosted by Akamai. And Akamai have literally hundreds of thousands of servers around the World, so they can handle the DOS attack. This is one of the reasons why their share price is doing so well.

With Akamai, the website pays for the data traffic, so during a DOS attack, huge amounts of data are served. So Akamai answer this by offering a 'DOS insurance' policy to mitigate the data costs during a DOS.


 
tags:
Akamai, Content Delivery Network, web security, web traffic,
0 Comments
Designed by Blink First & coded by Cory Watilo.
More great Posterous themes at themes.posterous.com.
Bradley Howard

Bradley Howard

Head of Digital Media at Endava, although all the views in this blog are purely mine and not necessarily those of Endava.

 

Subscribe to my RSS feed

 

 

Other ways to find me:
TwitterBuzzLinkedInDelicious