In today's world our perimeter to be secured is not just the immediate physical of building walls, fences and borders.
by Michael Smith
While the Great Wall of China did something for that country by way of protection and a good perimeter fence and watchtowers may guard and protect a military or such installation, we must consider today, in the world of computers and the Internet, also and especially our virtual perimeter. This, in many case, is rather fluid.
While many companies, institutions, and others, place guards at their entrances, require passes of all kinds of levels, have fences, intruder sensors, and much more, despite the fact that they work rather on an international level, and have all manner of anti-virus protection and all manner protection against all manner of intrusions, by way of firewalls and such, few, so it would appear, have a policy in place to ensure that sensitive and mission critical data is not taken out by employees, especially temporary staff, or disgruntled staff, on removable medis such as floppy discs (yes, I am showing my age here, for I even remember when they, in fact, were floppy and rather big as well), to CDs/DVDs, USB flash memory, or even small removable USB hard drives.
We all have seen what can happen – and I am sure we all wonder where that data that was thus lost is now – when the likes of the British government offices sent data, very sensitive data, unencrypted, around the country on CDs.
Apparently, the real problem is that the two departments concerned have different encryption tools and the receiving department would not have been able to read the data had the discs been encrypted. No one thought of those implications before? Doh?!?
This is very much like NATO with all its different kinds of weapons and even communications systems all of which could really have caused a great deal of trouble had we ever had to go to war with the Warsaw Pact in those days. Unlike us they all had everything interchangeable. Proper compatibility should have been thought of one would have thought but, it does not seem to be thus. But, alas, those that sit in ivory towers.
Encryption is but one thing.
That, however, which often – more often than not – gets forgotten as far as securing data is the “physical” security of it and securing the ports – not the shipping kind though.
Who has access to the USB ports and do they need to be able to remove data by downloading it on removable media?
Organizations go to all lengths to control access to a network from the outside but often have no policy and measures in place for securing the devices. This means that basically anyone can steal sensitive data by using a USB memory stick, for instance, or an iPod.
The question is to ask who has access in an organization who could compromise data, as this could be more important than the possibility of an external breach and resultant data theft.
Too often only the “break in” from the outside into the system is being considered as far as data and security is concerned and the he possibility of data theft from within an organization by an employee is often overlooked.
Today with flash memory devices getting smaller and smaller and also being “concealed” in other objects, such as pens, and also getting more powerful with ever more data storage capacity plugging in a USB stick and copying a large amount of data only takes from some seconds to something like ten minutes and USB sticks nowadays are so common and, in fact, part of work, that the fact that someone has one or more on his or her person says and means nothing to the security guards, for instance. Hence the protection has to be at a different level.
Music players too, such as an iPod or similar, straight-forward MP3 player can often store data aside from just music files and are therefore also a way in which data can leave your institution; a way in which someone can take out data who, maybe, should not be able to.
Also, such devices, whether players or memory sticks, and such like, can be used by someone with malicious intent, whether employee or not, to inject malware into a PC or an entire network. All it needs is access to computer that is not locked down, for instance.
It would appear that many organizations do not have any systems and policy in place that control who may access and especially copy data to removable media of whatever kind.
All it takes, as we have seen more than once, is a disgruntled employee – or even an ex-employee whose password and such is still active – to ruin the reputation of an organization or to hold it to ransom.
© M Smith (Veshengro), December 2008
<>
Powers of RIPA legislation abused
Ex-Chief of MI5 'astonished'
by Michael Smith
The Regulation of Investigatory Powers Act (RIPA) was passed in 2000 to regulate the way in which public bodies such as the police and the security services carry out surveillance.
To begin with originally only a small handful of authorities were able to use RIPA but its scope has, for some reason, been expanded enormously and now there are at least 792 organisations using it, including hundreds of local councils.
This has generated dozens of complaints about anti-terrorism legislation being used to spy on, for example, a nursery suspected of selling pot plants unlawfully, a family suspected of lying about living in a school catchment area, and paperboys suspected of not having the right paperwork.
Now those campaigning against the abuse of RIPA have got a new ally in the person Lady Manningham-Buller, the former head of MI5. In a speech in the House of Lords recently, she said she was "astonished" when she found out how many organisations were getting access to RIPA powers.
Those that nowadays, more or less willy-nilly seem to be granted the right to carry our surveillance for this or that reason, should never, so it seems as far as the Security Services are and were concerned, be given those powers and rightly so.
While there may be reasons in fact for councils and others to, at times,m be granted powers under RIPA no council, per se, needs to carry our covert surveillance of dustbins for instance as to what people put into them. The same is true in respect to other uses that RIPA has been used for.
When RIPA was introduced the activities authorised by that legislation were meant be confined to the intelligence and security agencies, the police, and Customs and Excise.
The legislation was drafted at the urgent request of the intelligence and security community so that its techniques would be compatible with the Human Rights Act when it came into force in 2000.
Nowadays, however, for reasons unfathomable, every authority of whatever kind, from local councils and trading standards – and that latter one can still be understood – over the Milk Marketing Board equivalent and the one responsible for eggs and whatever else, aside from police, security services and HMRC, that is to say Customs and Excise, are given such covert surveillance powers.
Britain is the fast becoming, if it is not already, an all-pervasive surveillance society and British subjects are the most spied upon people on this planet, ahead even, so it would appear to citizens of Russian and even of Cuba.
On the principle governing the use of intrusive techniques which invade people's privacy, there must be total clarity in the law as to what is permitted and they should be used only in cases where the threat justifies them and their use is proportionate.
Presently, however, it would appear to be neither and as far as a great many people who are in the know amongst the general public are concerned this is very disconcerting and it is creating resentment amongst the people.
However, it seems that the current Labor administration in the United Kingdom could care less as to what the public thinks really. They have a majority in the House and hence do not care one iota about the people.
How can we expect to combat terrorism on our shores when we alienate the general law-abiding public who should be the eyes and ears of the authorities by using spy techniques and anti-terror legislation against them who have done nothing wrong.
The idea of the DNA and fingerprint database and the idea of monitoring all email and Internet traffic of every subject of Her Britannic Majesty is not going to bring the people onto the side of the government. Rather the opposite.
People who work in the field of security, I am sure, can see that but those that try to lord it over the people, whether central or local government do not care, it would seem. Councils up and down the country use RIPA powers against people that may or may not put the wrong stuff into their dustbins; who may put their dustbins out at the wrong day, and such like. As far as I, and Lady Manningham-Buller, see this is a total misuse of the powers of the act. Time some reigning on was done here.
© M Smith (Veshengro), December 2008
<>
by Michael Smith
The Regulation of Investigatory Powers Act (RIPA) was passed in 2000 to regulate the way in which public bodies such as the police and the security services carry out surveillance.
To begin with originally only a small handful of authorities were able to use RIPA but its scope has, for some reason, been expanded enormously and now there are at least 792 organisations using it, including hundreds of local councils.
This has generated dozens of complaints about anti-terrorism legislation being used to spy on, for example, a nursery suspected of selling pot plants unlawfully, a family suspected of lying about living in a school catchment area, and paperboys suspected of not having the right paperwork.
Now those campaigning against the abuse of RIPA have got a new ally in the person Lady Manningham-Buller, the former head of MI5. In a speech in the House of Lords recently, she said she was "astonished" when she found out how many organisations were getting access to RIPA powers.
Those that nowadays, more or less willy-nilly seem to be granted the right to carry our surveillance for this or that reason, should never, so it seems as far as the Security Services are and were concerned, be given those powers and rightly so.
While there may be reasons in fact for councils and others to, at times,m be granted powers under RIPA no council, per se, needs to carry our covert surveillance of dustbins for instance as to what people put into them. The same is true in respect to other uses that RIPA has been used for.
When RIPA was introduced the activities authorised by that legislation were meant be confined to the intelligence and security agencies, the police, and Customs and Excise.
The legislation was drafted at the urgent request of the intelligence and security community so that its techniques would be compatible with the Human Rights Act when it came into force in 2000.
Nowadays, however, for reasons unfathomable, every authority of whatever kind, from local councils and trading standards – and that latter one can still be understood – over the Milk Marketing Board equivalent and the one responsible for eggs and whatever else, aside from police, security services and HMRC, that is to say Customs and Excise, are given such covert surveillance powers.
Britain is the fast becoming, if it is not already, an all-pervasive surveillance society and British subjects are the most spied upon people on this planet, ahead even, so it would appear to citizens of Russian and even of Cuba.
On the principle governing the use of intrusive techniques which invade people's privacy, there must be total clarity in the law as to what is permitted and they should be used only in cases where the threat justifies them and their use is proportionate.
Presently, however, it would appear to be neither and as far as a great many people who are in the know amongst the general public are concerned this is very disconcerting and it is creating resentment amongst the people.
However, it seems that the current Labor administration in the United Kingdom could care less as to what the public thinks really. They have a majority in the House and hence do not care one iota about the people.
How can we expect to combat terrorism on our shores when we alienate the general law-abiding public who should be the eyes and ears of the authorities by using spy techniques and anti-terror legislation against them who have done nothing wrong.
The idea of the DNA and fingerprint database and the idea of monitoring all email and Internet traffic of every subject of Her Britannic Majesty is not going to bring the people onto the side of the government. Rather the opposite.
People who work in the field of security, I am sure, can see that but those that try to lord it over the people, whether central or local government do not care, it would seem. Councils up and down the country use RIPA powers against people that may or may not put the wrong stuff into their dustbins; who may put their dustbins out at the wrong day, and such like. As far as I, and Lady Manningham-Buller, see this is a total misuse of the powers of the act. Time some reigning on was done here.
© M Smith (Veshengro), December 2008
<>
Environmental protesters get into secure airport area
What the h*** happened to the security?
by Michael Smith
When, on Monday, December 8, 2008, environmental activists, gained access to a high security area air side on Stanstead airport in Essex one can only ask as to what the h*** has happened to the security at that airport, whether their own security teams or the police. Was everyone asleep at that time of the early morning?
If that is the security on the air side side of our airports then what is going to prevent a more or less major terrorist attack. If environmental activist – unarmed – except for bolt croppers and such like – can get air side on a more or less major airport, the second-largest airport in the UK in fact.
Not so long ago activists got onto a parked aircraft at Heathrow, Britain's largest airport, and one of the world's busiest and no one had noticed until some of them in fact unfurled a banner on the plane.
I must say that if that is our air side security at airports then all the other security measures are a waste of time and useless and will not make our airports and air travel secure.
While those measures aimed at air travelers inconvenience those traveling by air and make check ins and arrivals and longer process they will not prevent explosives, for instance, being placed on a plane. Not as long as the security on airports remains a joke as it is presently. The problem is that this joke is not funny by a long shot.
All the measures currently in place, as I have said already, do is inconvenience the airline travelers and not the terrorists for all they have to do is get air side, by cutting through a fence a la environmental activists and place a device at the belly, for instance, of a parked aircraft. And, the way security (what security?) is on that side of the airports at the present this is not, despite what we are being told, a difficult undertaking and this should make us really worried.
This is also very much the same as regards to security of the railroad rolling stock. While, for instance, as regards to the Eurostar trains, for example, airport style scanners and security checks are used and now even small penknives are illegal to be taken on that train there is very little stopping any more or less determined person getting near the parked trains and attaching a device to it or getting onto the tracks and sabotaging them.
I know that as much as with cyber security there is no 100% security possible anywhere and it cannot be unless we would surrender all our liberties and freedoms and we, as people, should take some responsibility – in fact the greatest part of it – for our own personal security and that of our families and loved ones, and, to some degree of society as a whole.
However, when we look at the ease that people can get into supposedly secure areas and get onto, as in the instance of Heathrow, a parked aircraft then we must ask what is going on.
One must then also wonder as to whether there really is the threat that we are told is there or are we just being told that so that the powers that be can make things more and more difficult for the ordinary people to go about their daily lives, such as having biometric ID cards (probably with transponders) forced upon them and the threat that any cop may demand to see ID and if no ID carried that one then might find oneself in jail.
If the security is allowed to be as lax as it appears to be then on can but come to the conclusion that in reality there is no such threat as the security services and government keep trying to tell us. If not then the lackadaisical approach taken to the air side security at British airports is criminal negligence and some heads should, nay indeed must, roll, and security must be made nigh on watertight.
As I said already, I know, and I hope that everybody else does too, that there is no such things as 100% security without living in a fortress and giving up all liberties and freedoms, and it would be then that the terrorists and enemies of freedom have succeeded and this we must not allow to happen.
If anyone is supposed to feel secure again flying – I for one would not, then again I do not like flying, period – then air side security must be enhanced and made as good as watertight. No good inconveniencing the passengers with all those checks and searches and restrictions when anyone can just saunter into any airport directly through the fence with bolt cutters and then can do, unmolested for quite some time, what they wish to do. There are many countries in the world where anyone entering such a secure are of an airport would simply be shot by snipers.
I do not think that we would, necessarily, want to have such kind of operations in the United Kingdom, but...
© M Smith (Veshengro), December 2008
<>
by Michael Smith
When, on Monday, December 8, 2008, environmental activists, gained access to a high security area air side on Stanstead airport in Essex one can only ask as to what the h*** has happened to the security at that airport, whether their own security teams or the police. Was everyone asleep at that time of the early morning?
If that is the security on the air side side of our airports then what is going to prevent a more or less major terrorist attack. If environmental activist – unarmed – except for bolt croppers and such like – can get air side on a more or less major airport, the second-largest airport in the UK in fact.
Not so long ago activists got onto a parked aircraft at Heathrow, Britain's largest airport, and one of the world's busiest and no one had noticed until some of them in fact unfurled a banner on the plane.
I must say that if that is our air side security at airports then all the other security measures are a waste of time and useless and will not make our airports and air travel secure.
While those measures aimed at air travelers inconvenience those traveling by air and make check ins and arrivals and longer process they will not prevent explosives, for instance, being placed on a plane. Not as long as the security on airports remains a joke as it is presently. The problem is that this joke is not funny by a long shot.
All the measures currently in place, as I have said already, do is inconvenience the airline travelers and not the terrorists for all they have to do is get air side, by cutting through a fence a la environmental activists and place a device at the belly, for instance, of a parked aircraft. And, the way security (what security?) is on that side of the airports at the present this is not, despite what we are being told, a difficult undertaking and this should make us really worried.
This is also very much the same as regards to security of the railroad rolling stock. While, for instance, as regards to the Eurostar trains, for example, airport style scanners and security checks are used and now even small penknives are illegal to be taken on that train there is very little stopping any more or less determined person getting near the parked trains and attaching a device to it or getting onto the tracks and sabotaging them.
I know that as much as with cyber security there is no 100% security possible anywhere and it cannot be unless we would surrender all our liberties and freedoms and we, as people, should take some responsibility – in fact the greatest part of it – for our own personal security and that of our families and loved ones, and, to some degree of society as a whole.
However, when we look at the ease that people can get into supposedly secure areas and get onto, as in the instance of Heathrow, a parked aircraft then we must ask what is going on.
One must then also wonder as to whether there really is the threat that we are told is there or are we just being told that so that the powers that be can make things more and more difficult for the ordinary people to go about their daily lives, such as having biometric ID cards (probably with transponders) forced upon them and the threat that any cop may demand to see ID and if no ID carried that one then might find oneself in jail.
If the security is allowed to be as lax as it appears to be then on can but come to the conclusion that in reality there is no such threat as the security services and government keep trying to tell us. If not then the lackadaisical approach taken to the air side security at British airports is criminal negligence and some heads should, nay indeed must, roll, and security must be made nigh on watertight.
As I said already, I know, and I hope that everybody else does too, that there is no such things as 100% security without living in a fortress and giving up all liberties and freedoms, and it would be then that the terrorists and enemies of freedom have succeeded and this we must not allow to happen.
If anyone is supposed to feel secure again flying – I for one would not, then again I do not like flying, period – then air side security must be enhanced and made as good as watertight. No good inconveniencing the passengers with all those checks and searches and restrictions when anyone can just saunter into any airport directly through the fence with bolt cutters and then can do, unmolested for quite some time, what they wish to do. There are many countries in the world where anyone entering such a secure are of an airport would simply be shot by snipers.
I do not think that we would, necessarily, want to have such kind of operations in the United Kingdom, but...
© M Smith (Veshengro), December 2008
<>
Private Web spies monitor activists online for Australian police and attorney-general
God defend me from my friends – from my enemies I can defend myself
by Michael Smith
A private intelligence company has been engaged by police in Australia to secretly monitor internet and email use by activist and protest groups, according to a report.
The company was hired by Victorian Police, the Australian Federal Police and the federal Attorney-General's department to monitor and report on the internet activities of anti-war campaigners, animal rights activists, environmental campaigners, and other protest groups.
The Melbourne-based firm has for the past five years monitored websites, online chat rooms, social networking sites, email lists and bulletin boards, so says the report, and has gathered intelligence on planned protests and other activities, and even though many, if not even the majority, of those on the watch list have broken no laws.
Welcome to the fascist Dominion of Australia. Then again, it would appear that the mother country, Britain, is headed the same way, with the security services running roughshod over all civil liberties possible. Is this a sign of things to come?
This private intelligence company has also prepared threat assessments and intelligence reports for government agencies that included material from media reports, speeches, academic journals and publicly available company data, but no private correspondence, so it is claimed, was monitored.
As to the latter I would, personally, be very dubious. If they go as far as they have gone the chances are that they may have gone further still but that this is more secret than other things.
The company was not named at the request of its management for fear extremists may target the firm.
The news comes a month after Victorian police were found to have targeted community and activist groups in a long-running covert operation.
So much for the claims of freedom and liberties in Australia. If that is freedom and liberty then I would not want to see what happens should they change tack.
There is one difference between Australia and the UK and that is that in Australia it seems to be easier to find out those things that the services are up to compared to the UK. In the latter place the law and the culture of secrecy makes getting such information very difficult indeed, despite of the “Freedom of Information Act” and if they can claim that they are monitoring suspected terrorists then, well, no chance of getting info and anything that ends up leaked and then published could get one killed.
© M Smith (Veshengro), November 2008
<>
by Michael Smith
A private intelligence company has been engaged by police in Australia to secretly monitor internet and email use by activist and protest groups, according to a report.
The company was hired by Victorian Police, the Australian Federal Police and the federal Attorney-General's department to monitor and report on the internet activities of anti-war campaigners, animal rights activists, environmental campaigners, and other protest groups.
The Melbourne-based firm has for the past five years monitored websites, online chat rooms, social networking sites, email lists and bulletin boards, so says the report, and has gathered intelligence on planned protests and other activities, and even though many, if not even the majority, of those on the watch list have broken no laws.
Welcome to the fascist Dominion of Australia. Then again, it would appear that the mother country, Britain, is headed the same way, with the security services running roughshod over all civil liberties possible. Is this a sign of things to come?
This private intelligence company has also prepared threat assessments and intelligence reports for government agencies that included material from media reports, speeches, academic journals and publicly available company data, but no private correspondence, so it is claimed, was monitored.
As to the latter I would, personally, be very dubious. If they go as far as they have gone the chances are that they may have gone further still but that this is more secret than other things.
The company was not named at the request of its management for fear extremists may target the firm.
The news comes a month after Victorian police were found to have targeted community and activist groups in a long-running covert operation.
So much for the claims of freedom and liberties in Australia. If that is freedom and liberty then I would not want to see what happens should they change tack.
There is one difference between Australia and the UK and that is that in Australia it seems to be easier to find out those things that the services are up to compared to the UK. In the latter place the law and the culture of secrecy makes getting such information very difficult indeed, despite of the “Freedom of Information Act” and if they can claim that they are monitoring suspected terrorists then, well, no chance of getting info and anything that ends up leaked and then published could get one killed.
© M Smith (Veshengro), November 2008
<>
How to avoid on-line manipulation: "Nigeria-letters"
EU Agency ENISA launches "Social Engineering"-report with 5 defence advice to counter fraud threat
Heraklion, Crete, October 2008 - The EU Agency ENISA (The European Network and Information Security Agency) launches a white paper on 'Social Engineering', (i.e. on-line manipulation, through social networks, email, also known as 'Nigeria-letters' or 'advance-fee frauds', instant messaging, or Voice Over Internet Protocols (VoIP). The Agency provides 3 case studies portraying how easy users are manipulated, identifies 5 defence measures and issues a check list, 'LIST', for users to counter social engineering. Finally, the Whitepaper includes an exclusive interview with the world famous security author, speaker, and consultant Kevin Mitnick.
What are the risks of on-line manipulation, or "Social Engineering"? Fraudsters frequently manipulate people and exploit human weaknesses through 'social engineering'. That way, people break their normal security procedures. The scale and sophistication of such fraud is increasing, (27.649/month, Jan.'07-Jan '08, according to APWG). Several new ways are used to reach users (e.g. instant messaging, VoIP, and social networking sites apart from emails). Successful social engineering entails:
1. A convincing pretext for contacting the target,
2. Getting the facts right by research,
3. Timing and exploitation of current events, e.g., the Tsunami event, or a Santa Claus mail around Christmas, with a worm included.
4. Exploit human behaviour and psychology.
Three e-mail based case studies portray how easy it is to trick ordinary users:
- Case 1: 179 respondents assessed 20 messages (11 bogus, and 9 legitimate), and only 42% of the users could correctly classify the mails; (32% were classified incorrectly and 26% as 'do not know'.)
- Case 2: Of 152 targeted end-users within an organisation, 23% were tricked into accepting malware infections.
- Case 3: Over 500 undergraduate students followed embedded links, opened attachments, etc. The rate of failure was 38-50%. The good news is that the failure rate was reduced with training.
The Agency identified 5 defence measures against social engineering. However, the key to success lies in improving users' awareness. Users should use a checklist of questions to verify the Legitimacy, Importance of the Information, the Source and Timing (LIST) (for full checklist see p 25-26 of the report.) Mr Mitnick underpins the report with the claim that it is much easier to trick someone into revealing their password, rather than making an elaborate hack. The Executive Director of ENISA, Mr. Andrea Pirotti, comments: "Making staff and users aware of security is of serious concern for Europe. We should all become more aware and 'responsible on-line EU-citizens', in our own interest of being able to benefit of the Internet safely."
The report has been elaborated with the kind support of the ENISA Awareness Raising Community and is available at: http://enisa.europa.eu/doc/pdf/publications/enisa_whitepaper_social_engineering.pdf
<>
Heraklion, Crete, October 2008 - The EU Agency ENISA (The European Network and Information Security Agency) launches a white paper on 'Social Engineering', (i.e. on-line manipulation, through social networks, email, also known as 'Nigeria-letters' or 'advance-fee frauds', instant messaging, or Voice Over Internet Protocols (VoIP). The Agency provides 3 case studies portraying how easy users are manipulated, identifies 5 defence measures and issues a check list, 'LIST', for users to counter social engineering. Finally, the Whitepaper includes an exclusive interview with the world famous security author, speaker, and consultant Kevin Mitnick.
What are the risks of on-line manipulation, or "Social Engineering"? Fraudsters frequently manipulate people and exploit human weaknesses through 'social engineering'. That way, people break their normal security procedures. The scale and sophistication of such fraud is increasing, (27.649/month, Jan.'07-Jan '08, according to APWG). Several new ways are used to reach users (e.g. instant messaging, VoIP, and social networking sites apart from emails). Successful social engineering entails:
1. A convincing pretext for contacting the target,
2. Getting the facts right by research,
3. Timing and exploitation of current events, e.g., the Tsunami event, or a Santa Claus mail around Christmas, with a worm included.
4. Exploit human behaviour and psychology.
Three e-mail based case studies portray how easy it is to trick ordinary users:
- Case 1: 179 respondents assessed 20 messages (11 bogus, and 9 legitimate), and only 42% of the users could correctly classify the mails; (32% were classified incorrectly and 26% as 'do not know'.)
- Case 2: Of 152 targeted end-users within an organisation, 23% were tricked into accepting malware infections.
- Case 3: Over 500 undergraduate students followed embedded links, opened attachments, etc. The rate of failure was 38-50%. The good news is that the failure rate was reduced with training.
The Agency identified 5 defence measures against social engineering. However, the key to success lies in improving users' awareness. Users should use a checklist of questions to verify the Legitimacy, Importance of the Information, the Source and Timing (LIST) (for full checklist see p 25-26 of the report.) Mr Mitnick underpins the report with the claim that it is much easier to trick someone into revealing their password, rather than making an elaborate hack. The Executive Director of ENISA, Mr. Andrea Pirotti, comments: "Making staff and users aware of security is of serious concern for Europe. We should all become more aware and 'responsible on-line EU-citizens', in our own interest of being able to benefit of the Internet safely."
The report has been elaborated with the kind support of the ENISA Awareness Raising Community and is available at: http://enisa.europa.eu/doc/pdf/publications/enisa_whitepaper_social_engineering.pdf
<>
"Children on Virtual Worlds" - 25 parental safety tips, report launched by the EU Agency ENISA
The EU Agency ENISA, the European Network and Information Security Network Agency, launches a report on virtual worlds with 25 safety tips for parents on how to make their children behave safely in online virtual worlds.
Heraklion, Crete, 06.10.2008 - Club Penguin, Barbie Girl, Moshi Monsters, Webkinz, etc. Is your child spending hours playing online games? Well, you are not alone. Virtual world sites are now hugely popular and have become a compelling activity for many Internet users. The rate of growth in online social networks, including virtual words for children has risen over the last past years. With more than 100 youth-focused virtual worlds, regulators and parents are struggling to keep pace. It has been estimated that 20 Mn children and tweens will visit virtual worlds by 2011.
Parents are naturally concerned about how their children use and behave in virtual worlds. The biggest concerns is the online safety of children (7 years old and under) and tweens (8-12 years old) and how they can be protected from online predators. Awareness of what children can do online and parental involvement is crucial. Parents should be educated, empowered and engaged to ensure truly positive and valuable experiences for their children, while reinforcing safety online habits in these three-dimensional environments.
The ENISA paper gives 25 safety tips to parents. These tips provide clear and comprehensive tools for parents to decide with their child what is appropriate and safe, to behave responsibly as well as to have fun in virtual worlds. Sample tips range from computer security, to rules, and advice on parents? and children?s education, e.g;
1. Keep the computer in a common room.
2. Set house Internet/mobiles rules if and how to use virtual worlds.
3. When activating a child?s account, always do it using the parent?s email address.
4. Be aware that parental consent should be required to process sensitive personal data, for chat rooms, send unsolicited commercial e-mails, etc.
5. Have children use neutral nicknames, not their real ones.
6. Communicate with your children about their experiences. Encourage them to tell if they feel uncomfortable or threatened online.
For all 25 safety tips, , please read the full report: http://www.enisa.europa.eu/doc/pdf/deliverables/children_on_virtual_worlds.pdf
The Executive Director of ENISA, Mr. Andrea Pirotti remarked: ?It is our responsibility as adults to secure that our children can have both fun and safely enjoy online gaming and virtual worlds?
<>
Heraklion, Crete, 06.10.2008 - Club Penguin, Barbie Girl, Moshi Monsters, Webkinz, etc. Is your child spending hours playing online games? Well, you are not alone. Virtual world sites are now hugely popular and have become a compelling activity for many Internet users. The rate of growth in online social networks, including virtual words for children has risen over the last past years. With more than 100 youth-focused virtual worlds, regulators and parents are struggling to keep pace. It has been estimated that 20 Mn children and tweens will visit virtual worlds by 2011.Parents are naturally concerned about how their children use and behave in virtual worlds. The biggest concerns is the online safety of children (7 years old and under) and tweens (8-12 years old) and how they can be protected from online predators. Awareness of what children can do online and parental involvement is crucial. Parents should be educated, empowered and engaged to ensure truly positive and valuable experiences for their children, while reinforcing safety online habits in these three-dimensional environments.
The ENISA paper gives 25 safety tips to parents. These tips provide clear and comprehensive tools for parents to decide with their child what is appropriate and safe, to behave responsibly as well as to have fun in virtual worlds. Sample tips range from computer security, to rules, and advice on parents? and children?s education, e.g;
1. Keep the computer in a common room.
2. Set house Internet/mobiles rules if and how to use virtual worlds.
3. When activating a child?s account, always do it using the parent?s email address.
4. Be aware that parental consent should be required to process sensitive personal data, for chat rooms, send unsolicited commercial e-mails, etc.
5. Have children use neutral nicknames, not their real ones.
6. Communicate with your children about their experiences. Encourage them to tell if they feel uncomfortable or threatened online.
For all 25 safety tips, , please read the full report: http://www.enisa.europa.eu/doc/pdf/deliverables/children_on_virtual_worlds.pdf
The Executive Director of ENISA, Mr. Andrea Pirotti remarked: ?It is our responsibility as adults to secure that our children can have both fun and safely enjoy online gaming and virtual worlds?
<>
The identity crisis continues
A government report says the National Identity Scheme will fail if it does not primarily serve the public, including being free to join
by Michael Smith
Sir James Crosby's much delayed review of identity management, commissioned by Gordon Brown when he was still chancellor, was not available at the event in March 2008 where home secretary Jacqui Smith outlined her plans for the National Identity Scheme. That is not surprising: it makes embarrassing reading for the government.
The former HBOS chief executive recommends that the identity scheme should be free to join: it will not be. He thinks it should be run independently, perhaps by Parliament: it is run by a Home Office agency.
Crosby's main point is that the scheme should be so useful and easy that citizens actively want to use it, in the manner of Google. Yet it remains to be seen whether the government is listening. For example, it sounds as if students may have a tough time if they do not enrol, rather than the scheme transforming their lives if they do.
Crosby's report shifts the emphasis of government policy away from identity management and towards identity assurance. It states: "ID assurance meets a clear and growing consumer need, whereas ID management addresses the interests of the owners of any identity database."
He recommends that the scheme should be accountable to Parliament, rather than government; that the amount of centrally held data should be minimised; and that citizens should be able to block reuse of their data except for national security purposes.
The identity scheme's core problem was and is that the government wants it to be two things at once: a security system that stops people from doing things, and a enabling system that helps them.
Crosby believes there is very little common ground, and says that the scheme has to focus on enabling people - even for the purposes of national security, as otherwise citizens will minimise usage as far as possible, providing little data to be trawled.
If the scheme fails, he just got in his "I told you so".
The problem with this hair-brained ID card scheme of this government and that of other EU nations – and forgive if I am wrong but this to me would appear to be in fact a scheme that the European Union is demanding (for better control of all citizens – welcome to 1984) – that the British government and its agencies simply cannot, as is proven day-by-day with the losses of sensitive data, be trusted with the data of the subjects of Her Majesty. Nay, I did not say a wrong thing. Please remember that the British citizen is but a figment of imagination.
However, whichever way, the British government and it agencies and the contractors and sub-contractors used by said agencies has such a dismal record as to data protection that there is just no way, whether the scheme is free to join or compulsory – and I am sure we all remember that we were told in the beginning that it was going to be entirely voluntary (believing this government is not easy) – that no one in their right mind could be prepared to trust his or her data, including and especially biometric information and such, to such agencies.
I also doubt that it would be any different whether the Tories of the Liberal-Democrats would be in charge as to the data problems as the problems do seem to lie with the civil service and the departments rather than with the politicians.
On the other hand, though whether we can believe them or not, both the Tories and the Whigs have promised to get rid of that hair-brained scheme altogether. And pigs might fly, I know, for if this comes from Brussels and the new European Ministry of Security then there is no way that it can be abandoned.
Data can be made secure on a small and a large scale but whether the British government agencies would know how to work hardware encryption is questionable.
© M Smith (Veshengro), September 2008
<>
by Michael Smith
Sir James Crosby's much delayed review of identity management, commissioned by Gordon Brown when he was still chancellor, was not available at the event in March 2008 where home secretary Jacqui Smith outlined her plans for the National Identity Scheme. That is not surprising: it makes embarrassing reading for the government.
The former HBOS chief executive recommends that the identity scheme should be free to join: it will not be. He thinks it should be run independently, perhaps by Parliament: it is run by a Home Office agency.
Crosby's main point is that the scheme should be so useful and easy that citizens actively want to use it, in the manner of Google. Yet it remains to be seen whether the government is listening. For example, it sounds as if students may have a tough time if they do not enrol, rather than the scheme transforming their lives if they do.
Crosby's report shifts the emphasis of government policy away from identity management and towards identity assurance. It states: "ID assurance meets a clear and growing consumer need, whereas ID management addresses the interests of the owners of any identity database."
He recommends that the scheme should be accountable to Parliament, rather than government; that the amount of centrally held data should be minimised; and that citizens should be able to block reuse of their data except for national security purposes.
The identity scheme's core problem was and is that the government wants it to be two things at once: a security system that stops people from doing things, and a enabling system that helps them.
Crosby believes there is very little common ground, and says that the scheme has to focus on enabling people - even for the purposes of national security, as otherwise citizens will minimise usage as far as possible, providing little data to be trawled.
If the scheme fails, he just got in his "I told you so".
The problem with this hair-brained ID card scheme of this government and that of other EU nations – and forgive if I am wrong but this to me would appear to be in fact a scheme that the European Union is demanding (for better control of all citizens – welcome to 1984) – that the British government and its agencies simply cannot, as is proven day-by-day with the losses of sensitive data, be trusted with the data of the subjects of Her Majesty. Nay, I did not say a wrong thing. Please remember that the British citizen is but a figment of imagination.
However, whichever way, the British government and it agencies and the contractors and sub-contractors used by said agencies has such a dismal record as to data protection that there is just no way, whether the scheme is free to join or compulsory – and I am sure we all remember that we were told in the beginning that it was going to be entirely voluntary (believing this government is not easy) – that no one in their right mind could be prepared to trust his or her data, including and especially biometric information and such, to such agencies.
I also doubt that it would be any different whether the Tories of the Liberal-Democrats would be in charge as to the data problems as the problems do seem to lie with the civil service and the departments rather than with the politicians.
On the other hand, though whether we can believe them or not, both the Tories and the Whigs have promised to get rid of that hair-brained scheme altogether. And pigs might fly, I know, for if this comes from Brussels and the new European Ministry of Security then there is no way that it can be abandoned.
Data can be made secure on a small and a large scale but whether the British government agencies would know how to work hardware encryption is questionable.
© M Smith (Veshengro), September 2008
<>
Subscribe to:
Posts (Atom)