[SecurityRatty] tag: kid

A Parent's Guide to Safe, Simple, Kid-Friendly E-Mail

Thu, 06 Nov 2008 02:00:00 +0000

Here are some techniques to let kids exchange messages with family members and friends while protecting them from online predators, crude spam, phishing messages and the like.

A Parent's Guide to Safe, Simple, Kid-Friendly E-Mail

Wed, 05 Nov 2008 21:00:00 +0000

When it comes to children and the Internet, most parents focus on safe Web browsing. That's understandable, given that the Web can sometimes seem like one big Red Light District. But the Web isn't the only source of objectionable material online. E-mail can be just as bad.

The Bot Monsters are right outside your door!

Thu, 30 Oct 2008 12:48:57 +0000

GO Chicken Heart!
Sorry, a flashback to my days as a kid. Yes, I was a kid!
Make sure your Firewall is properly configured to thwart attacks or you may be getting a trick instead of a treat this Halloween.

clipped from www.pcworld.com

Don’t Be Dragooned Into the Botnet Army

A favorite multipurpose weapon of online thieves is growing larger and more powerful, according to those who combat the threat.

The malware armies are growing, with a sharp rise in the number of computers corralled into botnets–far-flung networks of infected PCs that digital crooks use to steal financial account data, relay spam, and launch crippling Internet attacks. Now that popular Web sites can invisibly and unwillingly spread malicious software, the days of staying safe just by being careful where you surf are sadly long gone. But you can take steps to protect yourself and your PC from these threats.

How to save yourself from your kids online

Wed, 22 Oct 2008 20:00:00 +0000

Every so often during dinner engagements or casual conversation, the topic of kid safety and teen and pre-teen monitoring on the Internet comes up. I should not be surprised since I am in the information security industry and I am privy to many stories, both in the corporate world and home.

Who's Behind the Georgia Cyber Attacks?

Thu, 14 Aug 2008 06:16:34 +0000

Of course the Klingons did it, or you were naive enough to even think for a second that Russians were behind it at the first place? Of the things I hate most, it's lowering down the quality of the discussion I hate the most. Even if you're excluding all the factual evidence (Coordinated Russia vs Georgia cyber attack in progress), common sense must prevail.

Sometimes, the degree of incompetence can in fact be pretty entertaining, and greatly explains why certain countries are lacking behind others with years in their inability to understand the rules of information warfare, or the basic premise of unrestricted warfare, that there are no rules on how to achieve your objectives.

So who's behind the Georgia cyber attacks, encompassing of plain simple ping floods, web site defacements, to sustained DDoS attacks, which no matter the fact that Geogia has switched hosting location to the U.S remain ongoing? It's Russia's self-mobilizing cyber militia, the product of a collectivist society having the capacity to wage cyber wars and literally dictating the rhythm in this space. What is militia anyway :

"civilians trained as soldiers but not part of the regular army; the entire body of physically fit civilians eligible by law for military service; a military force composed of ordinary citizens to provide defense, emergency law enforcement, or paramilitary service, in times of emergency; without being paid a regular salary or committed to a fixed term of service; an army of trained civilians, which may be an official reserve army, called upon in time of need; the national police force of a country; the entire able-bodied population of a state; or a private force, not under government control; An army or paramilitary group comprised of citizens to serve in times of emergency"

Next to the "blame the Russian Business Network for the lack of large scale implementation of DNSSEC" mentality, certain news articles also try to wrongly imply that there's no Russian connection in these attacks, and that the attacks are not "state-sponsored", making it look like that there should be a considerable amount of investment made into these attacks, and that the Russian government has the final word on whether or not its DDoS capabilities empowered citizens should launch any attacks or not. In reality, the only thing the Russian government was asking itself during these attacks was "why didn't they start the attacks earlier?!".

Thankfully, there are some visionary folks out there understanding the situation. Last year, I asked the following question - What is the most realistic scenario on what exactly happened in the recent DDoS attacks aimed at Estonia, from your point of view? and some of the possible answers still fully apply in this situation :

- It was a Russian government-sponsored hacktivism, or shall we say a government-tolerated one

- Too much media hype over a sustained ICMP flood, given the publicly obtained statistics of the network traffic

- Certain individuals of the collectivist Russian society, botnet masters for instance, were automatically recruited based on a nationalism sentiments so that they basically forwarded some of their bandwidth to key web servers

- In order to generate more noise, DIY DoS tools were distributed to the masses so that no one would ever know who's really behind the attacks

- Don't know who did it, but I can assure you my kid was playing !synflood at that time

- Offended by the not so well coordinated removal of the Soviet statue, Russian oligarchs felt the need to send back a signal but naturally lacking any DDoS capabilities, basically outsourced the DDoS attacks

- A foreign intelligence agency twisting the reality and engineering cyber warfare tensions did it, while taking advantage of the momentum and the overall public perception that noone else but the affected Russia could be behind the attacks

- I hate scenario building, reminds me of my academic years, however, yours are pretty good which doesn't necessarily mean I actually care who did it, and pssst - it's not cyberwar, as in cyberwar you have two parties with virtual engagement points, in this case it was bandwidth domination by whoever did it over the other. A virtual shock and awe

- I stopped following the news story by the time every reporter dubbed it the first cyber war, and started following it again when the word hacktivism started gaining popularity. So, hacktivists did it to virtually state their political preferences

Departamental cyber warfare would never reach the flexibity state of people's information warfare where everyone is a cyber warrior given he's empowered with access to the right tools at a particular moment in time.

Related posts:
People's Information Warfare Concept
Combating Unrestricted Warfare
The Cyber Storm II Cyber Exercise
Chinese Hacktivists Waging People's Information Warfare Against CNN
The DDoS Attacks Against CNN.com
China's Cyber Espionage Ambitions
North Korea's Cyber Warfare Unit 121

Chinese Hackers Attacking U.S Department of Defense Networks

Electronic Jihad v3.0 - What Cyber Jihad Isn't

Electronic Jihad's Targets List

Teaching Cyber Jihadists How to Hack

Empowering the Script Kiddies

OSINT Through Botnets

Corporate Espionage Through Botnets

Malware Infected Hosts as Stepping Stones

Hacktivism Tensions - Israel vs Palestine Cyberwars

The Current, Emerging, and Future State of Hacktivism

Internet PSYOPS - Psychological Operations

CyberAngels has a great piece on CyberBullying

Fri, 01 Aug 2008 11:39:42 +0000

If you’re a parent, take the time to read this great article, for your kids sake.
Then talk to them about it.
You remember how tough it was to be a kid when there was no Internet right?
Imagine being bulled with zeros and ones.

clipped from www.cyberangels.org

Cyberbullying

The feeling of anonymity on the web makes it a perfect playground for students to engage in cruel behavior. A study from the National Crime Prevention Council (NCPC) says that 43 percent of teens reported being victims of cyberbullying in the past year.

The Perfect Storm

Thu, 17 Jul 2008 03:15:00 +0000

Its time to get your raincoats and lifeboats - the perfect storm is finished brewing - it is about to rain down upon us.

This may sound dramatic but I think that I may not be conveying the amount of pain that Information Security is about to receive. We will certainly have to step up our game.

Symantec and Verizon have done some interesting research into the underground hacker community and their findings are rather interesting. A bit scary too.

There is an entire community of totally different players that all work together to get from the point where a nerdy kid finds a vulnerability to where a hacker uses that to get into a PC, steal personal information and credit card details, sell them or use them and move on.

So far, it seems, that the community has been quite lazy and have just discarded company information to get to the credit card information and personal information (ID numbers, social security numbers, addresses etc).

This has provided us in Information Security with a perfect opportunity. We have been able to observe how hackers work while they have been taking information that is not our own. Companies that have credit card information have been the ones that were most under attack but those that don't handle credit card information have largely been ignored by hackers except for some members of staff who have been caught out but then they have only lost their own personal information.

There just really isn't a (black/underground) market for information that is not credit card or personal finance related.

However, it was always my feeling that the credit card/personal finance market would become saturated at some stage and the loosely-bound-but-still-very-organised-and-co-ordinated underground market would start to look elsewhere.

Essentially, the infrastructure is there for wide-scale information theft but the will wasn't there. I have thought this for a while my question was always - when will the will be there? When will Jack-the-hacker decide that credit card theft is no longer worth his time and start to deal in company information ?

Adrian Lane from Securosis thinks that the falling prices in the underground economy is humorous. I disagree. I look at it as very scary and the final puzzle-piece.

I think that the perfect storm is about to be unleashed.

This Fourth of July I will be a patriot because to be anything else is unthinkable.

Fri, 04 Jul 2008 12:56:11 +0000

Well said!
There is much wrong in this country, however, we have much to be thankful for because of those who wanted to make this country great and were willing to give their lives to make it so.
Thanks to all of you who make this country worth loving.

clipped from www.cnn.com

What’s patriotism? Definitions differ

Patriotism is loving your country. Patriotism is standing when the national anthem plays. Patriotism is putting your hand on your heart to recite the Pledge of Allegiance.

Some say it is unpatriotic to oppose the war, but hear me out: Say if your kid brings home a bad report card. Are you proud of him? Probably not. But do you still love him? Yes.

16-Year Old Indian Hacker Says College Useless

Tue, 17 Jun 2008 07:10:42 +0000

A 16-year old boy was arrested and interrogated for his involvement in eBay and PayPal scams, and said that he was happy with his lifestyle and that college was a “useless” alternative for making money.

Coming from a modest background, the boy wanted to live lavishly with a fine haircut and brand-name clothes, and he found he could achieve that by committing fraud from names and credit card information purchased on international hacking forums.

“His knowledge of the codes and payment gateways is as good as that of a professional hacker,” said a senior crime branch official who has been interrogating this teenager picked up from Mulund in Mumbai, involved in an online payment scam on eBay. Three other persons who were arrested in Ahmedabad for their involvement in the scam are in police custody.

Now, when I was a kid, I learned that education was the road to making money. If I was a good student and got through college, I could get a good job, live comfortably, maybe achieve something good for the world. There’s a problem when college is seen as a “useless” alternative for this. Don’t get me wrong, I think it’s great if students take the initiative and learn how to teach themselves new skills — but not when it comes to using their knowledge for fraud and theft.

On braces, baseball and Fathers Day

Sat, 14 Jun 2008 17:05:00 +0000

Image via Wikipedia

So it is quite an exciting Fathers Day weekend here at the Shimel house. On Friday my oldest son Landon, 8, had braces put on his top teeth. I know that 8 is early for braces, but evidently today they do this as a "Phase 1", so that hopefully he won't need them as long later on. Seeing my little boy come out of the room with braces was quite a sight. Unlike the trauma that kids had about braces when I was younger, he thought it was awesome. The picture to the left are not his braces. Landon's are black and gold, Steeler braces. In 6 weeks they will change them to Yankee blue and white. Braces have certainly come a long way since I was a kid. But my son Landon has come a long way too. Looking at him with his braces and talking to the office staff I realized that the little, fuzzy red headed baby we brought home from the hospital almost 9 years ago now has grown into quite a boy. Where is the little toddler that I would toss a sponge ball to underhand and tell him to use two hands to catch? Could this kid with the catchers mitt catching everything I throw at him and firing it back to me be that baby?

Saturday is a day filled with both boys. I am taking Landon and Bradley to breakfast and than off to Baseball City to practice our hitting and pitching. Then Bradley has a birthday party he is invited to and Landon and I will go swimming.

Sunday Landon has a travel baseball team game at 10am. Landon was selected for the team because of the great season he had in Little League and is now in tournaments for the next few weeks. Than we are all going to visit my Uncle and Aunt for Fathers Day at the house near the water with a pool.

I could not think of a better way to spend my Fathers Day weekend. My mother-in-law always used to say that she was the richest woman in the world because of the treasure that were her children. When I was younger I laughed but would have taken the cash. As I have grown older and have had a chance to watch my boys grow up and have come to understand what it truly is to be a Father, I know that she was right. There is nothing like the love of a child and watching, helping and sharing in their adventure that is life.

To all of you celebrating Fathers Day this year whether as a Dad with your own kids or with your own Dad, congratulations and savor every minute of it. Happy Fathers Day!