Tuesday, December 6, 2011
They've come under a bit of unfair stick for it failing (to my untrained rather wonky eye it was hacked) but at least they've not ducked out of trying to give parents options to protect their children (unlike some other ISPs we could mention). So hats off and a big hurrah for them!
We (on the filtering and control side of the fence) often hear 'it's too hard' (no pun intended), 'we're not censors' and 'infringement of freedom of speech' noises from the big boys with the fat data pipes (again no pun intended). What they're really saying is 'with our wafer thin margins how are we going to make an honest buck from adding yet more kit and resources - you lot (us consumers) are only interested in price and speed.'
I've got a wacky idea. ISPs could show a bit of social responsibility and give parents (and others that want it) decent and easy to control filtered web access for their kids (not just porn, race hate and other societal unpleasantness). It's not that hard to do (we know how) and we (the parents that do care) will pay a small premium (that we would have spent with end-point controls anyway) and the world will become a better place. It's happening successfully elsewhere - the famously liberal Dutch have an ISP Kliksafe who have been doing it for ages.
So, ISPs please spend a fraction of your whopping fiber roll-out budgets on making the online world a better place for kids not just delivering the porn faster and in HD.
Thursday, November 17, 2011
Thursday, October 20, 2011
Today my phone arrived and I decided to try 100% wireless restore. I.e. not plug in to my computer with iTunes and only restore from the latest iCloud backup. I was amazed at how well it worked. All I had to do was switch my SIM over to the new phone and put in my wifi password and apple account details and in minutes it was ready to start being used.
The first thing I had to do after that was enter a new lock screen PIN, which it prompted me to do. Then it asked for my apple id again (not sure why it did not use what I entered earlier). Then it prompted me for some Google Apps accounts passwords so I had to set up some new application specific passwords. This re-entering of passwords I have seen before when going from a 3GS to 4. It seems the backup keys the passwords against the hardware for security. Makes sense.
To set up the application specific passwords I had to use the Google Authenticator app. Unfortunately at this point it has not finished downloading and installing all the apps. So I clicked on the app and it jumped to the front of the download queue. A moment later I ran it only to find it had not copied over the 2-factor account details, of which I have 5. Mildly annoying. I guess it’s the same reason as the passwords; security. So I had to choose SMS me the number and I was in. I will finish setting up the authentication later.
But that was about the only niggle I had. All the settings for everything has migrated, all apps, all icon positions and folders, all messages, all pictures - even my open safari tabs, my tiny tower, and my cut the rope progress! Very slick.
I tell you this cloud stuff. It’s the future man! LAN is so last millennium.
Next I wanted my music and went to the wireless iTunes sync. It said... To sync music wirelessly... plug in... and choose wifi sync. Oh well. After I had done that it started to copy them over automatically, via wi-fi. This was taking some time so I just plugged it back in again and let it copy over at USB speeds.
I wanted to play with Siri, so I turned it on and had the following conversation:
“What time is it?”
"Will it rain tomorrow?"
"There is no rain forecast for Southampton tomorrow."
"What time does my last appointment finish tomorrow?"
"Your last appointment tomorrow ends at 5.30pm."
“What should I buy my wife for Christmas?”
“Sorry, I don’t understand “What should I buy my wife for Christmas?”, shall I search the web?"
"Why not what?"
“Sorry I don’t understand “4Q””“**** ***”
“Daniel, I don’t understand “4Q””“Now you’re getting cheeky!”
“If you insist.”“You’re funny!”
“Ha! I’m glad you think so.”
I am going to have so much fun with this!
Wednesday, September 28, 2011
Having spent the last eighteen months in the IT security business (I'm originally a tech marketer from the imaging industry) I'm constantly surprised at the range and responsibility of the jobs Network Managers and Sys Admins are required to undertake - especially those that work in education with all the attendant responsibilities that looking after other peoples' kids entails.
A recent post caught my attention about qualifications in e-safety for those hard-pressed information system plumbers - I don't mean that in a disparaging way either to plumbers or techs - if the information stops flowing, starts leaking, gets backed up ... do you have the skills, knowledge and stomach to unblock the u-bend? - I certainly don't.
I digress - back to the post from the BCS - their core premise is that e-Safety should be taught as a part of the national curriculum (I agree) but there hasn't been a structured way to teach it (I agree) and that the IT department usually ends up having to carry the can for a myriad e-safety problems and incidents (I agree).
To quote The BCS directly: "You wouldn’t send someone who came into a school with a knife to the design technology department, but with internet issues, people usually get directed to the IT department - and the issue is bigger than that."
The creation of a structure to teach e-safety to our kids can only be a good thing - especially if it's delivered by properly qualified teachers. The reclaiming of the teaching environment from the techs by continuous education of all teachers in IT related subjects (not just as 'users' of tech) is an important step in this process.
This also raises the issue of where responsibility (and accountability) lies in hard-pressed schools and LAs for delivering e-safety (and the attendant tech paraphernalia that it requires). In the eyes of the law it's pretty clear (teachers, employers and Governors) but in practice it all seems to be all over the place - with the IT function getting dumped on because it's 'computer or internet related'. If you read some of the threads in Dr. Brian Bandey's e-Safety Law in Education LinkedIn group they illustrate the complexity of this evolving problem.
So - going back to the title of this piece - Are Sys Admins and Network Managers Police Persons? In my personal opinion they should be exactly that - they should provide a safe infrastructure on which to base education. They shouldn't be considered as policy makers, judges or arbiters of standards just because a computer is involved in the process. These functions lay with the educators, policy makers and legally accountable members of the education community - who (again in my personal opinion) should step-up to the challenge and properly understand some of the (seemingly transparent) technology that they currently use and rely on to keep them out of the law courts.
Thursday, September 1, 2011
To add to the fun we'll be doing our thing demonstrating our latest tech in the Interactive Zone - a sneak preview of our pitch >>>
Social Notworking - Who's coming to work to play?
- How to see exactly who's doing what and when on your time and network?
- The Dangers of Web 2.0
- What web filtering really means and how doing it properly benefits your business?
- How do you filter the web?
- What are the key technical benefits
- What are the productivity benefits
- Malware vectors - it's not just email viruses
- What can happen after an e-safety incident
- Cost of fixing the damage
- Legal implications
In summary - the guys at TechMesh have put together a great programme of over 40+ exhibitors; a techpanel – a seasoned panel of experts; an interactive zone where visitors can watch, listen and play with the very latest in technology and a SME surgery for one to one advice from industry experts. There will also be members from all the local business groups milling around - so the networking opportunities will be fantastic.
Date: Thursday 13th October 2011
Time: 9am – 4.30pm
Venue: Royal Armouries, Armouries Drive, Leeds, LS10 1LT
Cost: FREE please visit http://techmeshexpo2011.eventbrite.com/ to register
Monday, August 15, 2011
I’ve had an iPad 2 for a few weeks now and I love it. I’ve had a Chrome Book for a week now and I like it. There you go, that is the conclusion of the review. But not quite. There is a lot of cross over in functionality between the two devices, such as apps, email, web, Facebook, etc, however they both lend themselves to different scenarios.The Chrome Book has two key features missing from the iPad;
- Multiple user accounts
- Chrome web browser
The Chrome web browser is, without doubt, the best web browser by far and allows full access to all the modern web features like Google Docs and Facebook. The Facebook app on IOS is OK but to get full functionality requires the web version. Google Docs is very very cut down on IOS Safari - so as to be too limited for anything other than the most basic note taking, unless you just want to read a document in which case it’s perfectly good. This review is being written using Google Docs on the Chrome Book.
The Chrome Book is missing a major application though; Skype. This will be a show stopper for some people. The iPad does not have a proper app, only an iPhone app but it works well enough. There is always Google Video but it’s just not got the market penetration. Google chat can also now make actual phone calls like Skype.
My father was able to log in and use the Chrome Book fairly easily but then complained when he was unable to write in French in Gmail as there is no way that he or I could see to enter letters such as e-acute. I ended up writing the email in Docs in English then translating to French then correcting the French then copy and pasting in to Gmail. My father reverted to his iPhone for further French emails.
The Chrome Book has a proper keyboard and tracker pad and a reasonable resolution screen. I also have a keyboard stand thing for my iPad. They are similar in use. I find myself wanting to touch the screen on the Chrome Book instead of use the pad as it would be quicker.
The Chome Book boots in about 5 seconds and it almost takes me longer to type my password than it takes to go from login screen to being 100% ready to go. And I don’t mean the Windows-pretend-you-have-the-desktop-but-actually-come-back-later-after-a-coffee. So both iPad and Chrome Book are ready to use instantly without being concerned about booting.
I’ve just been on holiday for a week and mostly used the iPad and Chrome Book rather than a PC, but today I was back at work and within minutes of using my Windows 7 desktop PC I was frustrated with “Window is not responding” and other crap like the AV telling me it needs to update then when I shut down Windows it had 13 updates to install. Bah! I tell you - things like the iPad and Chrome Book are the future. People won’t put up with this for much longer. That said, I won’t be giving up my Windows PCs for a long time until good games like Portal 2 and WoW work on these devices.
The Chrome Book has multiple external storage options and expansions but the iPad has none. I’ve not found I needed this though.
The Chrome Book runs a little warm for my liking. Mine is a Samsung Chromebook Series 5 and according to top has 4 cores. After a few mins a small fan starts up and pumps out hot air on the left. That would be nice in winter but in the summer it made me put it on a table not my lap. The iPad only gets warm from my hot sweaty hands.
In terms of speed, the iPad seems just a little bit faster. Both can play HD youtube no problem or anything I throw at them. But I think the iPad cheats by only doing one thing at a time where as on the Chrome Book, all the tabs are running at the same time.
Both have similar and very long battery life. Hours and hours of usage.
I was able to get the VPN on the iPad to work straight away with my Smoothwall firewall but the Chrome Book is currently missing this functionality although this is due out soon.
IOS does not support much in the way of automatic proxy settings and is quite picky with the proxy.pac URL in that it has to be a fully qualified address. So for visiting iPad users you will need to use transparent web filtering. I’ve not tested the Chrome Book yet.
If I had to keep just one device - it would be the iPad. It does nearly everything and I hope one day it has a better browser. I am keeping both though!
Chrome Book is ideal to give to one’s parents who keep having to reinstall Windows because they get a virus or don’t update. Fully automatic updating in the background. Love it. Chrome Book is more secure and appropriate for a work place. iPad will keep being useful in a car when travelling and where there is no wi-fi.
iPad is for fun and a little work. Chrome Book is for work and a little fun.
Wednesday, July 27, 2011
And why exactly would we want to do this? I can think of a few reasons:
In the simplest case this can be a more interesting, or intuitive way to image search.
Perhaps you find a 5 year old JPG in your home area and you just can’t remember where it came from. Maybe Google remembers?
You need to find a HD version of your desktop wallpaper for that shiny new monitor. No problem...
Maybe you’re a rights-holder trying to track your own images. You wouldn’t be the first.
Being scammed by online dater fakers? Reverse search that profile picture - oh yes, that *is* Pierce Brosnan.
Now this isn’t an entirely new idea, an early player in the game was TinEye. TinEye are still operating and hopefully they’ll stay around some more, giving us double the image searching fun.
Google’s new functionality comes in two pieces.
At the core is ‘Search by Image’ within Google Images. Using the search query box, you can now choose to search with an image of your choosing. This can be a link to an image available on the web, or you can upload one from your local machine. Browser permitting you can even drag and drop a file, which is cute.
As we can see the result set allows us to discover locations on the web where the desired image can be found. We can also specify a different size for the image and locate those too.
Google’s algorithm will make a best guess at the topic of your search and this “trail” can be followed in the normal way - using the suggestion as a search term.
Further down the page we find the second part of the functionality, ‘Visually similar images’. This is where it gets interesting. We can now search around other images found to be similar to our input image. Effectively we can “bootstrap” the image search process with an image of our choosing. This is a great way to find something very particular, or something hard to spell, or indeed... pornography.
Clearly this can be used to find content without stating your intention in the form of keywords. For Corporate or Education networks this might be an AUP circumvention risk. Hence, filters must move with the times. Here at Smoothwall we’ve added a new category for Reverse Image Search services, as it may not be appropriate for all users. We’ve also worked to ensure Force SafeSearch, Search term filtering and Deep URL Analysis are compatible with Google’s latest developments.
Screenshot 2 was generated behind Smoothwall Guardian, demonstrating those features. Just for fun, here’s a screenshot using A. N. Other web filter...
Note: Censored to be (semi) safe-for-work.
Monday, July 25, 2011
Sunday, July 3, 2011
Account security when visiting other peoples’ computers and the additional danger of federated authentication - use Incognito!
I’d like to make a bold statement;
The level of knowledge a person is required to have, right now, to be secure using modern technology such as web applications, is higher than even normal IT-literate users currently have.
I’ll give you an example. If you use federated authentication, then you may end up logged in to both what you expected to be logged in to and the authentication provider. E.g.. log in to Clarizen.net (just an example) by clicking the G button and put in your Google credentials. Now log out of Clarizen. You would think you were logged out - not so. Now go to mail.google.com. See that you are also logged in to Google. Did you realise that before now? I bet you did not.
The mistake that Clarizen are making is that they failed to realise that users expect single-sign-on and but also single-sign-off. The mistake users are making is not realising that single-sign-on does not mean single-sign-off.
The solution for Clarizen and others is to make their log out link redirect to the Google (or other) log out URL. I have recently used this technique with great success with an integration project. Naturally you will want to warn the user that it will do a full log out.
The solution for users, including me, is to always always always use an Incognito Window. Never log on to another user’s computer without using one. What this does is ensure that nothing gets saved on the computer (except downloads) - even if you accidentally allow it to remember passwords or save authorisation on the computer. Once you close the incognito window, all traces that you were there, cookies, passwords, user names, history, etc, are gone.
Incognito also allows you to browse knowing that there will be no history so that if you are looking for something online that you would not like your partner to see, your secret is safe. (I am thinking presents...).
Incognito is available in:
- Google Chrome - Tool menu > New incognito window
- FireFox 4 - Tools > Start Private Browsing (Ctrl+Shift+P)
- Internet Explorer 9 - Cog menu > Safety > InPrivate Browsing
- Safari - Edit menu > Private Browsing
- Opera - Menu > Private Tab / Private Window
More info can be found on this Wikipedia article.
Saturday, June 11, 2011
- NHS could be hacked easily?
- Sony being hacked for sport and Nintendo can keep your data safe (maybe?)
- Facebook can track your face around the web (and would rather not ask first)
- RSA tokens, that bastion of security.. compromised
- FBI partner, lightly owned
Instead I'm wondering if we'll see rain in Montreal tomorrow and Mclaren can put in a decent race pace. What's wrong with me? Why am I not afraid any more?
One reason might be that I've become jaded, inured to breathless security scare stories by... well, people like me - other infosec professionals. I hope we haven't cried wolf, though hunting moose in packs does sound like a lark. Millenium bug syndrome - over hyped by folks that stand to benefit!
Perhaps another reason could be that we've come to expect the odd breach, just like we've come to expect we'll probably catch the dreaded summer cold at some point (another of my excuses for snoozing through the week and not blogging any of these stories, i've been under the weather!), we come to expect security breaches which kill off a few weak members of society, but most people shrug it off with little ill effect. We're now used to cleaning up after the bad guys? Familiarity breeds contempt.. and maybe a hint of complacency?
Of course, there's another option - I haven't really felt the repercussions of any of these issues this week. I don't use an RSA token, own no consoles(!), there's relatively few pictures of me acting the goat on facebook, and my medical history doesn't appear to have been indexed by google (yet, at least). Could it be I just need to have a security breach drop something on my toes?
Anyway, I promise to try and pay a little more attention to the bad stuff going on in our digital domain, but if I fail to get excited by the latest round of apocalyptic damp squibs, cut me some slack will ya? ;)
Tuesday, May 31, 2011
- A user asks "is this a virus" - now you can not only be more confident, but you have got a nice looking report as well, thanks to virustotal.
- Looking like a hacker from the movies is easier than you think - network swiss-army-bazooka nmap (movie references here) has a nice graphical front-end, is easy to use and actually really handy, go get zenmap. Bump the shiny up another notch, and Overlook Fing is like a miniature nmap on android or iphone.
- Keeping up with the latest news and views in security is tough, but if there's one guy who's opinion it is always worth reading, it's Bruce Schneier. Luckily, he publishes a monthly newsletter, Cryptogram. Sign up here.
- We can't all keep a virtual machine knocking around to burn testing dubious looking links. Luckily, we can get a fair idea if a link is going to riddle us with zero-day hell, and a nice report to boot from the folks at wepawet.
- Many people thought I should have included this one at number one - a great looking packet analyzer with a cool name, Wireshark (or Ethereal as it was formerly known) can be used to find out a lot about your network, and is great for seeing what's really going on. Pulling unencrypted passwords and snippets of plaintext conversation off the wire - always a good demo. Remember you can use tcpdump (on your Smoothwall or other Linux-based firewall!) to pick up packets to look at later as well. One that takes a bit of learning, but well worth it. Get Wireshark here.
- Most of us are Windows users, but Linux has a lot to offer. Even if you don't run Linux all the time, there are a couple of live cds which will run without modifying your PC. For the security minded, there's the Trinity Rescue Kit, ever helpful for recovering "lost" passwords, and for the slightly more black-hatty among us, backtrack is the place to be. An unfamiliar and complicated looking interface will do your status with your users no end of benefit. Download and burn trk or backtrack.
Thursday, May 26, 2011
- Appearances can be deceiving: Don’t just look at the URL, but look deeper into a page and content-scan the words and phrases. This insures that all pages are categorized, and a page can’t hide itself as something it’s not. Make sure your filter can determine context, content and construction to block out those tricky bad guys.
- Look for “Just Right” blocking: IT administrators can be worn to a frenzy keeping up with the educators’ requests to unblock websites they need, while keeping a strong block in place. A smart filtering solution avoids over-or under-blocking and provides just the right level of blocking.
- Go for the Interception: Students have become increasingly savvy in finding their way around blocked websites using proxy anonomizers. Look for solutions that can intercept HTTPS traffic to catch HTTP proxies as well as HTTPS proxies. With the right solution, users trying to get around blocked sites will be intercepted- achieving your goal for a safe network.
- Be the all-seeing eye: IT administrators don’t have time to constantly scan the network. They need reporting functions that help make their life easier, not more difficult. During certain hours such as lunch or between classes, it may be good to keep a closer eye on network activity. Real-time content scanning provides valuable visibility, allowing IT administrators to nip potential problems in the bud.
- Network Security never sleeps: It’s not just the school grounds that must be protected. Users who rely on laptops, netbooks or even Mac portables must also be protected while away from the school's network. The full policy and profile safeguards that apply while those laptops are connected on campus must apply when taken home or on field trips, and while those units are connected to the Internet at the local airport or other wi-fi hotspots. Upon return to the school's network, all reporting and tracking of web activities should be aggregated to the reports the school's administrators and teachers receive on student (or staff) activities.
Thursday, May 19, 2011
What’s as bad as bedbugs for hotels today? Like bedbugs, this threat is invisible when guests check in and the consequences may not be evident until long after the guest leaves. It’s extremely costly, with loss of revenue and legal costs. (Yes, it’s so nasty that lawyers are involved.) It’s a growing trend: video downloads on your network.
It started off innocently enough. Once upon a time, hotels had a nice revenue stream from pay-per-view films. Travelers who wanted to relax in their room had a few options: the regular TV programming, the book they may have brought, or splurge for a pay-per-view movie.
Then the internet revolution came about. Hotels began offering internet access in response to demands from business travelers and others who wanted to keep up with emails and their favorite websites. Then the availability of high quality video downloads and new devices with higher resolution began to change the game. Instead of paying for pay-per-view movies, guests could download videos for free on their own notebooks or iPads.
What does this mean for hotels? Colliers PFK Hospitality Research reports that hotel revenue from pay-per-view films has shrunk by 39%. Their study shows that in 2000, each hotel room would collect approximately $288 in pay-per-view revenue annually. Today, the average hotel room collects only $175 annually. The likely cause of this decline in revenue is the many alternatives found on the Internet for videos, gaming and other on-line entertainment.
Even more ruinous, many of these downloads are illegal downloads of copyright protected movies. Hollywood is becoming aggressive in pursuing perpetrators. Film producers are hiring law firms such as one known as The U.S. Copyright Group to issue subpoenas to internet service providers and get the names of individuals who downloaded these films. For hotels, that ISP address is under their name, and is their responsibility. Fines range from $1,500 to $2,900 or more per incident, or defendants could face even larger fines in court. While this type of tactic may not bear up under the scrutiny of higher jurisdictions or legal reviews, the risks remain the same, whether for an individual or a hotel management group: downloading of illegally-obtained copyrighted materials may be bad for your health and your wealth, if the lawyers have their way with you. (To see what one company is doing to offer hoteliers a sound solution go to: www.hotelpeertopeer.com)
Naturally, for hoteliers there’s the ongoing challenge of finding a way to provide the guest with good service, ample access to the Internet and still protect the institution from legal problems. Hotel IT administrators: this is your wake-up call. Make sure you are blocking illegal downloads on your network. Secure your network and sleep well at night: just don’t let the bed bugs bite.(that’s another worry for hoteliers, but not the topic of this post, by the way).
Thanks for reading, commenting and/or tweeting (www.Twitter.com/Smoothwall).
© Smoothwall, Inc., All rights reserved, 2011.
Wednesday, May 11, 2011
What’s a school to do? Education budgets, especially in the United States, are being cut while network security threats continue to grow. School administrators and IT managers must meet growing compliance requirements, as well as face down the threats posed by students who have grown up on-line and know their way around network filters and blocks. Teachers, staff and students all have varying needs for access to the Internet and Web resources, but must also be monitored, provided secure connections and prevented from time-wasting or inappropriate sites. What’s a school to do?
For many schools, the first step is assessing their current network security configurations. Some points to consider when assessing the current network security system:
· Does the system achieve full compliance- such as with CIPA and other Federal and State requirements in the U.S. or BECTA in the U.K.?
· What reporting systems are in place? Efficient reporting functions can help save time and resources, reducing network security costs. How long does it take to run reports?
· Is it easy to monitor live logs as well as what’s been happening over the last 24 hours?
· Can you identify websites that might be potential time-wasters for staff and students, to save resources for those sites that promote instruction in the classroom?
Network security, when done right, should be a cost-saver. Likewise, when done right, network security is a productivity-booster. And, without a doubt, the risks and costs of an unsecured network are far greater than the expense of protection. So, while Benjamin Franklin (U.S. patriot, publisher, inventor, statesman and all-around intellectual) was famous for proving that lightning can strike a kite and shed light on the nature of electricity, he also famously said, “An ounce of prevention is worth a pound of cure.”
Which does your school prefer? To be struck by lightning or to be protected from the viruses, worms, spies and dangers that lurk around the edge of your network? Network security is worth every penny, every pound and every dollar you invest in it.
Thanks for reading. Care to comment? Please do so, or tweet us at: www.Twitter.com/Smoothwall
© Smoothwall, Inc., All rights reserved, 2011.
Thursday, May 5, 2011
You didn’t realize it at the time, but your mother taught you everything you need to know about network security--or at least the important highlights. After all, mom’s goal is the same as ours as network security administrators: to keep us all safe.
Does any of this advice sound familiar?
1. Be suspicious, trust nobody. That goes for users on your network, as well as messages you receive from friends. Make sure users aren't allowed to download anything without permission. Be wary of suspicious links or invitations to join new social networks. These could be phishing attacks in disguise.
2. Lock the door. You wouldn’t let strangers into your house, so why would you let them onto your network?
3. Do your homework. Threats change daily. Keep up on newest threats so you can make sure your network is prepared for them.
4. Keep things clean. What she meant (in addition to clean socks and washing your hands regularly) was to make sure your PC, network protection and malware detection software is always up to date. Updated software and network protection will help keep the bad guys out.
5. Always be aware. Look before you cross the street, even if you don’t hear a car, and don’t assume some websites are safer than others. Sometimes the most “trusted” sites can be more dangerous. Educate other users on your network to inform them of the risks.
So let’s hear it for Mom. The network security savvy we have today originates in her good advice. It’s one more reason to thank her for all that she’s done for us. Oh, by the way, Happy Mothers’ Day!
We appreciate you reading our posts. Feel free to comment or post a tweet: www.Twitter.com/Smoothwall
© Smoothwall, Inc., all rights reserved, 2011.