Will web connections fail to cross the line during the Olympics?

There has been much talk about cyber-attackers planning to disrupt the forthcoming Games. However, a bigger threat will come from the unprecedented demand that will hit networks and web connections during this period.  

The major risks at the Olympics will come from the huge surge of web traffic that will occur as millions of sports fans stream events during the working day. This unprecedented demand will put many networks under a huge amount of pressure and some connections could simply grind to a halt which will impact on businesses throughout the UK.  

In addition, whilst the major broadcasting networks have good security measures in place, there is lots of potential for malware to be attached to videos from YouTube and other sharing sites and the positive publicity surrounding the games is likely to mean that people will be less discriminating about the items they choose to watch.  This could result in a huge surge of IT problems for both personal and business users during the Games.

Not sure what your views are, but it would be great to find out……..

Testing Times Ahead For Online Security?

A little while back a group of Germans known as "The Hackers Choice" released a piece of software that "specifically targets deficiencies within SSL". In light of the many groups currently who assume to be our cyber-saviours, I'm a little skeptical. Whilst I fully agree with the principal that on the whole we should be able to rely on any given security standard to keep our most prized data safe, recent events have shown anything other but this (SSL Cracked).  I really don't think they're going to reach the masses. I mean, how many people actually know what SSL stands for anyway? As long as it doesn't hamper their online shopping, facebook/twitter oriented existence they just don't care.

As with plenty of other technologies that have gone by the wayside, at their peak they were the best thing since sliced bread; vhs, walkmans, CRTs... you get my drift.
Is it perhaps time we added some of our dated encryption methods to that pile of bygones too?

You only have to look at the history of various encryption algorithms, developed as far back as the late 80's or early 90's (RC4, AES). Half of us don't own cars that old (well, I may be an exception to that one!) so why are we trusting clearly out-dated encryption standards? Perhaps Convergence is the new generation of security we really need. 

I realise that not just anyone can open up their system and set about wiring half of the UK's GDP to their offshore account in under thirty minutes. However, the fact that weaknesses (many) have been highlighted is enough for me to question the viability of things like online banking, do I really need it? The answer to that is no, I don't need it, but I want it all the same it's a convenience. That's what everything is built upon, convenience. With a little security thrown in for good measure. Well maybe I want a lot of security, after all I'm using your website to buy goods with my credit card, I'd like to be able to rely on you when you say it's secure.....

Firefox12 - Enough Versions Already, but This One I Like...

I notice firefox 12 is on the horizon. I'm sure I am not the only one to be irritated by the version numbering game. As Smoothwall's Web Filtering Product Manager, keeping up with which versions of popular browers we need to support is like shooting moving targets with a fairground rifle whilst wearing comedy nose glasses.


Version 12 though has a special place for me, as it's going to save me a job - updating my parents' web browser! Being a fairly security minded type chap, I have had them using Firefox - yeah, I know, there's not a lot of difference between the major browsers any more, but when I set their first PC up, it was night and day. I also never gave them admin rights - there's just no need. Or there shouldn't be. The one thing that's been missing all these years though is background updates. Finally, 12 has Silent Service Update - so they'll be able to have the latest version, and I won't have to scoot round the house with my admin creds when I pop in for Sunday lunch!


Great start by Mozilla - and good to see they're going to offer SSU to other software vendors, I always thought it was a shame other products couldn't use Windows Update. I instinctively uninstall Adobe's bloated PDF reader in favour of Sumatra (which is still an Admin-only update, but a lot less prone to attack), but my arch enemy lives on - Java. Next time I am in Wakefield, I'll be working out whether my folks really need a JVM.


PS. Yes, I know Chrome does this already, but I wasn't up for the support overhead of a new browser!

DfE Passes Buck on e-Safety

My kids are pretty safe at school - they are cared for by people who often go a beyond their remit to make their day as safe as it can be.  They are taught by qualified teachers who are in turn monitored by OFSTED (as a School Governor I'll not go there today).  The equipment and services in their school are of the safest kind;  electrical installations by NIC EIC accredited contractors, we've got BS Standard fire alarms, they eat nutritionally balanced meals created in monitored and carefully managed kitchens.  They even go on school trips in Department of Transport inspected buses driven by trained drivers with licences.  Schools are probably about the most regulated part of our society.


So, today we find out that the UK Department for Education have finally decided that they are not responsible for setting national minimum standards for e-safety provision (read web filtering and security technology) in schools.  A bit of a shocker - as huge bits of their curriculum is delivered using on-line systems and tools - and our kids are now more digital than most of us.


The sad thing is that the DfE were once responsible and (in their Becta guise) really good at it. They put vendors through the wringer to make sure any system they supplied actually did what it said it would do - protect creative, inquisitive kids from the more savoury bits of the web when their hard pressed teachers had their backs turned for a second.  And, they gave solid advice on what actually worked and what was good value - very hard for an individual school or LA to do in a tech environment that changes by the day and with local budgets pared to the bone.


So what happens now?  The DfE claim that the Accreditation scheme was just a starting point and that now schools should chose the system that suits them (and their budget).  Tell me if I'm being dense but it sounds like - 'trust the computer sales man because they always tell the truth' and 'buy the cheapest system because they all do the same thing'.  Oh, and if something goes wrong (and things do) blame somebody else (as a Head Teacher/ Governor / LA there isn't anybody else to blame - sorry).


We can all appreciate that must be really hard to make decisions to cut vital services because you don't have the money.  But, to abandon existing e-safety standards because you haven't the vision to see the consequences looks a bit negligent to me.  But what do I know?


http://epetitions.direct.gov.uk/petitions/31372

Time for Social Media Tools in Government?

The web is now woven intricately through our everyday lives -  it helps us be more connected, better informed, allows us to react faster and provide information more accurately (except maybe at work)

Top down decisions on who can do what (and when and where) stops us from fixing problems, communicating effectively and building close relationships with our colleagues - and more importantly the people we are trying to serve.  The technology we use at work needs catch up with the on-line tools we use everyday at home.

So, if you give your people access to the parts of the web they actually need to do their jobs in this century – what’s the problem?

Let’s be clear here - we’re not advocating a free for all discussion on national security on Twitter or Facebook – but, letting people know that the bins aren’t going to be collected because of snow, or the outcome of a local service review was positive or even that the local hospital is looking for volunteers – where’s the harm in that?

The IT guys will tell if you give your people access to the web the sky will fall in – your legal department will sternly inform you that you are ‘being brave’ – but in reality your people will get on and get stuff done efficiently and quickly using web tools and services they already know and use intimately.

Oh, and fooey to the doom merchants - the world won’t stop on its axis because you’ve put in sensible policies (managed by people you trust) and appropriate controls, filtering, monitoring and reporting.  You know exactly who’s allowed to access what, where and when - so they’ll not be catching up on the football, watching a cookery program on their laptop or updating their personal status on duty.

We think it's time to help governments make the social bits of the web useful and productive.

http://www.howto.gov/social-media/using-social-media

http://coi.gov.uk/documents/Engaging_through_social_media.pdf

Safer Internet Day: Passwords and Protection

Today is Safer Internet Day - an event organised by Insafe to help people, particularly young people, become and stay safe in today's interconnected society.

Instant interconnectivity can be daunting to the uninitiated. Within a few minutes, you can have Facebook and Myspace tied into lastfm, twitter, flickr, blogspot, stumbleupon, reddit and literally hundreds of other third party games, apps and sites, all of which come together to help us connect to more people, more quickly, more of the time … every connection you make increases the amount of people that can see information about you – information that could be used to target you. If you have up to date anti-virus software and a firewall it will help protect you against many software based threats, keyloggers, botnets and the like, but it can’t protect you from the malicious and hurtful people you meet on and off-line. Passwords are the key to your on-line life. One of the easiest ways to break into your computer system is to guess your password. Especially if that password is on a post-it note, stuck to the screen. With the word 'password' next to it in block capitals.

Is your Facebook password the same as your computer login? It's easier to remember that way isn't it? So now, because of that post-it, someone knows your personal email address, date of birth, where you went to school, where you work, where you live, who all your friends are, every club you've been to in the past 6 months (and on what dates), what car you drive, when you bought it and exactly what your next door neighbours cat had for breakfast. In isolation, none of this information would be particularly useful in the hands of someone with nefarious intentions, but put it all together and it wouldn't be too difficult for them to impersonate you on-line. I hope your banking password is different...

Aside from the material risks, there is also the danger of someone manipulating your social life. Abusive messages to friends, offensive posts about others and publicised subscriptions to ‘entertainment’ sites you woudn't normally touch with a barge pole can all produce a pretty uncomfortable social backlash. This applies to all age groups, but the most quoted problem area is teenagers and cyberbullying.

Cyberbullying is real, hurtful and dangerous. The faceless nature of the attacker can make it even more disturbing than a bloody nose in the playground or superglued books. How do you fight something intangible? The first step is to know what tools you have at your disposal. Every social website (twitter, lastfm, facebook, myspace et. al.) has a ‘block person’ function to stop people contacting you – and for serious incidents a ‘report this person’ process. Most have a setting to make this the default behaviour, and only those you select can get in touch. If you don't want to communicate with someone on-line, you don't have to - the tools are there and very easy to use.

I know several teachers that have have students who have experienced cyberbullying/cyberstalking incidents that have spilled over into the school environment. By this point, the victim had been terrorised for several weeks or even months beforehand. A trying time for everyone – especially the victims, but the trauma and fallout could have been averted with a few clicks had they only known how to protect themselves on-line.

Internet safety is not just about protecting your computer - it’s about knowing how and why to protect yourself. You wouldn’t walk down a dark alley on your own late at night, even if there was a sign at the entrance saying ‘Play for free now!’ Yet the same sign on the internet flashing red and yellow is often treated as a risk free invitation. A little trepidation is all that’s needed. A slight shift in your mentality from ‘why not’ to ‘why should I?’. Why should I give someone I don’t know the means to contact me any time they please? Why should let them see everything I’ve done and everywhere I’ve been? Why should I keep talking to someone if they’re making me feel uncomfortable?

Just as the internet has become an everyday thing, internet safety should be something that’s considered every day.

Have a look here for some useful information about password practice.

TalkTalk Hiccup With Porn Filtering

TalkTalk - the UK ISP has recently had a problem with the adult content web filtering system it has implemented.  The guys from PC Pro cover the story admirably - "TalkTalk's porn blocker lets explicit videos through" but focus on the failure not the implications.


They've come under a bit of unfair stick for it failing (to my untrained rather wonky eye it was hacked) but at least they've not ducked out of trying to give parents options to protect their children (unlike some other ISPs we could mention).  So hats off and a big hurrah for them!


We (on the filtering and control side of the fence) often hear 'it's too hard' (no pun intended), 'we're not censors' and 'infringement of freedom of speech' noises from the big boys with the fat data pipes (again no pun intended).  What they're really saying is 'with our wafer thin margins how are we going to make an honest buck from adding yet more kit and resources - you lot (us consumers) are only interested in price and speed.'


I've got a wacky idea.  ISPs could show a bit of social responsibility and give parents (and others that want it) decent and easy to control filtered web access for their kids (not just porn, race hate and other societal unpleasantness).  It's not that hard to do (we know how) and we (the parents that do care) will pay a small premium (that we would have spent with end-point controls anyway) and the world will become a better place.  It's happening successfully elsewhere - the famously liberal Dutch have an ISP Kliksafe who have been doing it for ages.  


So, ISPs please spend a fraction of your whopping fiber roll-out budgets on making the online world a better place for kids not just delivering the porn faster and in HD.