Category Archives: Internet Safety

  • 2

Updated: Choosing the Safest Browser, Part One

Category:Information Security,Infosec Communicator,Internet Safety,Uncategorized Tags : 

Swim safe!

This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010.

Browsers

Last year, we looked at the following browsers to discuss which would be the safest:

Number of Vulnerabilities

How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer.

In Spring 2010, my Cyber Self Defense class ranked the browsers in the order below according to which ones they thought had the most vulnerabilities:

  1. Internet Explorer
  2. Safari
  3. Opera
  4. Firefox
  5. Chrome

According to the  Symantec 2008 Internet Threat Report, here’s the list of browsers ranked from most reported vulnerabilities to the least:

  1. Firefox
  2. Internet Explorer
  3. Safari
  4. Opera
  5. Chrome

The class was really surprised by this ranking.

June 2011

Let’s see how the rankings look from the Symantec 2010 Internet Threat Report. Here’s the 2010 list of browsers and number of vulnerabilities:

  1. Google Chrome–191 vulnerabilities
  2. Apple Safari–119
  3. Mozilla Firefox–100
  4. Microsoft Internet Explorer–59
  5. Opera–31

I was surprised by this order. Ranking browsers by vulnerabilities reported, Chrome appears to be the worst and Opera the best. (In the 2008 report, Chrome had the fewest vulnerabilities!)

Average Time to Fix a Vulnerability

Another way to look at browser safety is how long it takes for a reported vulnerability to be fixed. How would you rank these same five browsers from shortest to longest patch time?

In the 2010 report, Internet Explorer had an average patch time of 4 days. Opera, Safari, and Chrome were each one day or less. (In the 2008 report, Safari had an average “exposure” time of nine days, compared to the “best,” Firefox, which normally took only one day to patch.)

Patch time alone doesn’t appear to be a factor when choosing the worst browser.

Safe browsing is important because the majority of attacks are web-based, peaking at  almost 40 million per day in September 2010.

Does Your Browser Choice Really Matter?

In my opinion, not so much. Internet Explorer vulnerabilities are targeted more because it’s the biggest target. However, all of the browsers mentioned have vulnerabilities and all are patched relatively quickly. Many attacks actually target applications such as Adobe Flash, QuickTime, and the like. Malicious PDFs have also become a huge problem in the last year. What matters are safe practices!

Enhanced by Zemanta

  • 1

Choosing the Safest Browser, Part 2

Category:Information Security,Infosec Communicator,Internet Safety Tags : 

Safe Practices

Check your Browser Security Settings

How can you tell how secure your web browser may be? Scanit’s Browser Security Test checks your browser security settings and provides a report explaining the vulnerabilities, the potential impacts, and how to correct them.

Use Security Software

Your security software should include an antivirus, anti-spyware, and a firewall.

Update Regularly

Keep your browser and applications up to date. If you’re prompted for an update, accept it.

Use Strong Passwords

Use a strong complex password or passphrase. Consider using a password vault such as LastPass to generate and store your passwords.

Install Browser Tools/Add-ons

Current browsers all provide some protection against phishing. There are also browser tools that you’ll find helpful.

  • The Netcraft Toolbar is a browser plug-in available for Firefox. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
  • The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. The Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.
  • WoT (Web of Trust) provides color-coded ratings of the safety and reputation of websites.

Limited Account Privileges

Limiting account privileges (WindowsXP) provides simple but effective protection when working online. Limited accounts allow you to do most daily activities but do not allow you to install software (only accounts with administrative privileges can install software on the computer).

Many attacks take advantage of administrative privileges to install malware on your computer. If you’re using a limited account, attackers and malicious websites will not be able to install malware. (This is less of an issue with Windows 7 and Mac OS X because they ask you to confirm software changes.)

Threats have doubled since 2009 and the threat vectors have increased. Vigilance is even more important.

One thing hasn’t changed. The key to safe browsing is not which browser you choose. It’s following safe practices.

Please comment on the post and let us know some safe practices you recommend.

Enhanced by Zemanta

  • 5

Parenting in the Cyber Age: A Parents’ Guide to Safer Social Networking

Category:Cyberstalking,Facebook,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,Uncategorized Tags : 

At the computer
Are you as a parent worried about what your kids may encounter online? Are you unsure of how they or you can stay safe online when using social networking sites?  Although our kids are now college grads, we had the same concerns about the dangers our kids faced online as most of you do.

In my professional life, I’m a technical communicator at a large private technology university. I am responsible for making staff and students aware of information security issues—a role which has probably made me even more paranoid about the dangers out there on the Internet!

I’ve also had the opportunity to take part in a few K-12 Cyber Security Awareness initiative that gave me an opportunity to talk to teachers and parents about online issues and listen to their questions and concerns. I’ll address some of these concerns in this post. I am also interested in what you would like to know about security issues, so please comment on this post.

Oh…one other thing…my goal is to make this topic understandable for the average layperson. You do not need to be a technology expert to learn how to stay safe online and to keep your kids safe!

Social Networking Concerns

In the last several years, teens and young adults have flocked to social networking sites or blogging sites, such as MySpace and Facebook. This has given them opportunities to meet and communicate with people of similar interests, share information, gather numerous “friends,” share pictures and videos, and even discuss important issues. (Most of these social networking sites are inappropriate for preteens. Although most social networking sites require members to be at least 13, enforcement is next to impossible.)

Risks and Preventive Measures

Sharing Private information—It is extremely easy for unscrupulous people to gain access to you and your children’s private information. When your kids use social networking sites, read the site’s privacy policy. It tells you what information the owners of the web site collect, and how they intend to use it. Make sure that you and your kids understand how that information may be shared.

Profiles—Encourage your kids to guard their information. Keep private information private. Ask them to restrict access to their profiles, when possible, to “friends only.”

You may find that it’s hard for teenagers to take this seriously and understand the risks. Help them choose screen names carefully. Help them choose a reasonably “complex” password—at least 8 characters using a combination of upper and lower case letters, numbers, and symbols (when allowed).

Blogs—Encourage your kids to not share personal information, including their ages, schools, addresses, phone numbers, and parent and sibling names. Make sure they’re not posting information about their social plans. (Don’t give someone who is cyber stalking them information about where they’ll be at a given time.)

Moderating Comments—Ask your kids to approve comments by their friends before they allow them to be posted. Their friends may be less than careful with both their own and your kids’ information.

Inappropriate language and pictures—College admissions offices and potential employers search online to see what kind of information prospective students and employees post online, especially in social networking sites. If they see what appear to be “character issues” portrayed, your teens may not be accepted for their college or job of choice.

Making themselves a target—People can pose as anybody online. That 15-year-old friend might be a 45-year-old male looking for “company.” Sexual predators use social networking sites to identify and engage potential victims. Identity thieves look for private information to use to gain access to victim’s bank accounts or credit.

It’s forever—There is another big problem most of us do not think about. Information we post online NEVER really goes away. Even when you delete a blog entry or a picture, it is “cached” somewhere on the Internet. There are sites on the Internet that specialize in archiving other Web sites.

What you can do

  1. Talk to your kids.
  2. Ask them to help you set up your own profile and page on the same sites they use.
  3. Subscribe to their blogs and read what they are posting.
  4. Respond to their posts.
  5. Look at the pictures they have chosen to share.
  6. Find out who their friends are and see what kind of information they share.
  7. If you have a family computer, try to put it in an open area where you can see your kids’ online activities.
  8. If your family has multiple computers sharing an internet connection through a router, you may want to consider restricting the times their computers can connect to the Internet. Restricting access to reasonable hours helps ensure that they (or you) are not spending all night online.

My philosophy as a parent has been to teach my children how to interact with the world while maintaining their spiritual values. Despite your best efforts, your children are going to encounter these dangers at some time. In my experience, you cannot prevent them from doing something they are intent on doing.

Let’s make sure they know how to protect themselves now, before they’re in an environment where we aren’t there to supervise or teach these lessons.

An earlier version of this article was published previously in Christian Computing Magazine.
Enhanced by Zemanta

  • 2

How Much Does Facebook Know About You? The Two Facebook Dogs Revisited

Category:Facebook,Information Security,Infosec Communicator,Internet Safety,Privacy,techcomm,Uncategorized Tags : 
I attended RIT’s Faculty Institute for Teaching and Learning this week. Mark Greenfield, SUNY Buffalo, delivered a keynote on “Born to be Wired: Technology, Communication, and the Millennial Generation.” There was a lot of useful content, and I encourage you to follow Mark Greenfield on Twitter (@markgr) and check out his resources posted on Delicious.
Among the many things Mark discussed was the ongoing issue of Facebook privacy settings and how difficulty they are to administer properly. He shared Rob Cottingham’s recent Noise to Signal Cartoon with us.


Noise to Signal Cartoon

Rob Cottingham had done an earlier cartoon on the subject as well:

Rob Cottingham was inspired by the famous Peter Steiner cartoon.

Does any of this matter to you?

How much do you worry about how Facebook handles your information? When you post on Facebook, do you think about who might have access to your information? Have you given up on protecting your privacy online?

I can only wonder what the next cartoon will be.

Related Links



  • 9

Ten Ways to Shockproof Your Use of Social Networking Lightning Talk

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking,STC,Summit,Uncategorized Tags : 

I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.

Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.

It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!

Other STC Summit 2011 Lightning Talks

Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner