Posted December 30th, 2009
Having taken some time off over Christmas, I’ve been taking care of some "Home Admin" tasks that have been on my todo list for a while. I decided to document these on another blog site, www.homeserverhub.com, where I post more hobby and personal stuff. Essentially I have two top level tasks (1) Consolidate your E-Mail Accounts and (2) Clean up the Clutter, with several sub-tasks broken out. Read the whole article at End of Year E-mail Clean Up.
Posted December 30th, 2009
Filed under: Internet Lingo, Technology, Parental Controls
A mom that I know (who will remain anonymous) is one whom I often think of when I am writing this blog. She is a mom of three great kids – an 8-year-old, 10-year-old and a 14-year-old. She uses email, but only under duress. She uses the Internet for research about several things, but only reads articles – never posts anything or uploads pictures because she feels like it will be too hard or she will sound silly. Her kids all want to get online and do various age appropriate things. I am the one who gets a call with a question how to protect the kids from the “bad things”. She is pretty savvy with the parental controls on other gadgets like the TV and game systems, but feels intimidated by the same things online. She is also my source for questions about my daughter, so we trade information.
Then, at the FOSI conference, I heard this startling figure: of the top 100 apps on the iPhone, 35% are geared toward toddlers and preschoolers, and 12% to elementary aged kids. I’m assuming they were purchased by the parents who are giving their kids a game to play with while they at the store, on a plane, waiting at the doctor’s office, etc.. The person doing this seems like the polar opposite of the mom I first described. Are these parents this tech savvy to use the all of these gadgets and gizmos? Or are they the same parents, but have discovered a way to make the Internet part of their everyday world?
A not so scientific survey I heard about at the conference said that parents who don’t use parental controls on their computer don’t because they:
- don’t feel they need to because the child knows more about computers than they do
- feel “that wouldn’t happen to my child” when talking about being exposed to mature content
- are intimidated by the computer
I have a theory that the same parents that use technology to their advantage are the same parents who say they “can’t”… they just don’t realize they already are tech savvy.
What technology do you use in your life?
Permalink | Email this | Linking Blogs | Comments
Posted December 30th, 2009
We close out the year with a somewhat irreverent show that includes sexy security professionals, discussions of security and underwear, and a special guest appearance by Jack Daniels. Zach, Martin and Rich are all present this week as we mix a bit of the lighthearted with the regular security news.
Have a happy New Year!
Network Security [...]
Posted December 29th, 2009
Offered for your perusal.
Posted in public policy, risk, threats 
Posted December 29th, 2009
We?ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.
What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It?s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.
The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both ?write? and ?execute? privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.
However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don?t need to worry about this issue. If, however, you are running IIS in a configuration that allows both ?write? and ?execute? privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable. Once again, here?s a list of best practices resources:
· IIS 6.0 Security Best Practices
· Securing Sites with Web Site Permissions
· IIS 6.0 Operations Guide
· Improving Web Application Security: Threats and Countermeasures
The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they?ve put more information up about this on their weblog.
I hope this helps answer any questions.
Happy Holidays and Happy New Year.
Christopher
*This posting is provided “AS IS” with no warranties, and confers no rights*
