Best Parental Control

Interesting paper: “A Practical Attack to De-Anonymize Social Network Users.”

Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data.

In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors.

The implications of our attack are manifold, since it requires a low effort and has the potential to affect millions of social networking users. We perform both a theoretical analysis and empirical measurements to demonstrate the feasibility of our attack against Xing, a medium-sized social network with more than eight million members that is mainly used for business relationships. Our analysis suggests that about 42% of the users that use groups can be uniquely identified, while for 90%, we can reduce the candidate set to less than 2,912 persons. Furthermore, we explored other, larger social networks and performed experiments that suggest that users of Facebook and LinkedIn are equally vulnerable (although attacks would require more resources on the side of the attacker). An analysis of an additional five social networks indicates that they are also prone to our attack.

News article. Moral: anonymity is really, really hard — but we knew that already.

Posted in Parental Articles of Interest No Comments Tags: empirical measurements, facebook, malicious website, networking users, social networking sites

EU – European Commission calls on social networking companies to improve child safety policies: (RAPID)
50% of European teenagers give out personal information on the web – according to an EU study – which can remain online forever and can be seen by anybody. Today, Safer Internet Day, the European Commission is passing a message to teenagers: ‘Think before you post!’ It welcomed actions to protect children using social networking websites taken by the 20 companies who signed the Safer Social Networking Principles last year. Most of these companies have empowered minors to tackle online risks by making it easier to change privacy settings, block users or delete unwanted comments and content. Yet more needs to be done to protect children online, the Commission says. Less than half of social networking companies (40%) make profiles of under-18 users visible only to their friends by default and only one third replied to user reports asking for help. See Think before you post! How to make social networking sites safer for children and teenagers? speech by Viviane Reding, Member of the European Commission responsible for Information Society and Media, Safer Internet Day Strasbourg, 9 February 2010. See also European Commission assesses social networking sites’ approach to safety of under 18s and video clip.

(Via QuickLinks Update.)

Posted in Parental Control News No Comments Tags: child pornography, EU, networking principles, social networking, social networking sites

UK – Facebook takes down 30 prisoners' pages after victim taunts: (Guardian)
Thirty Facebook pages have been taken down because prisoners were using them to taunt their victims, Jack Straw, the justice secretary, has revealed. Straw was speaking after a meeting with victims’ campaigners to discuss prisoners using social networking sites to hound families. The minister said the 30 offending pages brought to the attention of Facebook had been removed within 48 hours. He said he was ‘what we have to do is set up a better system with Facebook. ‘So essentially if they get a notice from us that this site is improper then all they have to do is not make a judgment about it, but press the delete button.’

(Via QuickLinks Update.)

Posted in Parental Control News No Comments Tags: facebook, Notice and Takedown, social networking sites, UK

Filed under: Internet Lingo, Social Networking, Technology

We’ve talked about Twitter on this blog and it is mentioned with some regularity in the traditional media. But what IS it?

The answer (in exactly 140 characters) is:
Twitter is a micro-blogging site that is asking you to share what you are doing right now with your friends and the world in 140 characters.

Why? This video from Common Craft answers this question:

Pew Internet did a study showing that teens aren’t using it very much. It is mainly a product used by young adults. This doesn’t mean that some teens don’t use it, or that they won’t use it in the future, but by and large it is not their thing. The research says that teens don’t like the lack of privacy that social networking sites like Facebook have.

Twitter, like all social networking sites, should be used with the same caution as other social networking profiles. Someone may be watching your Tweets that you are not expecting and what you say can still have serious consequences.

Are you a part of a social networking site? If so, which one(s)?

Permalink | Email this | Linking Blogs | Comments

Posted in Parental Control News No Comments Tags: internet lingo, social networking, social networking sites, teen research, twitter

Last month, researchers found a security flaw in the SSL protocol, which is used to protect sensitive web data. The protocol is used for online commerce, webmail, and social networking sites. Basically, hackers could hijack an SSL session and execute commands without the knowledge of either the client or the server. The list of affected products is enormous.

If this sounds serious to you, you’re right. It is serious. Given that, what should you do now? Should you not use SSL until it’s fixed, and only pay for internet purchases over the phone? Should you download some kind of protection? Should you take some other remedial action? What?

If you read the IT press regularly, you’ll see this sort of question again and again. The answer for this particular vulnerability, as for pretty much any other vulnerability you read about, is the same: do nothing. That’s right, nothing. Don’t panic. Don’t change your behavior. Ignore the problem, and let the vendors figure it out.

There are several reasons for this. One, it’s hard to figure out which vulnerabilities are serious and which are not. Vulnerabilities such as this happen multiple times a month. They affect different software, different operating systems, and different web protocols. The press either mentions them or not, somewhat randomly; just because it’s in the news doesn’t mean it’s serious.

Two, it’s hard to figure out if there’s anything you can do. Many vulnerabilities affect operating systems or Internet protocols. The only sure fix would be to avoid using your computer. Some vulnerabilities have surprising consequences. The SSL vulnerability mentioned above could be used to hack Twitter. Did you expect that? I sure didn’t.

Three, the odds of a particular vulnerability affecting you are small. There are a lot of fish in the Internet, and you’re just one of billions.

Four, often you can’t do anything. These vulnerabilities affect clients and servers, individuals and corporations. A lot of your data isn’t under your direct control ? it’s on your web-based email servers, in some corporate database, or in a cloud computing application. If a vulnerability affects the computers running Facebook, for example, your data is at risk, whether you log in to Facebook or not.

It’s much smarter to have a reasonable set of default security practices and continue doing them. This includes:

1. Install an antivirus program if you run Windows, and configure it to update daily. It doesn’t matter which one you use; they’re all about the same. For Windows, I like the free version of AVG Internet Security. Apple Mac and Linux users can ignore this, as virus writers target the operating system with the largest market share.

2. Configure your OS and network router properly. Microsoft’s operating systems come with a lot of security enabled by default; this is good. But have someone who knows what they’re doing check the configuration of your router, too.

3. Turn on automatic software updates. This is the mechanism by which your software patches itself in the background, without you having to do anything. Make sure it’s turned on for your computer, OS, security software, and any applications that have the option. Yes, you have to do it for everything, as they often have separate mechanisms.

4. Show common sense regarding the Internet. This might be the hardest thing, and the most important. Know when an email is real, and when you shouldn’t click on the link. Know when a website is suspicious. Know when something is amiss.

5. Perform regular backups. This is vital. If you’re infected with something, you may have to reinstall your operating system and applications. Good backups ensure you don’t lose your data ? documents, photographs, music ? if that becomes necessary.

That’s basically it. I could give a longer list of safe computing practices, but this short one is likely to keep you safe. After that, trust the vendors. They spent all last month scrambling to fix the SSL vulnerability, and they’ll spend all this month scrambling to fix whatever new vulnerabilities are discovered. Let that be their problem.

Posted in Parental Articles of Interest No Comments Tags: internet protocols, internet purchases, social networking sites, ssl protocol, web protocols