Twitter
Facebook
ClickBank1

How to Protect Against the Heartbleed Security Flaw (Slideshow)



First, don't panic. This is a serious problem but you need to put it into perspective. While there is clearly a vulnerability, there are so far no reports of the flaw being exploited. And even though this flaw has been around for the past two years, almost all the major sites have fixed it -- in some cases in the last few days.

There have been reports of hardware -- routers and other equipment -- that could be affected but, so far, we have only heard about devices used in big organizations. To be safe, visit the website of the company that makes your router to see if there are any updates.

What you can (and can't) do

When it comes to protection, there is very little that individuals can do. It's up to site and service operators to fix their systems. If you're unsure about systems you use, click on the test site links (below) to check and also be sure to look at CNET's report on the top 100 sites.

Test sites:


Lastpass Heartbleed checker

Flippo Vialsorda's Hearbleed test

Qualys SSL Labs

Change your password if the site is now secure

If you can confirm that the sites you're using are secure, this is a good time to change your password. Actually you should change passwords every few months anyway. Make sure you're using a unique password for each site and make sure that it contains upper case letters, numbers and symbols and don't use a dictionary word or a common name. This sounds hard, but ConnectSafely's Tips for Strong Secure Passwords has easy-to-use suggestions. Also, scroll down to view ConnectSafely's slide show.

Monitor your accounts

The Department of Homeland Security advises that you "Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages."

Beware of 'phishing' schemes

Also, beware of "phishing schemes." You might get email that appears to be from banks and other sites, "disclosing" that the site was vulnerable and asking users to reset their passwords. These could be phishing attacks designed to trick you into revealing your log-on credentials to thieves. And some of these attacks are very sophisticated, taking you to sites that look identical to a company's real site.

If you get such an email DO NOT CLICK on any links. If you feel that it's time to change your password (and you should once you know the site is no longer vulnerable), type in the site's URL in your browser and navigate to the password reset page. It's less convenient than clicking on a link but a lot safer.

Here are tips for safe, secure and unique passwords.

This post also appears on SafeKids.com

The Evolution of Online Safety: Lessons Learned Over 20 Years

When I wrote the original version of "Child Safety on the Information Highway" (click here for 20th anniversary updated version), in 1994, "online safety" was largely defined as keeping kids away from porn and predators and the solution was pretty much focused on parental controls.

But, over the past two decades, there have been a lot of changes in both online and mobile technology and some research that gives us a better picture of risks and prevention strategies.

Porn and predators are still part of the picture, but -- now that we have some research -- we know that the risk of a child being harmed by someone they meet online is extremely low, especially compared to other risks. If a child is going to be harmed by an adult, it is far more likely to be someone they know from the real world such as a relative, family friend or other trusted adult.

As for porn, there is no question that kids who want to find it probably will, but after more than 20 years of Internet access, we haven't seen huge social or psychological problems emerge. Still, many parents are rightfully concerned about the type of content their kids are viewing, which is why I wrote "So your kid is looking at porn. Now what?."

Real risks

Over time it became increasingly obvious that some of the biggest risks to kids came not from dangerous adults but from themselves and other kids. In 2009, the Internet Safety Technical Task Force, assembled by Harvard's Berkman Center per an agreement between 49 state attorneys general and MySpace, concluded that "actual threats that youth may face appear to be different than the threats most people imagine" and that "the image presented by the media of an older male deceiving and preying on a young child does not paint an accurate picture of the nature of the majority of sexual solicitations and Internet-initiated offline encounters."

What the task force did find is that "bullying and harassment, most often by peers, are the most salient threats that minors face, both online and offline." Partially because researchers can't agree on a definition of bullying and harassment, the actual risk is hard to quantify, but it is clearly much higher than the risk of being harmed by a predator.

Bullying and "trolling" have been around forever, and it's true that among young people, so-called "cyberbullying" is often an extension of school-yard issues. But the Internet and phones do change the equation for a number of well-known reasons, including the ability for mean comments to stick around and be passed with lightning speed. Plus, the Net has created new ways to bully like impersonating someone by getting hold of their phone or password or passing around inappropriate pictures of someone.

Privacy, security and reputation management

As the online safety field evolves, it is starting to focus on some of the more common risks to both youth and adults: privacy, security and reputation management.

While protecting one's privacy has always been a challenge (i.e. small-town gossip going back centuries), the Internet and mobile technology have created opportunities for privacy problems on a grand scale. For one thing, there is what we post. It's now very easy to post information that might embarrass yourself or others or reveal secrets that perhaps you ought not to share. There is also the issue of things that companies know about us. Anyone who uses a search engine, email service or social network is leaving breadcrumbs for companies to follow. What's more, thanks to third-party tracking cookies, some of that information is getting into the hands of companies that we might not even know exist. It's a serious issue that needs serious thought by consumers, regulators and companies. And everyone -- including children and teens -- needs to learn how to at least limit what others can find out about them. Plus, thanks to Edward Snowden, we now know that the U.S. and other governments have the capacity to track us as well, and given the enormous power of government over our lives, that too can be a serious problem.

Security is another Internet safety issue that has gotten worse over the years. It seems like every day brings another major security breach where we learn about the vulnerability of our usernames and passwords, credit card information or email. There are lots of professionals in government and the private sector who are working to beef up security but there are plenty of criminals out there finding ways to gain entry into our personal information. It's a cat-and-mouse game, and right now the "good guys" are way behind. While there is no way to be 100 percent hacker-proof, there are ways families can improve their security and use secure and unique passwords.

Reputation management is something we thought about in the 90′s but it's a bigger issue now thanks to social networking and smartphone apps that make it very easy to impulsively post things that can embarrass us now or in the future. A lot of young people are savvy when it comes to avoiding posting things that can get them into trouble but there are plenty of people (including lots of adults) who need to rethink their posting habits.

Moral panics don't help

Whether it's predator panic, bullying panic, sexting panic, privacy panic or secrecy panic, moral panics are not helpful.

As technology evolves, there will be new risks but what we've learned from 20 years of online safety is that risks have more to do with the social-emotional condition of the user than the actual technology being used. For example, there has lately been a lot of concern over the services that allow people to post anonymously. While it is true that these services can be used to bully, harass and embarrass others, it's also true that there are lots of positive uses for them. Sure there will be some who misuse these services, but the vast majority of youth and adults -- those who respect themselves and others -- will use them appropriately. Just as with fire, knives, cars and other powerful technologies, the key is to encourage safe and appropriate use while doing what's necessary to deal with the relatively rare but sometimes tragic cases of inappropriate use.

Parental involvement vs. controls

While there are plenty of products that can control or monitor what your kids can do online, none are as powerful or effective in the long term as parental involvement. A filter might prevent your child from visiting a certain site or service on a specific device but conversations over a period of time can help your child develop values that will last a lifetime.

Regardless of whether you choose to use a filtering program or an Internet rating system, the best way to assure that your children are having positive online experiences is to stay in touch with what they are doing. The best filter -- the one that lasts a lifetime -- doesn't run on a device but on the software between your child's ears.

Focus on causes, not just symptoms

Another thing we've learned is that problems that manifest themselves online or with mobile technology are often symptoms of larger social or personal issues. Just as with drunk or careless driving and substance abuse, there are almost always underlying issues that cause people to misuse technologies and the real solution rarely lies with the technology and often lies with the what that is causing the person to act as they are. Even cyberbullying is less about technology or even "bullying" and more about the social-emotional state of the people involved. And to that end we need to start putting more resources into social-emotional learning, growing compassion and emphasizing positive social norms for both youth and adults.

This article first appeared on SafeKids.com

Those Tech Buses Impact Silicon Valley As Well As San Francisco

I have mixed feelings when I see those mostly double-deck buses on Highway 101 shuttling tech workers between Silicon Valley and San Francisco. Based on a recent survey, so do San Francisco voters. On one hand, I'd much rather see the buses than the thousands of cars they replace. The shuttles, according to the San Francisco Municipal Transportation Agency, transport more than 35,000 people a day and eliminate at least "45 million vehicle miles traveled and 761,000 metric tons of carbon every year from the region's roads and air."

As a fellow driver on 101, I also feel safer sharing the road with a relatively small number of professional bus drivers versus thousands of tired and distracted tech workers. And while it might not benefit me or the public, I am glad to know that the workers in these companies have the option of being more relaxed or productive during their commute.

Impact on communities

But like many in the Bay Area, I also worry about their impact on local communities.

The concern among some San Franciscans is well known. There are vocal critics who say that the demands of well-heeled Silicon Valley tech workers are pricing lower and even middle-income San Franciscans out of the housing market. There is also concern about the impact they're having on the culture of the city.

A sour note for some musicians

Inexpensive food joints are being replaced by upscale restaurants that many locals can't afford and might not even enjoy. Artists and musicians are leaving the city. My professional musician son, Will Magid, who left San Francisco last year for other reasons, told me that the low-cost apartment he rented in the Mission district is now much more expensive than it was when he left about a year ago. The reasons people are leaving, he said "are both economic and cultural." It's not just increased rent, it's also changes to the fabric of the community.

Yet, a recent survey conducted by EMC Research and commissioned by the Bay Area Council, a business organization, shows that most San Franciscans have a positive attitude about tech workers. The survey of 500 likely San Francisco voters conducted earlier this month found that 72 percent have a favorable opinion of tech workers, while 56 percent were strongly or somewhat favorable to employee shuttle buses. Nearly 80 percent feel that recent growth in the tech sector has been good for San Francisco.

But the survey also found that less than half of respondents (45 percent) said that their household has "benefited from the recent growth in the technology sector," with 26 percent strongly disagreeing with that assertion. And nearly 6 in 10 (59 percent) said that "preventing eviction and neighborhood gentrification" is important or very important.

Affects Silicon Valley too

While I empathize with our neighbors in San Francisco, I also worry about what this northerly migration is doing to Silicon Valley. Just as cities started to suffer in the 1940s, '50s and '60s as workers moved to the suburbs, I worry that Silicon Valley is not taking full advantage of the energy and cultural and economic benefits we might otherwise enjoy if more of these workers were living in Palo Alto, Mountain View, San Jose, Sunnyvale and Redwood City and other parts of Silicon Valley.

While Silicon Valley is far from a ghost town on weekends, it's not nearly as vibrant as San Francisco. Much of that is inevitable considering the uniqueness of San Francisco, but I can't help wonder what the night life and music scene would be like in the valley if more young and well-paid tech workers lived here.

I also wonder whether the tech industry is having as much impact on local business as it could. I frequently patronize restaurants not far from Google and Facebook and don't see large crowds at lunch time. Why should workers spend the time and money to eat off-campus when they have great free food right at work? Sure, those companies are employing cooks and other service workers, but it would be nice to share a bit more of the wealth with local businesses.

Of course, wherever tech workers live, they'll need things like clothing, toothpaste, shoes and other necessities that once helped local businesses thrive. But, thanks to Amazon and other online merchants, even that trickle-down effect is severely diminished.

But I must admit I'm a bit jealous. No one offered me a free ride during the years I commuted between my home in Silicon Valley and my office in San Francisco. For that matter, no one offered me free meals, free laundry service, subsidized day care or many of the other perks some Silicon Valley tech workers enjoy.

This post first appeared in the San Jose Mercury News

New Animation Site Lightheartedly Celebrates Cesar Chavez

John Grimes, a San Francisco-based cartoonist, animator, illustrator and moviemaker has recently launched the site Fizzdom.com which he describes as a place for "amusing and provocative quotes, cartoons, videos and backstories."

Five days a week, Grimes posts a custom-made animated GIF that takes a somewhat irreverent and lighthearted look at an issue or historical figure. But it's not all fun and games. These posts also have other content, often including embedded video that explains the context of his animated cartoon

One recent example if this animation of a quote from Stephen Colbert. "Why don't we go to war on women?" Colbert asks and then answers, "They don't have any oil."

2014-03-31-colb.jpg


Just in time for what would have been Chavez's 87th birthday (he died in 1993), Grimes has created a cartoon that shows the union leader handing a strawberry to characters from Mad Men and then getting a sideways glance from Downton Abbey's Lady Grantham -- a woman who thought that the help should remain invisible. But Chavez made farm workers very visible as he fought to get the growers to recognize their the United Farm Workers Union.

2014-03-31-chav.jpg


Check out the animations and his site and scroll down to listen to my 5 and 3/4 minute interview with Grimes.

In Defense of Internet Safety Education

There has been some discussion lately over whether there is still a need for Internet safety education. I say yes.

It's true, as some argue, that safety messages from the '90s are way out-of-date. We no longer need to dwell over the highly exaggerated risk of child predators or the panic over Internet pornography. While online predators do exist, there's a much higher likelihood of a child or teen being harmed by someone they know -- even a close family member -- than someone they meet online. Unwanted porn is still a minor problem but most young people know how to avoid it and -- after more than 20 years of teens and children going online -- we've seen little evidence to suggest that great harm has occurred as a result of it. In fact, over the past 20 years, according to David Finkelhor of the Crimes Against Children Research Center, most of the sexual- and crime-related dangers associated with being young have gotten better, not worse, since kids started using the Internet in large numbers.

Online problems

Still, there are dangers, issues and problems associated with or exacerbated by the Internet and mobile technology. Yes, many of these problems also exist offline, but the same can be said for the types of injuries one can get playing sports or riding in a car. But just because you can break your arm at home just as easily as you can on a soccer field or in a car, it doesn't mean there isn't a need for sports- and automotive-safety programs.

Privacy, which we didn't talk much about in the '90s, is certainly high on that list. While protecting one's privacy has always been a challenge (i.e. small-town gossip going back centuries), the Internet and mobile technology have created opportunities for privacy problems on a grand scale. For one thing, there is what we post. It's now very easy to post information that might embarrass yourself or others or reveal secrets that perhaps you ought not to share. There is also the issue of things that companies know about us. Anyone who uses a search engine, an online email service or a social network, is leaving breadcrumbs for companies to follow. What's more, thanks to third-party tracking cookies, some of that information is getting into the hands of companies that we might not even know exist. It's a serious issue that needs serious thought by consumers, regulators and companies. And everyone -- including children and teens -- needs to learn how to at least limit what others can find out about them. Plus, thanks to Edward Snowden, we now know that the U.S. and other) governments have the capacity to track us as well and given the enormous power of government over our lives, that too can be a serious problem.

Security is another Internet safety issue that has gotten worse over the years. It seems like every day brings another major security breach where we learn about the vulnerability of our usernames and passwords, credit card information or email. There are lots of professionals in government and the private sector who are working to beef up security but there are plenty of criminals out there finding ways to gain entry into our personal information. It's a cat-and-mouse game and, right now, the "good guys" are way behind. While there is no way to be 100% hacker proof, there are ways families can improve their security and use secure and unique passwords.

Reputation management is something we thought about in the 90′s but it's a bigger issue now thanks to social networking and smartphone apps that make it very easy to impulsively post things that can embarrass us now or in the future. A lot of young people are savvy when it comes to avoiding posting things that can get them into trouble but there are plenty of people (including lots of adults) who need to rethink their posting habits.

Bullying and "trolling" have been around forever and it's true that among young people, so-called "cyberbullying" is often an extension of school-yard issues. But the Internet and phones do change the equation for a number of well-known reasons, including the ability for mean comments to stick around and be passed around with lightning speed. Plus, the Net has created new ways to bully like impersonating someone by getting hold of their phone or password and posting negative things as if they had written them, or passing around inappropriate pictures of someone that are now so easy to take and distribute thanks to new technology.

And I know from personal experience that there are lots of "trolls" out there who are more than happy to say nasty and vicious things about people they know and people they don't know. There are folks who might be reasonably polite in the real world who have no qualms about being cruel online.

Only somewhat like the real world

It's true that you are the same person whether you're online or with others in physical spaces, but there are things about so-called "cyberspace" that change the way some people behave. One of these is what's called "disinhibition," where people feel that the Net gives them the anonymity or distance to act out in ways they wouldn't act in person. It's like road rage. I've seen drivers scream or exhibit rude hand gestures in traffic in ways that they might never do if they bumped into someone on the sidewalk. When you're online, you can feel even more insulated from people around you but -- trust me -- those are real people on the "other side of the screen."

Another factor is that what is posted online can stick around for a long long time and be easily forwarded. While that is possible in the real word, it's a lot harder than it is online where "copy and paste" means that nothing is truly ephemeral. And of course, negative text messages, email and social networking posts can rear their ugly heads at any time, day or night.

Research

A landmark study on the effectiveness of Internet Safety Education (ISE) by Lisa Jones, Kimberly Mitchell and Wendy Walsh, documents problems and limitations of some of the educational programs and materials that have been used in recent years, but it is by no means an indictment against the notion of Internet safety education. Instead, it points out some of the shortcomings of the programs it evaluated including the observation that, "As a whole, the ISE field has been slow to include research." The authors correctly point out that "this failure to establish research-supported program theory means that most ISE is a highly speculative and experimental undertaking, whose success cannot be assumed." The authors also note that:

  • ISE education must move beyond a reliance on stock safety messages and the use of single lessons when addressing complex social-emotional behaviors.

  • ISE program developers need to reduce their reliance on dramatic statements and scare tactics even further.

  • "Internet safety" goals are very disparate -- different educational strategies are going to be needed for different ISE topics.

  • The field needs to use research more when developing educational messages: ISE messages have critical problematic assumptions and under-developed program logic.


Encourage research and youth engagement and discourage moral panics

I wholeheartedly agree with Jones et al about the importance of research-based education and would add that it's also important to avoid "moral panics." For about a decade, media, politicians and some parents were caught up in "predator panic," which pretty much dissipated around 2008. But then we had bullying panic followed by privacy panic, sexting panic and now security panic. While all of these issues are important, none are of epidemic proportions and risks, in each case, can be managed. That's why ConnectSafely.org, which (speaking personally) I proudly refer to as an Internet safety organization, has published tips and advice as well as parents' guides on many of these issues.

Respect and honesty matter

Finally, it's important to be honest with kids and to respect their intelligence and judgement. As the teens who spoke at the first U.S. Safer Internet Day celebration in Washington made it abundantly clear, many teens are aware of the dangers on the Net and are able to put them into perspective and avoid serious problems. Respecting young people and helping them develop resilience, self-respect and respect for others is the ultimate form of Internet safety education because it encourages them to develop values that will protect them both on and offline for their entire lives. Teens themselves can play a crucial role through peer education and being "upstanders"rather than bystandars if, as Nancy Willard pointed out in an email, "they see someone else making dumb but dangerous mistakes. It's also important to teach social-emotional learning skills starting at a very young age and for adults to role model kind, ethical and tolerant behavior.

Yes, there is good reason to question the efficacy of some Internet safety programs and, as you can see from the list of articles below, there is plenty of room for skepticism in the Internet safety field, but there remains a need for well thought out, research-based and up-to-date projects that are both accurate and respectful.

Larry Magid is co-director of ConnectSafely.org, founder of SafeKids.com and author of the original and 20th anniversary edition of Child Safety on the Information Highway.

SEO Powered By SEOPressor