Knaffl Security
My Corner of the web

In the last years, I have managed to maintain the blog but in recent months there was so much spam, it was impossible to really clean.  So, I purged and started over.  I added a few filters to try to kill the spamming crap and will be attempting to add more data in coming weeks!


Reposted from a much older version of the blog –

There is no real way to keep the kinds 100% safe within the  realm of cyber day to day.  The best that you can hope to do is to give them the knowledge that you are aware that they are going to use the Internet, that you are there should they have questions or concerns, and that you will work with them to help ensure that they are safe and are able to use all those wonderful tools out there.  On the other hand, you are also parents.  If YOU dont lay down the law, then no one will.  You are the parent – and you are the one that is legally responsible for the actions that your child takes.  If “Johnny” is downloading mp3s, and storing them on a computer (then sharing them using some peer to peeer tool), when the RIAA comes knocking at your door with a warrant, dont look for someone else to take that fall.  If “Suzie” is taking semi-nude pictures of herself to show that her boobs are bigger than her friends, if she stores them on a machine that you own, YOU are the one that can be held legally liable for kiddieporn. Bottom line -this is your computer, your internet service and YOUR children.  You are responsible (not the school, not the teachers, and not the ISP).  You need to know what is going on and take steps to secure yourself and protect your family.

So we have laid the ground work for the responsibility of who owns it, the question that Many parents have is HOW to do I do this?  “I barely know how to turn one on, how can I do this?”  That doesn’t hold water.  Think of it this way; I bought a gun to keep at the house for protection, but I barely know how to use it.  If your sweet innocent child shoots themselves with that weapon (or a neighboring child), the excuse of I didnt know what to do will not hold water.   Another quote – Kids will be kids.  Yes they will, but when your child uses the baseball bat you gave them for Christmas to beat up one of the neighbors children, the police will be wanting to talk with you; not the child.  The concept of the computer with the internet is really no different.  You may have bought the computer to do your taxes, or balance the checkbook, but because it is a tool, it can be used for many things.  Adding it to the internet only adds to the capability that this tool has.  Not securing this tool is really not an option.

 


A few days ago, I was notified by my mom that she was VERY interested in my losing weight and that the article I posted just a few minutes ago.  The only problem is that I had JUST gotten to my office.  As a result, I knew it COULDN’T be me.  As a result, I had to do a little basic Facebook Security research

Step 1 – CHANGE THE PASSWORD

Step 2 –  Delete the post

Step 3 – Research all those new facebook security features that I had not had time to review.   The below settings were what I found.  (for those people that are like me — NOT doing all that they can do to help secure their account)

Also – I am NOT a facebook expert.  I am simply passing along the items found as potential settings that might be worthwhile for your own personal evaluation.

 

There are MANY settings within facebook.

The process I took involved logging into account, changing the password immediately.

Then click the options button.  Drop down to Account Settings.  On the Left Side click SECURITY

Here are the settings and basic information about each

Secure Browsing

https://www.facebook.com/help/156201551113407/

What’s secure browsing (https)? How do I turn it on?

Secure browsing (https) is an extra security feature. When you turn this feature on, all of your activity on Facebook becomes encrypted, making it harder for anyone else to access your Facebook information without your permission.

Login notifications

https://www.facebook.com/help/162968940433354

What are login notifications?

Login notifications are an extra security feature. When you turn on login notifications, we’ll send you an alert each time someone logs into your account from a new place.

After you turn on login notifications:

  • We’ll ask you to name your computer or mobile phone next time you log in. You can also save this device to your list of Recognized Devices. This way, you won’t have to keep naming the computer or mobile phone you usually use to log into Facebook. Don’t choose this option if you’re using a public computer.
  • When you name a device, we’ll send you a notification.
  • If you ever receive a login notification from an unfamiliar device or location, follow the instructions in the notification to reset your password and secure your account.

(NOTE:  I think that this is one of the more important settings in order to make sure that you are NOTIFIED when you login to a different machine).  

What are login approvals? How do I turn this setting on?

Login approvals are an extra security feature similar to login notifications, but with an extra security step. If you turn on login approvals, you’ll be asked to enter a special login code each time you try to access your Facebook account from a new computer or mobile phone. After you log in, you’ll have the option to give that device a name and save it to your account. You won’t have to enter a code when you log into any of these recognized devices.

There is another setting that many people swear by, but I am not loading the configuration.  This other item is “Trusted Contacts”.  Personally I am not so sure that I want to have to track these people down, have Facebook send them a code and then them give it to me so I can enter it in a prompt.  Use your best judgement here.

AGAIN There is nothing here that is that special.  In fact, there are many sites that can give a much more in-depth.

Here are a few if you want a little deeper dive into the settings for facebook
http://lifehacker.com/5813990/the-always-up+to+date-guide-to-managing-your-facebook-privacy
http://www.usatoday.com/story/tech/columnist/komando/2013/01/18/kim-komando-facebook-settings/1827413/
https://www.facebook.com/help/privacy
http://safeandsavvy.f-secure.com/2013/01/18/facebooks-privacy-settings-finally-make-sense-for-a-reason/


I have ALWAYS hated this topic.  I think that storing more personal information that you have to guard is worse than forgetting a password or having to reset an account.  With all the mention of security breaches, system hacking and database insecurity, storing this data on a poorly managed system can lead to weeks (if not months or years) of issues/concern and heartache.  Not only does one have to be sure that the data that they enter is data that they will remember, but they have to be sure how this other party will handle this data.

This article spells out a great deal of the concern that I have had (some areas are suggestions that might be adequate).

Security tip: do not answer security questions correctly

I too do not use real data for security questions.  The risk of loss is simply too great.  In many cases I would prefer to lose access to the account rather than to have to worry about the loss of the personal data.


According to a post on techcrunch:HERE

One should be VERY careful about posting pretty much anything on facebook – especially if what you want to post is a picture of someone elses PILE of cash.

The article talks about a girl that posts a picture of a pile of cash from her Grandmothers home, and then when she posts it on facebook , she is completely surprised when someone shows up to relieve her of said cash.  — Go figure.

Case in point, DONT post something on facebook that you dont want anyone to know about.

I am a parent and have 2 children that are of computer use age. They BOTH are aware of facebook, and while I do allow them to use the facebook service, there are several rules for that privilege.

  1. No ADDRESSES. No posting your address, where you go to school, what your phone number is, or anything that is directly attributable to your home address/phone number.
  2. No unsatisfactory pictures/posts. We Look at EVERYTHING that they do. This is not a personal computer, this is not their house, this is the world wide web. If they arent sure that we will approve, then they should ask.
  3. They will friend both mother AND father, and because they are still children living in my home, I get the passwords. They can tell, or I can take them. No hidden issues there. No privacy discussions. Facebook is not a privacy warehouse and they know that anything posted here is out for the world to see regardless of what security settings they use.
  4. Along the line of passwords, they are told that they will NOT share passwords to any information system with any friends. Currently their mother and father are the only ones that have a need to know. If they want privacy, that’s fine; its not on the computer and its certainly not Facebook.
  5. When we go out of town, this does NOT get posted. We can post information about it when we get home, but under no circumstances post this while we are gone, or when we are planning to leave. I want the whole world to think I am sitting right there typing away each night – even if I am on a 4 day adventure to Key West :-)
  6. Checking in….No. If they want to tell the world that they are not at home so people can steal THEIR belongings, do it when you move out. I hope that by that time they will have a better understanding of the people in the world.

I want the girls to know what is out there and WHY so many bad things happen on the web. There are bad people out there, there are careless people out there that don’t care for themselves much less someone else, and then there are just stupid people. Its hard to avoid the bad guys, but its important to learn the difference between the last two groups. You can help lead the ones that don’t know or understand, but the ones that simply don’t care, or don’t get it – are dangerous and not ones that need to be close.

Many folks in the security industry claim Facebook is the devil. I am not one of those. I think its a service. The real issue is that the people that USE facebook don’t understand the degree to which this data can be used. We have all heard about employers requiring (or trying to require) employees or prospective employees to hand over the passwords. Some have skirted that by requiring the employees “Friend” the company website. By “friending”, the company can see much of what is on your shared page. Easy pickings to harvest that data!

Bottom line – we all know that anything on the web is not personal and not private. Were it private it wouldn’t be open to everyone. Anything that is put on the web can be taken down or removed, but that itself doesn’t indicate that it is removed. Many search engines archive websites so that they can have historical information. Once is archived its out there and once that data is out of your control (pretty much as soon as it is posted) its no longer YOUR data.



Powered by Wordpress
Theme © 2005 - 2009 FrederikM.de
BlueMod is a modification of the blueblog_DE Theme by Oliver Wunder