Dan Appleman - Where are teenagers feeling computing pain?
- Posted: Aug 13, 2004 at 11:54 AM
- 22,969 Views
- 20 Comments
"Is your computer acting strange?"
Then you might be a teenager who hasn't secured your computer.
Dan, co-founder of Apress books, talks about the kind of computing pain that teenagers are seeing and how he convinces teenagers to learn how to protect themselves.
He talks about a security quiz that he asks people to talk about. How do you do?
Then you might be a teenager who hasn't secured your computer.
Dan, co-founder of Apress books, talks about the kind of computing pain that teenagers are seeing and how he convinces teenagers to learn how to protect themselves.
He talks about a security quiz that he asks people to talk about. How do you do?
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
More posts in this blog
-
Dan Appleman - On a security crusade
-
Dan Appleman - Where are teenagers feeling…
-
Boyd Multerer - Development and Security lessons…
Follow the Discussion
Oops, something didn't work.
What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.sign up for email notifications?
1.) Firewall is on (NO! Exceptions)
2.) NOrton is up-to-date
3.) SpyBot Search and Destroy is up-to-date
4.) Daily scans are in progress.
That is it for me.
My security routine is a layered one. First off, I will configure Windows so that, in theory I could put it on the internet with no firewall and not get 'hacked' (Fully up-to-date, disable services and other functions to reduce entry vectors). Then on top of that, throw on a firewall (or two) and of course Anti-Virus and do regular ad-ware scans.
I try to use Norton AV, but keep having to disable it because it detects 'hack tools' every second application I load and of course you can't turn this detection off.
And, I guess that's the whole point. Very few people in the world have done ANY security. Most of the "normal" people I know (non geeks) run their systems in Admin mode, don't know what a firewall is, don't know why they need to run AV software, don't know that they should patch their machines, etc.
The reason I put Dan here is to get good people thinking about this stuff in a way that other security experts like Dana Epp or Michael Howard haven't yet been able to do.
Like this:
You can always avoid fake websites by typing the address in (avoiding email links), and identify a secure connection by the "lock" symbol in your browser status bar.
The correct answer is 'false', but what does e-mail links have to do with fake websites? I mean the question is overly confusing; at least I found it confusing and could not simply answer True or False because I'm not sure exactly what they are asking.
Most cookies do not contain any personal information and are not nearly the privacy risk that many people believe.
How subjective… I mean what privacy risks DO most people believe? Without knowing what most people believe or what the writer believes most people believe it is next to impossible for me to answer this accurately. Thing is, the first part is both false and true because in theory they CAN contain personal information and the second part is all over the place.
Teens suffer much higher rates of identity theft than adults.
I appreciate that this is aimed at teens but this has nothing to do with security or 'smart surfing' it is actually asking you if you know the results of some online survey they have carried out and thus there is no correct or incorrect answer. You could ask the world’s leading computer security researcher this question and without looking at some studies might not know the answer.
Chat rooms and the Internet have become the primary way that sexual predators find victims today.
Again this is asking me about some statistical information that I have no hope of knowing. I am not an expert in the behaviour of 'sexual predators' nor am I one, so how is anyone, adult or teen supposed to know this?
That is why I think this entire questionnaire has more to do with making the recipient feel stupid and less to do with actually showing what they do or don't know about computer security.
A lot of people have false beliefs. For instance, a lot of people believe that for teenagers the worst security threat is from sexual predators. But, he looked into the statistics and found that there are only a handful of these cases. They get a lot of media attention. But, what doesn't get discussed is that there's a lot more of theft of passwords and identities. These can be very cruelly used in high school to cause problems for kids. Imagine in high school if someone stole your email password and started sending around rumors to other kids, or IM'ing with them. That's what he's trying to get at there: that there's a security problem with teenagers that doesn't get discussed in the media that's far far more prevelent than the one that does get discussed.
The fake address one is that there's a belief out there that you can avoid phishing scams or other attacks by typing in a URL. There was a vulnerability in IE that would let a URL look like it's from a real site, but would pull up another one. I'm probably not explaining that right, I wish I had the book here to explain more what he meant (I've invited Dan to come here to explain it better).
Regarding cookies. Yeah, that is subjective a bit, but overall the media hype against cookies was way over the top. And, the cookie itself doesn't contain your personal information. That's what he was trying to get at (yeah, it can be used to triangulate in on that info, but the cookie itself just passes a code, not your phone number or address or anything like that). I've heard so much misinformation on cookies get spread in the media that I totally understand that one.
I think the whole point of the survey is to try to get you to realize there are a whole raft of ways that kids can get attacked and that you probably aren't aware of them.
This what I do not agree with: I marked false, because the entire point of cookies is TO STORE PERSONAL INFORMATION! This is a trick question, because The answer is false to the first question, but true for the second question!
It seems that my school Encourages Easy to hack passwords like your mothers first name(They put that on each Internet account they have and not many people change them.)
And I also think that this should be a world campaign. Because the Internet spans WorldWide!
This is a little idea I had...
We could maybe create something that was like a virus but actully contained of security information and changed a lot of settings to make your Pc right. Afterall we are the developers/architectures/engineers behind these systems right?
Look at them. They don't contain your personal information. I have thousands on my hard drive. They are simple text strings that anyone can look at.
What they do do, however, is make it possible to watch you as you surf (and, if you've given the server your personal information in a prior session, they can be used to pull that up).
But, there's nothing personal in a cookie. So, Dan's right on this one.
Doesn't that really rely upon the Website in question? I mean, I could take in information and write it out to a cookie (Not that I would or anything).
I would bet most cookies are safe, but you can't 100% say that cookies don't obtain personal info, unless you never enter personal info into a webpage.
I may be wrong, but I was under the assumption that cookies stored your information so that you didn't have to type it in every time. Take this forum for an example. It uses cookies so you don't have to log in every time.
This information may not be identifiable to you (i.e. where you live, your birth name, etc.), but I consider any information about you personally identifiable.
But wouldn't a cookie be able to be used on a different website? Meaning if someone stored your IP and their partner websites read that cookie. You could be giving your address to a whole lot of hackers.
Theres no real danger in a cookie. They can't be executed unless you've already got other major security issues. So unless you're one of those paranoid people who wouldn't give their neighbor their phone number, there's nothing to fear from a cookie, just like there's nothing to fear from a dead snake.
On a related note, I've always thought it funny how people are afraid they'll get a virus from a jpg (an image editor won't try executing images, and if Windows tried, it'd tell ya "This is not a valid Win32 application"). What they aren't realizing is it's a fear of being fooled into thinking it's a jpg when there's actually a hidden .exe on there. That possibility for exploit is another motivation for my suggestion to not hide extensions by default when the next installment of Windows finally horns its way into the market.
Yes, I agree! I always laugh when someone says they got a virus from a DVD, or when someone tells me they got a virus from a Halo map file
And about the cookies: He said "Most cookies do not contain any personal information". My sole argument was that they do contain personal information (their purpose). While it may not be identifiable to you (i.e. social security number) it is at least identifiable to your preferences or what have you. I think he should me a bit clearer on exactly what he means by "personal information". Do you mean your birthday, or your driver's license number?
Anyway I got 83% myself and the ones I got wrong were Cookies (worded poorly) and Adware (which is my fault for reading the statement wrong as I inadvertantly read it as Ad-Aware lol).
I suppose it's important to consider the purpose of the quiz. It's not my intent to make people feel stupid. However it is my intent to challenge certain misconceptions and to get people thinking about these issues (which, based on the reponses here, is meeting with some success).
As for the two biggest misconceptions relating to identity theft and online safety:
The FTC is a great source of statistical information for those who are interested. A 2003 report indicated about 4.6% of us suffered some form of identity theft the previous year. I don't know of any study of identity theft amont teens other than my own surveys. In any group of teens I've spoken with, the rate runs no less than 30%. Not scientific, but so far above the adult rate that I'm confident the question is not unreasonable.
As for online safety for kids and teens. Read the numbers on any study and it's clear that of attacks against young people, a small minority come from someone they met on the Internet.
Dan
System patched up to date (Win2k3 Web Edition)
No firewall.
No background virus scanner (only an occasional scan)
No problems here. And the machine runs 24/7 hooked up to the Internet. Though it's more like an experiment than ignorance.
Like Scoble said, your personal information isn't written to a cookie. The cookie writes a text string which identifies you to the server. The server then can look-up the information you provided when you last visited the site (because your information is stored alongside that text string on the server).
The server can only store what information you give it... So many people, including my own grandmother (who was brainwashed by my "all-knowing" mac-evangelist uncle) think that simply by having cookies enabled, people can find her address and come to her house and steal all of her earthly possessions.
At the same time, she had her iMac plugged directly into the cable modem (and it wasn't one of the new ones with built-in NAT).
Which, of course, I fixed for her.
The other thing about cookies is that the ONLY site that can access a specific cookie is the one that created it in the first place.
The only "abuse" of cookies that has become commonplace is that used by Ad companies.
Basically, countless web pages who use the same Ad service have an include that both pulls the advertisement from the Ad server, AND lets the ad server access its own cookie.
The way they use this is simple... When you click on an Ad, the Ad server registers that you clicked on a certain kind of ad... maybe one for a new computer system.
Then the next time you go to a site that uses that particular Ad service, their include can check your cookie, look you up in their database, and say "hey, this guy (user 25234523423423423) clicked on an ad for Gateway in the past. Let's show him an ad for Dell instead of the one for Coke."
At no point does the ad service have your name, phone number, address, or anything else... Even if you buy something from one of their clients. Only their client should get your information.
So they can track your tastes, or which of *their* websites you like to visit... but nothing more.
Remove this comment
Remove this thread
close