Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Dan Appleman - Where are teenagers feeling computing pain?

Download

Right click “Save as…”

"Is your computer acting strange?"


Then you might be a teenager who hasn't secured your computer.

Dan, co-founder of Apress books, talks about the kind of computing pain that teenagers are seeing and how he convinces teenagers to learn how to protect themselves.

He talks about a security quiz that he asks people to talk about. How do you do?

Tag:

Follow the Discussion

  • Stevan VeselinovicSteve411 Me, all suited up!
    I got 75.00% on it.. My computer is as safe as it can be.. Expecially with sp2 now installed (the final) and norton.. Smiley


    1.) Firewall is on (NO! Exceptions)
    2.) NOrton is up-to-date
    3.) SpyBot Search and Destroy is up-to-date
    4.) Daily scans are in progress.
          That is it for me.      
  • I am not very keen on that quiz, it appears to be designed to stop people getting the correct answers.

    My security routine is a layered one. First off, I will configure Windows so that, in theory I could put it on the internet with no firewall and not get 'hacked' (Fully up-to-date, disable services and other functions to reduce entry vectors). Then on top of that, throw on a firewall (or two) and of course Anti-Virus and do regular ad-ware scans.

    I try to use Norton AV, but keep having to disable it because it detects 'hack tools' every second application I load and of course you can't turn this detection off.
  • scobleizerscobleizer I'm the video guy
    Manip: what do you mean that it'll stop people from getting the correct answers?

    And, I guess that's the whole point. Very few people in the world have done ANY security. Most of the "normal" people I know (non geeks) run their systems in Admin mode, don't know what a firewall is, don't know why they need to run AV software, don't know that they should patch their machines, etc.

    The reason I put Dan here is to get good people thinking about this stuff in a way that other security experts like Dana Epp or Michael Howard haven't yet been able to do.
  • scobleizer wrote:
    Manip: what do you mean that it'll stop people from getting the correct answers?


    Like this:
     You can always avoid fake websites by typing the address in (avoiding email links), and identify a secure connection by the "lock" symbol in your browser status bar.

    The correct answer is 'false', but what does e-mail links have to do with fake websites? I mean the question is overly confusing; at least I found it confusing and could not simply answer True or False because I'm not sure exactly what they are asking.

     Most cookies do not contain any personal information and are not nearly the privacy risk that many people believe.

    How subjective… I mean what privacy risks DO most people believe? Without knowing what most people believe or what the writer believes most people believe it is next to impossible for me to answer this accurately. Thing is, the first part is both false and true because in theory they CAN contain personal information and the second part is all over the place.

     Teens suffer much higher rates of identity theft than adults.

    I appreciate that this is aimed at teens but this has nothing to do with security or 'smart surfing' it is actually asking you if you know the results of some online survey they have carried out and thus there is no correct or incorrect answer. You could ask the world’s leading computer security researcher this question and without looking at some studies might not know the answer.

     Chat rooms and the Internet have become the primary way that sexual predators find victims today.

    Again this is asking me about some statistical information that I have no hope of knowing. I am not an expert in the behaviour of 'sexual predators' nor am I one, so how is anyone, adult or teen supposed to know this?

     

     That is why I think this entire questionnaire has more to do with making the recipient feel stupid and less to do with actually showing what they do or don't know about computer security.

     

  • scobleizerscobleizer I'm the video guy
    Well, I've read his book and heard him speak on these issues to a group at my geek dinner, so I know a bit more what he was intending to get at.

    A lot of people have false beliefs. For instance, a lot of people believe that for teenagers the worst security threat is from sexual predators. But, he looked into the statistics and found that there are only a handful of these cases. They get a lot of media attention. But, what doesn't get discussed is that there's a lot more of theft of passwords and identities. These can be very cruelly used in high school to cause problems for kids. Imagine in high school if someone stole your email password and started sending around rumors to other kids, or IM'ing with them. That's what he's trying to get at there: that there's a security problem with teenagers that doesn't get discussed in the media that's far far more prevelent than the one that does get discussed.

    The fake address one is that there's a belief out there that you can avoid phishing scams or other attacks by typing in a URL. There was a vulnerability in IE that would let a URL look like it's from a real site, but would pull up another one. I'm probably not explaining that right, I wish I had the book here to explain more what he meant (I've invited Dan to come here to explain it better).

    Regarding cookies. Yeah, that is subjective a bit, but overall the media hype against cookies was way over the top. And, the cookie itself doesn't contain your personal information. That's what he was trying to get at (yeah, it can be used to triangulate in on that info, but the cookie itself just passes a code, not your phone number or address or anything like that). I've heard so much misinformation on cookies get spread in the media that I totally understand that one.

    I think the whole point of the survey is to try to get you to realize there are a whole raft of ways that kids can get attacked and that you probably aren't aware of them.
  • Kybo_RenKybo_Ren The next William Hung
    Most cookies do not contain any personal information and are not nearly the privacy risk that many people believe.

    This what I do not agree with: I marked false, because the entire point of cookies is TO STORE PERSONAL INFORMATION!  This is a trick question, because The answer is false to the first question, but true for the second question!
  • A lot of people have false beliefs. For instance, a lot of people believe that for teenagers the worst security threat is from sexual predators. But, he looked into the statistics and found that there are only a handful of these cases. They get a lot of media attention. But, what doesn't get discussed is that there's a lot more of theft of passwords and identities. These can be very cruelly used in high school to cause problems for kids. Imagine in high school if someone stole your email password and started sending around rumors to other kids, or IM'ing with them. That's what he's trying to get at there: that there's a security problem with teenagers that doesn't get discussed in the media that's far far more prevelent than the one that does get discussed.

    It seems that my school Encourages Easy to hack passwords like your mothers first name(They put that on each Internet account they have and not many people change them.)
    And I also think that this should be a world campaign. Because the Internet spans WorldWide! Wink
    This is a little idea I had...
    We could maybe create something that was like a virus but actully contained of security information and changed a lot of settings to make your Pc right. Afterall we are the developers/architectures/engineers behind these systems right?   
  • scobleizerscobleizer I'm the video guy
    Kybo: wrong. Cookies don't store personal information at all.

    Look at them. They don't contain your personal information. I have thousands on my hard drive. They are simple text strings that anyone can look at.

    What they do do, however, is make it possible to watch you as you surf (and, if you've given the server your personal information in a prior session, they can be used to pull that up).

    But, there's nothing personal in a cookie. So, Dan's right on this one.
  • MisterDonutMisterDonut The Disco Godfather
    scobleizer wrote:
    Kybo: wrong. Cookies don't store personal information at all.

    ...

    But, there's nothing personal in a cookie. So, Dan's right on this one.


    Doesn't that really rely upon the Website in question? I mean, I could take in information and write it out to a cookie (Not that I would or anything).

    I would bet most cookies are safe, but you can't 100% say that cookies don't obtain personal info, unless you never enter personal info into a webpage.

  • Kybo_RenKybo_Ren The next William Hung
    Kybo: wrong. Cookies don't store personal information at all.


    I may be wrong, but I was under the assumption that cookies stored your information so that you didn't have to type it in every time.  Take this forum for an example.  It uses cookies so you don't have to log in every time.

    This information may not be identifiable to you (i.e. where you live, your birth name, etc.), but I consider any information about you personally identifiable.
  • scobleizer wrote:
    Kybo: wrong. Cookies don't store personal information at all.

    Look at them. They don't contain your personal information. I have thousands on my hard drive. They are simple text strings that anyone can look at.

    What they do do, however, is make it possible to watch you as you surf (and, if you've given the server your personal information in a prior session, they can be used to pull that up).

    But, there's nothing personal in a cookie. So, Dan's right on this one.

    But wouldn't a cookie be able to be used on a different website? Meaning if someone stored your IP and their partner websites read that cookie. You could be giving your address to a whole lot of hackers.
  • Kybo_RenKybo_Ren The next William Hung
    Meh, your IP address is exposed whenever you make any web transaction.  Why is it such a big deal (assuming that you have adequate security)?
  • Theres no real danger in a cookie.  They can't be executed unless you've already got other major security issues.  So unless you're one of those paranoid people who wouldn't give their neighbor their phone number, there's nothing to fear from a cookie, just like there's nothing to fear from a dead snake.

    On a related note, I've always thought it funny how people are afraid they'll get a virus from a jpg (an image editor won't try executing images, and if Windows tried, it'd tell ya "This is not a valid Win32 application").  What they aren't realizing is it's a fear of being fooled into thinking it's a jpg when there's actually a hidden .exe on there.  That possibility for exploit is another motivation for my suggestion to not hide extensions by default when the next installment of Windows finally horns its way into the market.

  • Kybo_RenKybo_Ren The next William Hung
    sharprs wrote:

    Theres no real danger in a cookie.  They can't be executed unless you've already got other major security issues.  So unless you're one of those paranoid people who wouldn't give their neighbor their phone number, there's nothing to fear from a cookie, just like there's nothing to fear from a dead snake.

    On a related note, I've always thought it funny how people are afraid they'll get a virus from a jpg (an image editor won't try executing images, and if Windows tried, it'd tell ya "This is not a valid Win32 application").  What they aren't realizing is it's a fear of being fooled into thinking it's a jpg when there's actually a hidden .exe on there.  That possibility for exploit is another motivation for my suggestion to not hide extensions by default when the next installment of Windows finally horns its way into the market.


    Yes, I agree!  I always laugh when someone says they got a virus from a DVD, or when someone tells me they got a virus from a Halo map file Big Smile

    And about the cookies:  He said "Most cookies do not contain any personal information".  My sole argument was that they do contain personal information (their purpose).  While it may not be identifiable to you (i.e. social security number) it is at least identifiable to your preferences or what have you.  I think he should me a bit clearer on exactly what he means by "personal information".  Do you mean your birthday, or your driver's license number?
  • It was my point that, in theory THEY COULD DO. 99.99% of web-sites don't put real personal information into the cookie, it just makes sense to do it that way.. but in theory they could easily store your personal information there to be retrieved each time you visit the site. I am mainly thinking of little home grown mail order type sites where some noob has used basic forms and basic cookies and thought it would make sense to store peoples information on peoples computers for the site.
  • I got 83% and my dad got 100% Smiley
  • He got 100%?  Well guess he can't say like he did in the video that no one had got 100%.  Although if your Dad took it after you did, he could have seen what you got wrong and "cheated" Tongue Out

    Anyway I got 83% myself and the ones I got wrong were Cookies (worded poorly) and Adware (which is my fault for reading the statement wrong as I inadvertantly read it as Ad-Aware lol).
  • On the fairness of the quiz:

    I suppose it's important to consider the purpose of the quiz. It's not my intent to make people feel stupid. However it is my intent to challenge certain misconceptions and to get people thinking about these issues (which, based on the reponses here, is meeting with some success).

    As for the two biggest misconceptions relating to identity theft and online safety:

    The FTC is a great source of statistical information for those who are interested. A 2003 report indicated about 4.6% of us suffered some form of identity theft the previous year. I don't know of any study of identity theft amont teens other than my own surveys. In any group of teens I've spoken with, the rate runs no less than 30%. Not scientific, but so far above the adult rate that I'm confident the question is not unreasonable.

    As for online safety for kids and teens. Read the numbers on any study and it's clear that of attacks against young people, a small minority come from someone they met on the Internet.

    Dan

  • Tom ServoTom Servo W-hat?
    I'm playing the surprise card.

    System patched up to date (Win2k3 Web Edition)
    No firewall.
    No background virus scanner (only an occasional scan)

    No problems here. And the machine runs 24/7 hooked up to the Internet. Though it's more like an experiment than ignorance.
  • On cookies:

    Like Scoble said, your personal information isn't written to a cookie.  The cookie writes a text string which identifies you to the server.  The server then can look-up the information you provided when you last visited the site (because your information is stored alongside that text string on the server).

    The server can only store what information you give it... So many people, including my own grandmother (who was brainwashed by my "all-knowing" mac-evangelist uncle) think that simply by having cookies enabled, people can find her address and come to her house and steal all of her earthly possessions.

    At the same time, she had her iMac plugged directly into the cable modem (and it wasn't one of the new ones with built-in NAT). 

    Which, of course, I fixed for her.

    The other thing about cookies is that the ONLY site that can access a specific cookie is the one that created it in the first place.

    The only "abuse" of cookies that has become commonplace is that used by Ad companies. 

    Basically, countless web pages who use the same Ad service have an include that both pulls the advertisement from the Ad server, AND lets the ad server access its own cookie. 

    The way they use this is simple... When you click on an Ad, the Ad server registers that you clicked on a certain kind of ad... maybe one for a new computer system.

    Then the next time you go to a site that uses that particular Ad service, their include can check your cookie, look you up in their database, and say "hey, this guy (user 25234523423423423) clicked on an ad for Gateway in the past.  Let's show him an ad for Dell instead of the one for Coke."

    At no point does the ad service have your name, phone number, address, or anything else...  Even if you buy something from one of their clients.  Only their client should get your information.

    So they can track your tastes, or which of *their* websites you like to visit... but nothing more.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.