Dan Appleman - Where are teenagers feeling computing pain?

Posted By: The Channel 9 Team | Aug 13th, 2004 @ 11:54 AM | 22,447 Views | 20 Comments
"Is your computer acting strange?"


Then you might be a teenager who hasn't secured your computer.

Dan, co-founder of Apress books, talks about the kind of computing pain that teenagers are seeing and how he convinces teenagers to learn how to protect themselves.

He talks about a security quiz that he asks people to talk about. How do you do?
Media Downloads:
Rating:
0
0
#Aug 13th, 2004 @ 12:28 PM
Steve411
Steve411
I got 75.00% on it.. My computer is as safe as it can be.. Expecially with sp2 now installed (the final) and norton.. Smiley


1.) Firewall is on (NO! Exceptions)
2.) NOrton is up-to-date
3.) SpyBot Search and Destroy is up-to-date
4.) Daily scans are in progress.
      That is it for me.      
#Aug 13th, 2004 @ 12:53 PM
Manip
Manip
I am not very keen on that quiz, it appears to be designed to stop people getting the correct answers.

My security routine is a layered one. First off, I will configure Windows so that, in theory I could put it on the internet with no firewall and not get 'hacked' (Fully up-to-date, disable services and other functions to reduce entry vectors). Then on top of that, throw on a firewall (or two) and of course Anti-Virus and do regular ad-ware scans.

I try to use Norton AV, but keep having to disable it because it detects 'hack tools' every second application I load and of course you can't turn this detection off.
#Aug 13th, 2004 @ 1:27 PM
scobleizer
scobleizer
I'm the video guy
Manip: what do you mean that it'll stop people from getting the correct answers?

And, I guess that's the whole point. Very few people in the world have done ANY security. Most of the "normal" people I know (non geeks) run their systems in Admin mode, don't know what a firewall is, don't know why they need to run AV software, don't know that they should patch their machines, etc.

The reason I put Dan here is to get good people thinking about this stuff in a way that other security experts like Dana Epp or Michael Howard haven't yet been able to do.
#Aug 13th, 2004 @ 1:48 PM
Manip
Manip

scobleizer wrote:
Manip: what do you mean that it'll stop people from getting the correct answers?


Like this:
 You can always avoid fake websites by typing the address in (avoiding email links), and identify a secure connection by the "lock" symbol in your browser status bar.

The correct answer is 'false', but what does e-mail links have to do with fake websites? I mean the question is overly confusing; at least I found it confusing and could not simply answer True or False because I'm not sure exactly what they are asking.

 Most cookies do not contain any personal information and are not nearly the privacy risk that many people believe.

How subjective… I mean what privacy risks DO most people believe? Without knowing what most people believe or what the writer believes most people believe it is next to impossible for me to answer this accurately. Thing is, the first part is both false and true because in theory they CAN contain personal information and the second part is all over the place.

 Teens suffer much higher rates of identity theft than adults.

I appreciate that this is aimed at teens but this has nothing to do with security or 'smart surfing' it is actually asking you if you know the results of some online survey they have carried out and thus there is no correct or incorrect answer. You could ask the world’s leading computer security researcher this question and without looking at some studies might not know the answer.

 Chat rooms and the Internet have become the primary way that sexual predators find victims today.

Again this is asking me about some statistical information that I have no hope of knowing. I am not an expert in the behaviour of 'sexual predators' nor am I one, so how is anyone, adult or teen supposed to know this?

 

 That is why I think this entire questionnaire has more to do with making the recipient feel stupid and less to do with actually showing what they do or don't know about computer security.

 

#Aug 13th, 2004 @ 1:57 PM
scobleizer
scobleizer
I'm the video guy
Well, I've read his book and heard him speak on these issues to a group at my geek dinner, so I know a bit more what he was intending to get at.

A lot of people have false beliefs. For instance, a lot of people believe that for teenagers the worst security threat is from sexual predators. But, he looked into the statistics and found that there are only a handful of these cases. They get a lot of media attention. But, what doesn't get discussed is that there's a lot more of theft of passwords and identities. These can be very cruelly used in high school to cause problems for kids. Imagine in high school if someone stole your email password and started sending around rumors to other kids, or IM'ing with them. That's what he's trying to get at there: that there's a security problem with teenagers that doesn't get discussed in the media that's far far more prevelent than the one that does get discussed.

The fake address one is that there's a belief out there that you can avoid phishing scams or other attacks by typing in a URL. There was a vulnerability in IE that would let a URL look like it's from a real site, but would pull up another one. I'm probably not explaining that right, I wish I had the book here to explain more what he meant (I've invited Dan to come here to explain it better).

Regarding cookies. Yeah, that is subjective a bit, but overall the media hype against cookies was way over the top. And, the cookie itself doesn't contain your personal information. That's what he was trying to get at (yeah, it can be used to triangulate in on that info, but the cookie itself just passes a code, not your phone number or address or anything like that). I've heard so much misinformation on cookies get spread in the media that I totally understand that one.

I think the whole point of the survey is to try to get you to realize there are a whole raft of ways that kids can get attacked and that you probably aren't aware of them.
#Aug 13th, 2004 @ 5:09 PM
Kybo_Ren
Kybo_Ren
The next William Hung
Most cookies do not contain any personal information and are not nearly the privacy risk that many people believe.

This what I do not agree with: I marked false, because the entire point of cookies is TO STORE PERSONAL INFORMATION!  This is a trick question, because The answer is false to the first question, but true for the second question!
#Aug 13th, 2004 @ 5:37 PM
Nicholas
Nicholas
A lot of people have false beliefs. For instance, a lot of people believe that for teenagers the worst security threat is from sexual predators. But, he looked into the statistics and found that there are only a handful of these cases. They get a lot of media attention. But, what doesn't get discussed is that there's a lot more of theft of passwords and identities. These can be very cruelly used in high school to cause problems for kids. Imagine in high school if someone stole your email password and started sending around rumors to other kids, or IM'ing with them. That's what he's trying to get at there: that there's a security problem with teenagers that doesn't get discussed in the media that's far far more prevelent than the one that does get discussed.

It seems that my school Encourages Easy to hack passwords like your mothers first name(They put that on each Internet account they have and not many people change them.)
And I also think that this should be a world campaign. Because the Internet spans WorldWide! Wink
This is a little idea I had...
We could maybe create something that was like a virus but actully contained of security information and changed a lot of settings to make your Pc right. Afterall we are the developers/architectures/engineers behind these systems right?   
#Aug 13th, 2004 @ 6:41 PM
scobleizer
scobleizer
I'm the video guy
Kybo: wrong. Cookies don't store personal information at all.

Look at them. They don't contain your personal information. I have thousands on my hard drive. They are simple text strings that anyone can look at.

What they do do, however, is make it possible to watch you as you surf (and, if you've given the server your personal information in a prior session, they can be used to pull that up).

But, there's nothing personal in a cookie. So, Dan's right on this one.
#Aug 13th, 2004 @ 7:00 PM
MisterDonut
MisterDonut
The Disco Godfather
scobleizer wrote:
Kybo: wrong. Cookies don't store personal information at all.

...

But, there's nothing personal in a cookie. So, Dan's right on this one.


Doesn't that really rely upon the Website in question? I mean, I could take in information and write it out to a cookie (Not that I would or anything).

I would bet most cookies are safe, but you can't 100% say that cookies don't obtain personal info, unless you never enter personal info into a webpage.

Microsoft Communities