by Tony Neate on February 10, 2010
As Valentine’s Day approaches, those that are single may be thinking about looking for love online.
Online dating is big business these days. Recent research shows the number of Britons paying to use online dating agencies is set to grow from 2.6m in 2006 to 6m by 2012, and set to be worth around £368m in revenues. In terms of content that people buy online, it’s surpassed only by music and video games.
However, as you will know from me by now, there are some avoidable risks involved. Overall, our approach should be no different to doing anything else online – shopping, social networking, banking: Be aware of the risks, keep your wits about you, and if it sounds too good to be true…
…well, check out Get Safe Online’s top tips here.
Do this, and there’s little reason not to enjoy the benefits of meeting people this way. Indeed, according to independent research for one of the popular dating sites, users find a compatible match once every ten minutes.
Good luck and Happy Valentine’s Day!
by Tony Neate on January 20, 2010
As the discussions regarding the Internet Explorer vulnerability continues in the media, academia, and business and even in my daughter school where she is a teacher. The Government via the Cabinet Office has just released this statement.
“We take internet security very seriously. Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats.”
The issue of keeping your operating system and all your application software up to date (patched as some of us will know it as) cannot be emphasised to strongly. It is as critical as anti-virus and anti-spyware both of which should also be set to automatic update, firewalls and secure wireless connections.
by Tony Neate on January 19, 2010
So what is the problem? Well there is a bug in versions 6, 7 and 8 of the Microsoft Internet Explorer web browser, which could result in your computer being attacked by criminals. Microsoft is still investigating the bug, so as yet a fix is not available. However there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure.
The following options are available to help protect users until Microsoft releases an update. Follow the instructions in the Microsoft bulletin to increase the security level of Internet Explorer and only allow known trusted sites to be unrestricted. You may have to undo these changes once an update is available.
Install the Microsoft FixIt to enable data execution prevention, which will help stop criminals from using this vulnerability. Again you may have to uninstall the FixIt once an update is available.
If home users and small businesses do not wish to install the temporary fixes, you could consider using an alternate web browser until an update becomes available. If you choose to install a different web browser remember to click “yes” when it asks to be set as the default.
Get Safe Online operates the ITsafe Warning Service. Get Safe Online’s Alerts and Warnings Feed provides timely updates about security issues from HM Government sources.
by Tony Neate on December 17, 2009
Guest bloger Richard Hollis
Last week, the United States Congress, House of 
Representatives, passed the Data Accountability and Trust Act – H.R. 2221. The bill is now on its way to becoming Federal law. This is long awaited and very good news for consumers. It’s similar to the breach notification laws enacted by over 30 over the 50 states sparked by California mandating public disclosure of breaches back in 2003. Federal public disclosure laws were previously blocked under the Bush Administration. In essence it mandates that businesses publically disclose breaches of personal information in their possession.
The new law will formally define personal information as, “an individual’s first name or initial and last name, or address, or phone number, in combination with any 1 or more of the following data elements for that individual:
• Social Security number, driver’s license number or other identification number
• Financial account number, or credit or debit card number and any required security code, access code, or password necessary to permit access to an individual’s financial account.
It formally establishes the Federal Trade Commission (FTC) as the oversight body and requires organisations holding data to implement a data protection policy and identify an information security officer. More importantly, the new law will direct that businesses in possession of personal data establish procedures for identifying security vulnerabilities in the networks that process this data and monitor for breaches. The FTC would also be tasked with posting breaches on their website.
The bill has some more stringent requirements for “data brokers”, including audits in the event of a breach. It also requires two years of quarterly credit reports provided to victims at no charge. Third parties are also required to notify customers in the event of a breach, and the actual owner of the data is then required to notify consumers. It doesn’t get any better than that.
The law will naturally result in a higher level of protection for personal data held by both public and private sector entities and establish the legal framework for consumer legal actions resulting from breaches. It will also add some degree of consistency for organizations establishing programs to protect personal data and simplify compliance.
Good news for consumers everywhere as US law has a way of affecting legislation worldwide.
by Richard Hollis December 16, 2009 – Orthus Ltd
by Tony Neate on December 8, 2009
Yesterday at the QEII Conference Centre in London saw opening of The UK Council for Child Internet Safety Summit. The Council was a recommendation in Professor Tanya Byron’s report ‘Safer Children in a Digital World’
The primary purpose of the summit was to launch the Child Internet Safety Strategy. The summit provided an opportunity to discuss the strategy, showcase recent research findings and highlight the good progress made so far in delivering on the child online safety agenda.
The event also had a public facing element with the launch of the internet safety code and three cartoon characters that will help remind children of some of do’s and don’ts to safe use of the internet, I think these character are great and can be used by anyone on the internet to highlight the internet safety message to children. More information can be found on the UKCCIS website. http://www.dcsf.gov.uk/ukccis
by tcallington on November 26, 2009
Tackling internet crime is a complicated job, to say the least. Which is why Get Safe Online is all about collaboration. So today, we’re pleased to announce that we have another valuable string added to our bow with Gumtree.com joining us as a sponsor. You can read more about our partnership here.
You can also keep up to date with Gumtree activity on its blog. And if you’re a Gumtree-user, we also recommend checking out the Gummies Guide – a series of videos on how to use the site and stay safe while doing so.
by Tony Neate on November 20, 2009
On Monday (16th November 2009) I chaired the Get Safe Online Summit which took place in central London. The Summit is one of the cornerstones of Get Safe Online Week, and this year attracted over 120 key partners and stakeholders from across the public, private and voluntary sectors.
The keynote was given by the Rt. Hon. Angela Smith, Minister of State for the Cabinet Office. The Minister commented: “The internet can be a great tool to help people find work during the global economic downturn, but with criminals using increasingly sophisticated methods to take advantage of jobseekers, we need to maintain vigilance. Scams such as the recruitment of Money Mules can end up landing you in trouble with the law, which is why we’re asking all internet users to take some time out of their week to visit the Get Safe Online website and make sure they are up-to-date with the latest threats and advice.”
The agenda continued with Paul Evans, director intervention at SOCA, discussing strategies for reducing harm in the virtual world and the role that consumer education plays in law enforcement efforts.
Nancy Johnston, technology development manager at Age Concern and Help the Aged, discussed the broader challenges within the context of digital inclusion issues for silver surfers – highlighting the importance of simple interfaces, avoiding jargon, accessibility and lifelong learning.
Andy Auld, intelligence manager for SOCA’s e-Crime unit, highlighted a number of key threats including money mule scams, which have proliferated in line with growth in online banking fraud (recently published figures from Financial Fraud Action UK show that, in the first six months of this year, UK online banking fraud losses amounted to £39 million, an increase of 55% on the previous year).
The Summit also marked the launch and publication of the 2009 Get Safe Online Report, UK Internet Security: State of the Nation, which examines consumer trends and experience of online crime. Presented by Garreth Griffith, head of UK risk management at PayPal and a director of GetSafeOnline.org, the key findings of the Report can be found on the Get Safe Online Website
by tcallington on November 18, 2009
It’s that time of year again, and with people’s pockets feeling stretched, many of us will be looking online to find those bargain buys. Shopping online offers convenience, choice and value for money. However, wherever there is money being exchanged, you can be sure there are fraudsters waiting to take advantage of anyone who’s not aware of the risks and fully protected.
It doesn’t mean avoiding the internet, but just making sure you don’t make life easy for fraudsters. As part of Get Safe Online Week, Ofcom has published a new video setting out steps consumers can take and things they should look out for when shopping online this Christmas. Well worth a look before splashing your cash.
by tcallington on November 16, 2009
No, it’s nothing to do with a dearth of donkeys on Blackpool Pleasure Beach; Mule Recruitment is a sophisticated type of online fraud that could leave you with a frozen bank account and facing criminal charges.
It only seems like yesterday we were launching Get Safe Online Week 2008. But a great deal has happened in the past year and we’re now seeing a rapid rise in ‘money mule’ scams as fraudsters seek to exploit our financial worries in the wake of the recession.
A money mule is someone who, recruited by a fraudster, transfers money illegally gained in one country to another country, usually where the fraudster lives. Innocent job hunters are lured into the scams by fake, but professionally presented, job adverts, often placed on mainstream recruitment websites.
Read our fact sheet on Mule Recruitment to learn more about the risks and watch the video to learn how to spot a money mule scam.
Victims are mislead into believing that genuine jobs are available, such as ‘financial manager’, ‘money transfer agent’, ‘shipping manager’ or even ‘mystery shopper’ (purporting to evaluate customer service at high street banks). Once ‘recruited’, money mules are persuaded to share their bank details and are then unwittingly used to launder the profits of the fraudsters’ criminal activities.
At any given time, there are approximately 100 known mule recruitment sites targeting the UK, each of which may have lured in around 50 active mules. The risk is that by allowing their bank accounts to be used to receive and transfer illegal funds, mules are breaking the law – even if they don’t realise it.
Mules can become part of a police investigation and are often the easiest part of the criminal chain to track down. When ‘caught’, money mules often have their bank accounts suspended and can be liable for all the proceeds of the fraud.
by John Evelyn on July 21, 2009
Get Safe Online won a Nominet Best Practice Challenge award earlier this month. This recognises our success in achieving collaboration between government, law enforcement and the private sector to promote internet security for citizens and small businesses.
by John Evelyn on May 20, 2009
To support Adult Learners’ Week Ofcom has published the first in a series of Managing Your Media guides designed to promote media literacy across the UK.
Available as a video and downloadable guide, this resource is intended to show parents and guardians how to use parental controls and filters to manage their children’s access to digital TV and internet content. The guide also encourages parents and guardians to talk to their children about what they do on the internet and how to use it safely.
Ofcom research found that 57 per cent of children aged 8-15 mostly watch TV without an adult in the room. Similarly, half of all children aged 8-11 and two-thirds of those aged 12-15 mostly use the internet without an adult present.
The video and guide can be found here: http://www.ofcom.org.uk/advice/guides/media/media/
Have you been Rocked.
by Tony Neate on December 18, 2009
Another guest blog from Richard Hollis
Did you see the news recently that social networking site RockYou suffered a data breach exposing over 32 million user accounts? If that wasn’t bad enough, it was also revealed that they were apparently storing all that data (user account information) in plain text in their database. This fact came to light only because when RockYou attempted to downplay and dismiss the severity of the incident, the hacker responsible published a sample of the data to prove it and demonstrate that all the user passwords accessible were stored unencrypted.
To make matters worse, the published dataset also contained user password and logon credentials for other social networking sites.
So however you do the maths, there is a possibility that this hack directly affected you if you use a social networking site. The hacker was able to access this information through a SQL injection vulnerability on the RockYou site. This hacking technique is old, widely known and does not require a great deal of expertise to execute. The point being that any online business even marginally concerned with security would have closed off this easily exploited security hole before even thinking of launching their site – but apparently not RockYou.
Their attitude towards security is further demonstrated in their published password policies as they only mandate a minimal length of 5 characters for their account passwords. They have no requirement for mixed case, alpha-numeric characters and in fact enforce password simplicity by not allowing any punctuation at all. This is where RockYou gets it wrong. Passwords are the very foundation of online security. At this time of year we should think of them like underwear- the longer the better.
Learn a lesson from this incident – buyer beware! Next time you sign up to a social networking site or any web service for that matter, read the fine print. What is their security policy? Do they have one? If they don’t publish it on the site – chances are they don’t. Sending you open text passwords in emails are another indication that their approach to security may be short of your expectations. Read the privacy statement. Do they inform their customers about losses or breaches? Do you want to use them if they don’t? The choice is yours.
Richard Hollis – Orthus Ltd
{ 0 comments }