Another guest blog from  Richard Hollis

Did you see the news recently that social networking site RockYou suffered a data breach exposing over 32 million user accounts?   If that wasn’t bad enough, it was also revealed that they were apparently storing all that data (user account information) in plain text in their database. This fact came to light only because when RockYou attempted to downplay and dismiss the severity of the incident, the hacker responsible published a sample of the data to prove it and demonstrate that all the user passwords accessible were stored unencrypted.
 
To make matters worse, the published dataset also contained user password and logon credentials for other social networking sites. 

 So however you do the maths, there is a possibility that this hack directly affected you if you use a social networking site. The hacker was able to access this information through a SQL injection vulnerability on the RockYou site.  This hacking technique is old, widely known and does not require a great deal of expertise to execute.  The point being that any online business even marginally concerned with security would have closed off this easily exploited security hole before even thinking of launching their site – but apparently not RockYou.
 
Their attitude towards security is further demonstrated in their published password policies as they only mandate a minimal length of 5 characters for their account passwords.  They have no requirement for mixed case, alpha-numeric characters and in fact enforce password simplicity by not allowing any punctuation at all.  This is where RockYou gets it wrong.  Passwords are the very foundation of online security.  At this time of year we should think of them like underwear- the longer the better.
    
Learn a lesson from this incident – buyer beware! Next time you sign up to a social networking site or any web service for that matter, read the fine print. What is their security policy?  Do they have one?  If they don’t publish it on the site – chances are they don’t. Sending you open text passwords in emails are another indication that their approach to security may be short of your expectations.  Read the privacy statement. Do they inform their customers about losses or breaches?  Do you want to use them if they don’t?  The choice is yours.

Richard Hollis – Orthus Ltd

Guest bloger Richard Hollis

Last week, the United States Congress, House of Representatives, passed the Data Accountability and Trust Act – H.R. 2221.  The bill is now on its way to becoming Federal law.  This is long awaited and very good news for consumers.  It’s similar to the breach notification laws enacted by over 30 over the 50 states sparked by California mandating public disclosure of breaches back in 2003.  Federal public disclosure laws were previously blocked under the Bush Administration.   In essence it mandates that businesses publically disclose breaches of personal information in their possession.  
     
The new law will formally define personal information as, “an individual’s first name or initial and last name, or address, or phone number, in combination with any 1 or more of the following data elements for that individual:

• Social Security number, driver’s license number or other identification number
• Financial account number, or credit or debit card number and any required security code, access code, or password necessary to permit access to an individual’s financial account.

It formally establishes the Federal Trade Commission (FTC) as the oversight body and requires organisations holding data to implement a data protection policy and identify an information security officer.   More importantly, the new law will direct that businesses in possession of personal data establish procedures for identifying security vulnerabilities in the networks that process this data and monitor for breaches.  The FTC would also be tasked with posting breaches on their website.

The bill has some more stringent requirements for “data brokers”, including audits in the event of a breach.  It also requires two years of quarterly credit reports provided to victims at no charge. Third parties are also required to notify customers in the event of a breach, and the actual owner of the data is then required to notify consumers.  It doesn’t get any better than that.

The law will naturally result in a higher level of protection for personal data held by both public and private sector entities and establish the legal framework for consumer legal actions resulting from breaches.  It will also add some degree of consistency for organizations establishing programs to protect personal data and simplify compliance.
 
Good news for consumers everywhere as US law has a way of affecting legislation worldwide.

by Richard Hollis December 16, 2009 – Orthus Ltd

Guest post by Dr. Guy Bunker, Chief Scientist & Distinguished Engineer, Symantec Corporation

I don’t mean how much are you worth, it’s more about your information, your ‘data’. Times have changed and while the average cyber-criminal is still after bank account details and credit card numbers, they are also targeting other information as well. In fact anything that you protect with a username and password is of interest to them. Why? The answer is simple, it’s all about money – to them. At Symantec we have a Global Intelligence Network which monitors the internet for spam, viruses and other malware, however it also monitors some of the underground economy / black market traffic in data – your data. This information is published regularly in our Internet Security Threat Report, available from www.symantec.com. Here are some of the findings on just how much your data is worth to someone else:

Of course, just like any other ‘business’, you can get volume discounts, so you can get 50 credit card numbers for $40 ($0.80 each) or 500 numbers for $200 ($0.40 each)!

The latest ‘attacks’ are not just through email, but through web browsers and plug-ins and increasingly through social networking sites, so the next time you visit a site and it asks to install a plug-in, just do a quick check to see if the plug-in is legitimate – and that you really want it – there is more at risk than you might have imagined.

Dr. Guy Bunker is a Distinguished Engineer at Symantec Corporation. He is responsible for technical strategy for the security and data management group and runs a number of research projects around data loss prevention and intelligent archiving. Guy has worked for Symantec (formerly VERITAS) for more than a decade in a number of different product divisions and roles.

He has been a member of a number of industry bodies driving standards in computer storage and management and is currently an active member of the Enterprise Privacy Group. Guy is a regular presenter at many conferences, including InfoSec, StorageExpo, Transformational Government, Internet Security Forum, RUSI’s Protecting The Critical National Infrastructure, IAAC, Enterprise Architecture and the Symantec user conference, Vision.

Guy has authored a number of books and is currently working on his latest “Data Leaks For Dummies” which is due to be published in early 2009.
Guy holds a PhD in Artificial Neural Networks from King’s College London, several patents and is a Chartered Engineer with the IEE.

Guy’s blog on information security and availability can be found at: www.viewfromthebunker.com

Meet the Team: Richard Ambrose

Richard Ambrose took over from Garreth Griffith as Head of Trust and Safety (T&S) at eBay UK on October 1^st.

What brought you to Trust and Safety?

I’ve been at eBay for four years – I initially joined to manage the Collectibles category and I’ve been in ‘Finding’ for the last couple of years. (Finding refers to the way people find items to buy on eBay and it has its own team inside the company.)  I’ve always been a very passionate about trust and safety and so I was delighted to get the chance to work with the team.

Since you took over, what has been the biggest surprise about T&S?

The global nature of all our challenges was the biggest surprise. Internet crime is a global issue and, unfortunately, there is a small body of professional criminals who attack eBay members in multiple countries. They always try to find the weakest link in our defences so it’s really important that we are consistent wherever we operate. The good news is that if one part of eBay comes up with a brilliant advance to protect members, we can roll it out globally very quickly.

How does eBay work with the police?

We have a close relationship with law enforcement. We have an ongoing training course for police on how to investigate eBay reports and how to prosecute illegal activity on eBay. We have trained thousands of police officers to date. We make ourselves available to appear in court and provide witness statements for prosecutions, but we rely on customers to report crimes in the first place. We’ve seen a steady stream of prosecutions. So far this year, in the UK, we have helped secure 210 arrests and guilty verdicts in 69 different court cases.  

What are your priorities for the next year?

The bedrock is combating professional fraud. We want to make it difficult, risky, time-consuming and expensive for the tiny hardcore of professional criminals to operate on eBay. For example, we can try to stop them getting accounts on eBay in the first place and we can be quicker at identifying fraudulent listings.

 We often find that that a majority of professional fraud exploits the misuse of unguaranteed payment mechanisms like Western Union or personal cheques. This is precisely why we have banned these payment types from eBay. Secure digital mechanisms like PayPal have much less risk.

We’re experimenting with mandating the use of PayPal in certain areas where we think will think it will have a dramatic effect. For example, we required people to offer it as a payment option by anyone who wanted to list an Apple iPhone.

We’ve also launched a telephone support line for our most frequent buyers and sellers. We expect to roll this service out to more people during 2008.

How widespread is online fraud?

Luckily, the vast majority of eBay users don’t encounter it and have a very positive experience with us. 4m people in the UK visit eBay every day and the vast, VAST majority of their transactions are fun, good value and problem-free.

What advice would you give customers?

My number one tip would be to drop the seller a note via the eBay site and ask them a question about the item. It’s pretty much the best way of establishing their bona fides. You can learn a lot from the tone, attitude, the speed and content of a seller’s reply to a question.

What do you buy and sell on eBay?

I collect medieval coins. Last month I bought a very rare 11^th century penny on the site. I was delighted with it. These things are very hard to find and eBay is where I get most of my collection.

Technorati Tags: eBay, Richard Ambrose, Head of Trust and Safety

Here at Get Safe Online, we sometimes get email from people who have had problems buying and selling on eBay. They sponsor Get Safe Online but we are separate organisations. Our resources are limited and we can’t offer individual advice or help. So we asked eBay for some tips about where to get help on their site.

We’re conscious that there’s more we can do to make it easier for our members to get in contact with us and so we are currently in the process of trialling a phone support facility for some of our more frequent buyers and sellers. If successful, we will roll it out to more customers in future.

However, there are still lots of ways to get in touch with eBay and get help if you have a problem:

• Online help. We have an extensive help library. You’ll find solutions to many common problems
• Get in touch. You can use our online contact system to report a problem. Here, you can report a seller if your item was not received or not as described, submit an unpaid item dispute, and report any other problems you may have regarding your account
• Report suspicious emails. If you get any suspicious emails purporting to be from eBay or PayPal you can immediately report them to spoof@ebay.co.uk or spoof@paypal.co.uk. Forward the entire email to us. We will reply promptly letting you know whether or not the email or website is fake or genuine
  (eBay takes immediate action against spoof or phishing websites – through links with the companies that host them, 80% of fake sites that are reported to us are brought down within 24 hours and 90% are brought down within 48 hours)
• Report breaches of eBay’s listing policies. At the bottom of every listing, there is a link where you can ‘report this item’ if you believe it may contravene our listing policies. Every single report made in this way is reviewed by our team in Dublin
• Community boards. The Community Boards on eBay are a useful way for members to share information and get advice from other members on a range of topics. Whether you’re looking for real beginner stuff such as how to list an item for sale or something more complex to do with running a business, you can get the answers from other community members on the boards. For those who are new to eBay we’d recommend you visit the ‘new to eBay’ discussion board

Technorati Tags: eBay, online help, community boards, spoof emails

Written by Tony Neate, Managing Director, Get Safe Online

Over the last few years, there has been a lot of talk about the link between online crime and terrorism, but I don’t recall seeing any direct evidence. That’s changed. A friend sent me this link from the Washington Post. It looks like the link between online crime and terror funding has been firmly established.

Three men, Tariq Al-Daour, Younes Tsouli and Waseem Mughal, used stolen credit cards numbers to make purchases at hundreds of online stores, armed with shopping lists of items that fellow terrorists might need to complete their activities. Authorities also say the men laundered funds from stolen credit card accounts through more than a dozen online gambling Web sites.

They recently pleaded guilty at Woolwich Crown Court to inciting terrorist murder; they also admitted conspiring to defraud banks, credit card companies and charge card companies.

This has certainly heightened the need for people to protect themselves online. Not only do we need to protect ourselves from online criminals taking our money but we also need to protect ourselves from terrorists using the proceeds of crime to fund their activities.

Guest blogger: Nick McGrath, Director of Platform Strategy, Microsoft

I am often asked what is the biggest challenge people face on Security. My answer is simple:“enablement.”

Security is an enabler to help a company to grow. Business owners expect the company’s information to be available for their employees on any device, at any time, anywhere they might need it.

Inside of every successful Business “someone” has to take responsibility for the security of the computers and the information they hold. This is the role of the security professional, a trusted employee or a trust IT supplier working on behalf of the company. They keep the secrets of the company secure, reduce exposures to external threats and allow the right levels of access to the right people. They are the gate keepers that have the keys to the information that’s the life blood of any company.

With this weighty responsibility comes the need to provide access in a controlled manor. Microsoft is one of many industry partners that consumers, small business customers and the security professionals can turn to for help. Many will ask ‘why Microsoft?’  Unfortunately, they see us as the cause of these problems not the solution.

The answer comes in three simple words. People, Process and Technology. You can have the world’s most secure technology and it will be useless if the People responsible for it’s implementation do have a Process in place to enable the security within the technology. So where does someone start? How can you understand what the threat looks like within your company?

The quickest and simplest way to secure your business is by getting the right person to implement the right processes using the right technology for your business needs. They in turn need to know the steps that need to be taken on this undertaking. Get Safe Online is run by Government and industry partners like Microsoft, eBay, HSBC and others provides sound advice for business customers. This is a good place for businesses to start and it’s one of the ways Microsoft is helping to solve the problems of computer security.

Anyone who uses laptops for business needs to think about encryption and this is another area where Microsoft can help. Here’s a tip: our Data Encryption Toolkit for Mobile PCs. It provides guidance and tools to help you protect your laptops and the information they hold. The tips and tricks outlined in this Toolkit are easy to understand, and the guidance shows you how to use two security technologies already available to you in Microsoft Windows XP or Windows Vista: the Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker).

Every day the security risks we face in the physical world are changing. The television news will often give you an insight to these risks and the steps you should take to protect yourself and your loved ones. The internet is no different to the physical world in that regard. It’s an ever changing environment that forces us to keep vigilant to the latest threats and the steps we should take to protect ourselves.

Get Safe Online will provide you with the news on these threats in a factual and practical manor. Please continue to tune in and listen to the advice it provides.

More than 68,000 people in the UK use eBay as their primary or secondary source of income. Many businesses use it as their online shop front. And with more than 15m customers in this country and 233m worldwide, it’s no surprise.

Most of the people who use eBay for business – whether they are a sole trader or a multinational – have a good experience. But with so many users and such a big market, it isn’t surprising that there are bad guys out there who try to take advantage. In this as in other ways, eBay reflects the real world.

However, we take the problem very seriously. We have over 2,000 people worldwide working in our Trust & Safety teams. We haven’t always been very good at telling people what we were doing. So, this guest post on GetSafeOnline.org’s blog gives me a chance to take you behind the scenes and tell you what we’ve been up to:

• We recently revamped our UK Safety Centre, providing more relevant information on how to trade safely on eBay, written in a simple, easy-to-understand way.
• We are creating Seller Standards criteria which will help sellers understand the standards our buyers expect from them. We are already taking action against the sellers who create the most bad experiences for our buyers.
• We recently updated the Feedback mechanism so that buyers can rate sellers on things like communication, shipping price and responsiveness. This will reward responsible sellers and encourage the others to meet eBay’s higher seller standards. It also helps buyers make more informed buying decisions based on the more detailed feedback from past buyers.
• We have a team dedicated to preventing phishing (criminals using fake emails to get personal details). Every time someone reports a fake email to spoof@ebay.co.uk, eBay follows up on the report to get the related fake website shutdown asap. Typically, they take down 80 percent of fake sites within 24 hours. They also constantly update the Account Guard functionality in the eBay Toolbar with the latest known fake websites. They catch over 90 percent of hijacked user accounts before the bad guys can actually buy or sell anything..
• We also have a global team who work closely with Law Enforcement around the world, helping with their investigations and bringing many criminals to justice every year.

Despite this work, most of it unpublicised, many users blame eBay when something goes wrong. Of course we have a massive responsibility to keep our Community of users safe, but those users have to take some responsibility of their own to protect themselves too. 99 percent of the time, when someone has a bad experience on the internet, it’s because they used a weak password, or didn’t have up-to-date security software, or hadn’t taken the time to educate themselves on the risks. This is why eBay supports GetSafeOnline.org so strongly – we want everyone to enjoy the internet and to enjoy it safely.

We work hard to make eBay a fun and safe place to do business. We can teach you to buy and sell safely on eBay. GetSafeOnline.org can help you enjoy the whole internet safely and easily.

Guest blogger: Nick Staib, Senior Manager, Internet Banking, HSBC Bank plc

HSBC Bank plc and first direct are delighted to sponsor GetSafeOnline.org, and are happy to provide an insight into a typical day in the life of our joint internet anti-fraud operations. We are frequently asked what we do about phishing and fraudulent web sites. Well, read on. I’m going to give you a brief glimpse behind the scenes.

‘Technical Investigations’ are part of the bank’s global defence team, operating day and night to keep customers banking safely online.

A typical ‘day’ begins at 6am with a review of all suspicious emails forwarded by customers to phishing@hsbc.com, and with an analysis of phishing attempts in the previous 24 hours.

Any attacks are dealt with immediately; usually in the small hours whilst customers are still asleep. Each attack usually teaches us something new, but fraudulent web sites are always closed down. Sometimes we can shut down a site before the customer even reads the associated fraudulent email. Most ISPs are very co-operative, especially when contacted by our local teams within their own countries.

We also spend part of the morning gathering and interpreting online intelligence. This means trawling the internet for information, sifting reports from security sites, and cross-checking compromised web and IP addresses with our own records. This helps us tweak our defences against the latest threats.

We also systematically check our own internet banking access records for signs of any ‘abnormal behaviour patterns’. These are good indicators of fraud attempts. We try to identify customers at risk, so that we can speak to them directly and ensure they are safe.

Much of this business is about two-way communications – internet threats change so very quickly – so time is set aside for talking with customers and business colleagues, as well as with other banks and law enforcement agencies in the UK and overseas to share any lessons learned.

Then we do all this again – every day of the year. But that’s OK, it’s our responsibility. All that we ask from our customers is to follow the sensible advice within GetSafeOnline.org and enjoy the internet in safety.

Tips from one of the good guys

When it comes to computer security, your biggest vulnerability may be a bit of a surprise. “I’m sorry, but no-one vets the cleaner,” says Peter Wood, First Base Technologies‘ hacker-for-hire.

Unlike criminal hackers, Wood operates on a strictly ethical basis. He is Chief of Operations at a security consultancy and firms hire him to test their defences. But he uses the same sneaky tricks as the bad guys, which includes trying to infiltrate an office using bogus cleaners.

It takes a couple of minutes to attach a tiny keystroke logger onto someone’s keyboard. These little bugs record every key press the user makes for up to eight months. Not only can this reveal network passwords but it might contain credit card numbers, home addresses, bank account details – anything that the user typed into the computer. It’s not just cleaners. “Real criminals have an incredible amount of front. Most organisations have no idea how vulnerable they are to casual walk-ins.”

While malicious outsiders are a genuine risk, Wood believes that the biggest threat comes from inside. So his first task is to simulate a disgruntled employee or an unsupervised visitor by plugging in his laptop to the company network. An insecure wireless networks means he doesn’t even need to get inside the building to log on.

“We only need one valid user name and password to access a network,” he says. “In the trade we call that ‘Game Over’.” It’s depressingly easy to get them.

Access to almost everything comes down to passwords. Obvious choices like ‘password,’ ‘football,’ or the user’s own name are so common that Wood can guess a quarter of all passwords in a couple of minutes. Using freely available hacker software, he can crack at least half of them within 24 hours.

Social engineering is another risk: “just ringing people up and asking them for their passwords works quite well, providing you have a semi-plausible story.”

A surprising weakness is everyday software. Many automated back-up and anti-virus programs have their own network accounts. Any hacker worth their salt knows the default user names and passwords and, sadly, many customers never change them.

Why does all this matter? “People make assumptions about the security of data on their servers,” he believes, “and they don’t really think about who might be reading secret information, such as business plans, mergers and acquisitions, payroll information or staff reviews.” In reality, anyone with an administrator password can read anything. Putting a file on the server is not the same as locking it up in a filing cabinet. “My bottom line here is that they have to take extra steps to protect this information and the only choice is encryption using something like Pretty Good Privacy (PGP).”

If Peter Wood had a magic wand, it would be user education. His top tips are:

1. “In the words of Fox Mulder, ‘trust no-one.’ We’re talking at a very personal level here. Stealing someone’s logon is a portion of identity theft. It won’t just impact their employer but on their life as well. It could cost them their job.”
2. “People need to understand how to choose a password that is both memorable and secure. It’s actually quite easy: try the initial letters of the first line of a well-known song (‘Lucy in the Sky with Diamonds’) or memorable phrase (‘I hate my boss because he’s a stinker’).”

In case you think you’re not at risk, Wood has one last word of caution. “What my clients always say is ‘well, we’re not the Bank of England. Who wants to attack us?’ They’ve only got to piss off one employee (and SMEs are good at that) to have a motivated would-be hacker reading the payroll, sticking porn on the CEO’s hard drive, deleting work, stealing secrets. Hackers are not just a weird underground class of misfits, they’re you and me.”

By Matthew Stibbe. Originally posted on Microsoft’s bCentral website. Reproduced with permission.  

Inside a computer security fortress

It’s cold. A light dusting of snow covers the fields in the valley. It’s silly o’clock in the morning and I’m beginning to wonder what I’m doing in the depths of the Hampshire countryside. Then I find the entrance: a steel windowless door leading directly into the hillside.

The door is opened by an ex-submariner who must enjoy being underground. He has been looking after this former cold war nuclear bunker since it was decommissioned in 1991. Welcome to Symantec’s security operations centre.

Originally designed to house 30 employees of Southern Water for two months in the event of nuclear war, the bunker boasts state of the art security. Every part of the building and its surroundings is monitored by video camera. Entry is via an airlock protected by 18 inch-thick steel doors. The facility’s walls are 18 inches thick and made from reinforced concrete. The concrete on the roof is over seven feet thick, reinforced with steel. You could store the crown jewels here.

Inside, apart from the lack of windows and the ubiquitous cameras, it feels like a normal office. At the heart of the building there is an open plan room that looks like NASA mission control on dress-down Friday. A dozen engineers study the computer screens in front of them. Their job? Nothing less than constant surveillance of the internet for emerging threats.

The Hampshire bunker is one of six security operations centres that Symantec runs worldwide, on the front line of the fight against viruses and Trojans. They are digital security guards for the company’s large corporate clients. They have direct access to their clients’ firewalls and intrusion detection systems. This is why they need such strong security – how else will their clients trust them with the keys to the kingdom? However, I don’t think Symantec are unaware of the drama of such a setting.

Although the bunker itself sets an impossibly high standard for the rest of us to live up to, it embodies universal principles of physical security:

• Physical hardening. You don’t need blast protection, radiation filters and steel doors but you can make unauthorised access to your office and your computer room more difficult. For example, you can fit discreet steel plates to the backs of wooden doors, and fit steel bolts to stop them being kicked down.
• Access control. A decontamination shower may be an awkward way to greet visitors but controlling who gets into the building is vital. Checking and making sure people are properly escorted can reduce the risk of walk-in hack attacks and theft.
• Accountability. At the bunker, every room is monitored with a video camera. They store the data for three months so they can check up who went where if a breach occurred. Keeping security logs seems like a chore until you need them.
• Redundancy. The bunker has standby generators and uninterruptible power supplies in case of power failure. Do you?

By Matthew Stibbe. Originally posted on Microsoft’s bCentral website. Reproduced with permission.

Mind the gap, watch your step, look both ways, fasten your seat belt, and don’t talk with your mouth full! We are all used to being told what to do from a young age. Often the advice was focused on issues of safety. Let’s face it without our parents or guardians worrying about how we crossed the road as small children many of us would not be here today. What happens though when we become adults? Do we still listen to and accept the practical advice and guidance we need to have a safe and happy life? We are all being bombarded with advice as adults that’s supposed to achieve this very end. Stop smoking, drink less, invest for your retirement, watch your blood pressure, be good to your neighbours, eat five portions of fruit and veg each day. Ultimately the life style decisions we take are ours to make as we deem fit. As adults we have freedom of choice curtailed only by our moral values and the laws of our country. As a results then everyone plays by the rules, right?

Sadly not…….

The internet is an exception to the rules. Here you can be free to express yourself. Under a cloak of anonymity your able to visit the wonders of the world from the comfort of your own home. The only thing to stop you experiencing the very best the internet has to offer is your own imagination. That and thousands of criminals looking to infect your computer, steal your identity, rip you off and generally make your internet life unpleasant.

Fear not…….

The Get Safe Online organisation came into existence to help fix this very problem. A collection of organisations led by Government, supported by law enforcement and backed by commercial companies. I believe it’s fair to say that the solution to getting safe online is an industry one. One company alone cannot fix the problem in the same way the government alone cannot fix the problem. Technology can and will play an important part in the solution. Anti-virus solutions, firewalls, spam filters, encryption techniques, and the like are unable to make the internet a safer place by themselves. Microsoft continues to make deep investments in research and development in these areas.

Security is one of the top priorities of our company. In many respects when it comes to security I feel we have turned the corner and are heading in the right direction. Our Windows, Office, Server and tools products have all made significant changes and improvements in terms of security and reliability. Every day our security development teams wake up and receive reports on criminal exploits on the internet. Then they get to work, keeping one step ahead. We will continue to do our part in securing the products used by millions of people across the world, but we need help. Your help.

Worry not…….

First we need to stop worrying. It’s exceptionally easy to Get Safe Online by following the advice and guidance found on the site. Educate yourself on the latest techniques used by the criminals. Learn how to check your PC is secure. Know the tricks criminals use to obtain your personal data. Keep one step ahead by getting your computer and yourself updated. It does not take that much effort on your part. The Get Safe Online quiz is a great starting point.

Enjoy!!

Our parents and guardians helped us grow from children to adults in the real world. It’s strange then that in the internet world it’s often our children and young people who know more than the adults. They know the fun places to go, things to see, things to do and places to be seen. Their confidence comes from experiencing the internet each and every day. Sadly confidence and experience do not equal knowledge. Wisdom comes from listening, learning and taking the time to become educated. The more you know the safer you will be. The more you help your friends, family and colleagues the safer they will be. So, learn more, protect yourself and enjoy the internet safely!  (And don’t forget to wear sunscreen.)