8 Tips to prevent student hackers from accessing school computers

September 2, 2010

Back-to-School time means hacker-proofing school’s computers. While protecting students online safety is a must, so is protecting school computers from malicious students.

It’s an administrator’s nightmare – students hacking school databases to change grades, stealing computer passwords, infecting computers with key-stroke logging malware, accessing secure sections of school sites, posting pornography or hate content on school sites, or hijacking a school’s website.

And it is a reality schools across the country struggle with.

“Students are very, very tech-savvy. Far more savvy than the majority of adults at our school,” says Michael Wilson, the principal of the 775-student Haddonfield Memorial High where keystroke logging malware was used to discover passwords and gain access to protected areas on the school’s computer network.

School systems are uniquely vulnerable to hacking, says James E. Culbert, an information-security analyst for the 135,000-student Duval County schools in Jacksonville, Fla. “In the case of our school system, we’ve got 135,000 [potential] hackers within our district, inside of our same network that houses our student-information systems and HR systems.”

Staying ahead of would-be hackers is not a one-fix solution; it’s an ongoing process that periodically assesses new and existing threats and updates security practices.

If you’re school is struggling with hacking, or you are unsure of the steps your school is taking, review the 8 Tips to preventing student hackers from accessing school computers:

  1. Ensure school computers have up-to-date security software installed, and that it automatically updates. Be sure firewalls are set, and enforce the use of  strong passwords.
  2. Set the ground rules that outline what is (and isn’t) acceptable use of school computers, and make sure students and their parents are aware of both the rules and the consequences for hacking, harassment security breaches, or failing to adhere to the schools acceptable use policy. Talk about these standards periodically, not just during the first week of school.
  3. Leverage content filtering technologies that help prevent students from seeking out inappropriate online content.
  4. Swiftly and consistently, address any misuse of the schools computer system.
  5. Require each user – teacher or student – to use a unique login. Some schools have strengthened their networks by clearly identifying if it is a teacher or a student who is logging in. Some also time-stamp when the account was last accessed allowing teachers to quickly see if their account has been compromised.
  6. Use two networks – one for students, another for teachers and staff. This makes it harder for students to hack into sensitive information.
  7. Educate teachers, staff and parent volunteers about the school’s internet access policies so they can stay vigilant in monitoring students online use and actions.
  8. Teach internet safety and digital responsibility to help students develop a strong online ethic.

Its the start of a new school year, let’s get it started securely.

Linda


New materials from the CyberBullying Research Center

September 1, 2010

About the Center:

The Cyberbullying Research Center is dedicated to providing up-to-date information about the nature, extent, causes, and consequences of cyberbullying among adolescents.  Cyberbullying can be defined as “willful and repeated harm inflicted through the use of computers, cell phones, and other electronic devices.” Run by two leaning experts in the field, I have the utmost respect for the work of Drs. Patchin and Hinduja.

Here are links to their new resources:

Linda


Because spyware never sleeps…

August 31, 2010

Linda Criddle, President of the Safe Internet Alliance, and LOOKBOTHWAYS Inc., was recently interviewed for the article Because spyware never sleeps… by Problem Solvers Jon Yates and Kristin Samuelson of the Chicago Tribune.

Excerpt:

But fear not, there is a growing arsenal of anti-virus weapons at your disposal.

Linda Criddle, a technology expert and the author of several Internet safety books, says the question for computer users isn’t if you should install anti-virus software — but rather which one.

“You can’t live without it,” Criddle said. “It’s that flat-out simple.”

All anti-virus programs combat two types of intrusions: spyware and malware. Spyware is any type of software that infiltrates your computer without your consent, then monitors or controls your activities. Malware, short for malicious software, is specifically designed to steal your personal information, send spam and commit fraud.

Without anti-virus software in place to combat spyware and malware, your computer can be compromised in the blink of an eye.

“A brand new computer will be infected with malware within four minutes,” Criddle said. “It could be using your computer as a source to infect others with anything…The people writing malicious software are businessmen. They’re out there to make money.”

So which anti-virus software should you use? There are plenty of options out there, many of which are free.

Criddle suggests Googling “best free anti-virus software” and reviewing the list of free programs to compare which features are best suited for you. Choose one that updates automatically and gets good reviews from other users.

Although free anti-virus software can protect your computer, many of the free programs take more work on your part.

Popular anti-virus software from Norton, McAfee, Microsoft Defender and others cost money — but they’re generally more advanced and easier to use, Criddle said.

Among the free versions, Criddle recommends a version by AVG, which can be found at here.

Even with an anti-virus program installed, both Bolish and Criddle recommend being careful when cruising the Internet.

Avoid websites you don’t know and trust. Never click on pop-ups, and be selective about what you choose to download online.

Click here to read the full article.

Linda


WebSafety’s CellSafety Product Review

August 31, 2010

I’ve had several consumers ask me recently about the company WebSafety and their new mobile phone product CellSafety. Here are my thoughts:

Company Impression:  problematic credibility

WebSafety’s development team has a strong law enforcement and prosecutorial background. This is both a strength and a weakness. While they’ve been ‘in the trenches’ to know the issues, their solutions are heavy handed.

To be clear, any company in the business of providing protection services to consumers has to first overcome one hurdle – convincing people that they need protection.  However, how a company goes about making that business case can vary dramatically.

WebSafety’s mission statement makes it clear from the start that they’ve chosen to go the fear and sensationalism route and it shoots their credibility to pieces right from their home page. “To enable parents to protect their children from the dangerous cellular and online worlds through advanced software systems.”

Neither the cellular nor the online worlds are dangerous; instead some elements within these have risks, and those risks range from low to high probability of occurrence and low to high potential consequences.

Our jobs as individuals and parents is to assess these risks as they relate to our own, or our children’s, unique circumstances and take appropriate measures. Fear messaging makes choosing appropriate measures more, rather than less, complicated and these messages therefore do more harm than good.

The CellSafety Product:

I am concerned about the lack of real information about the company’s CellSafety product. Beyond their dropdown bullet points (shown below), I can’t find any information that let’s me understand how these services work, what level of management I have over each feature, what level of transparency about the monitoring is provided to youth (and, keep in mind these could be used against a spouse, an ex- or other person as easily as against a child) – or even what “AND MUCH MORE…..” is.  There is no material about discussing safe texting with kids, or any educational material whatsoever.

Particular points of concern:

Their CellSafety Product: In a press release, CellSafety said it “uses proprietary technology to electronically detect when a car is moving at speeds above 10mph and prohibits the driver’s ability to send or read text and email messages or utilize the phone web browser.” In their bullet list they say “passengers can ask parents for permission!” presumably to override the automatic blocking of passengers ability to text, as all that can be detected by their product is that a phone is in a moving car, not whether the person trying to text is the driver.

  • What about legitimate cases where the passenger is using the driver’s phone? Blocking that could put the users at risk.
  • What stops the driver from using a passengers unblocked phone?
  • What happens if the passenger can’t contact their parent to get permission?

CellSafety also claims they can “ensure that a driver’s eyes are on the road and off their phone”. Really?

  • People play games on their phones while driving
  • People dial numbers when driving
  • People surf and read email when driving.

No outside element can ensure where the driver’s eyes are – or aren’t. And while I’m strongly against texting while driving, (see below for  blogs I’ve written on this topic) I think we’ve lost sight that ANY form of distracted driving is wrong. Should we get an product that will stop someone from applying mascara while driving, shaving while driving, yelling at kids in the back seat while driving, or being drunk off their rocker while driving?

The company mixes statistics in a manner that is sloppy, and misleading. In the same press release about their CellSafety product designed to block texting while driving, WebSafety states that “Distracted driving is one of the most serious, life-threatening practices on our nation’s roadways with almost 8,000 crashes related to distracted driving occurring daily in the United States.” I assume this is a true statement, but that is not a statistic about texting while driving – the problem they propose to solve – it’s a statistic about ALL distracted driving.

This statistical blurring continues with their CEO Rowland Day stating “Consumers mistakenly believe they will not be the victim of, or responsible for, a distracted driving incident which is why the CellSafety application is so vital in order to stop the deadly social obsession of texting-while-driving.” Again, the implication is that all distracted driving is texting when driving, and we all know that isn’t the case.

The CellSafety mobile application also includes additional features which inhibit texting in school via “No Texting Zones” in order to prevent scholastic cheating as well as notifications in real-time if users are sending or receiving inappropriate text messages.” There is nothing wrong with a kid texting while at school; in fact there are very legitimate reasons for doing so. Cheating is wrong. Texting when you should be participating is wrong. But texting during lunch? Texting your mother about after school plans? Getting a text from your father about where he’s going to pick you up from? Sending your mom a reminder to bring your soccer shoes?

What I see is a product that is more designed to ‘catch’ than to educate kids. That hasn’t gotten past the sledgehammer approach to blocking, filtering and reporting to design meaningful services that create constructive, collaborative safety environments for families.

I think the intent behind the company and their services is good, the execution is lacking.

Additional blog posts on Texting and Driving:

Linda


Getting hung up on cell phone insurance

August 30, 2010

Linda Criddle, president of LOOKBOTHWAYS Inc., and the Safe Internet Alliance was interviewed for today’s Chicago Tribune article Getting hung up on cell phone insurance

Excerpt from article:

“For most consumers, it’s not worth the money,” said David Kolata, executive director of the nonprofit Citizens Utility Board. “It only potentially makes sense if you have a very, very expensive phone, but if you’re like most consumers, it’s not really a great deal.”

Why? Well, for one thing, it’s not cheap. In a review of thousands of consumers’ cell phone bills, Kolata’s agency found that roughly half of the customers purchased cell phone insurance, at an average cost of $5.64 a month.

Over the course of a year, that adds up. In some cases, you’ll be required to sign a two-year deal. By the time you’re done, you’ve paid more than $130 in insurance premiums. Most phones don’t cost that much new.

Even if you purchase a more expensive phone, there are other considerations. Linda Criddle, president of the Safe Internet Alliance, says consumers should check their phones’ warranties. If damages are covered for the first year, why buy insurance?

“It’s risk versus actuality and the cost of replacement, but make sure you know what the insurance would cover and what your warranty covers,” Criddle said. “Look at the delta between those two.”

If you decide to buy an insurance plan, read the description carefully. In most cases, cell phone insurers will not cover damage caused by water or other types of accidents, such as dropping the phone. “An alarming number of phones end up in toilets,” Criddle said.

Click here to read the full article.

Linda


It takes More than Technology to Venture Out in Nature

August 30, 2010

Now there’s one more item to add to the list of internet safety topics; technology doesn’t cure stupidity when spending time in the great outdoors.

An article in the New York Times outlines the struggle National Parks are facing as technology leads more park visitors into trouble.

Experienced hikers know to bring the gear, clothing, food, first aid kit, and water needed for any outdoor adventure, but with record numbers of visitors in our National Parks, rangers say that technology often figures into the trouble ill prepared, or inattentive people get themselves into.

While technology can benefit hikers who can call when they are really in trouble, the role of technology in accidents inside national parks has become so prevalent that the park service recently added “inattention to surroundings” to their list of common causes of injury.

The Times article provides several examples:

  • The woman who wanted close-up footage of a buffalo, but who got more than she bargained for as the buffalo charged.
  • The hiking party that called in rescue helicopters three times by pressing the emergency button on their satellite location device. When rangers arrived the second time, the hikers explained that their water supply “tasted salty.”
  • The French teenager who was injured after plunging 75 feet this month from the South Rim of the Grand Canyon when he backed up while taking pictures.
  • People with cell phones who call rangers from mountaintops to request refreshments or a guide – or hot chocolate.
  • The hikers who rely solely on GPS, failing to use common sense, maps, or compasses – sometimes failing to even bring water with them.

Providing help is expensive. Flying a helicopter into the park for a rescue can cost as much as $3,400 an hour, said Maureen Oltrogge, a spokeswoman for Grand Canyon National Park. I sure hope the gentlemen who felt compelled to call in the choppers 3 times, are footing that bill.

The lessons to learn?

  • Hiking distracted can be as fatal as driving distracted.
  • You can’t pull water, food, or shelter, out of your cell phone or GPS device, any more than you can pull it out of your ear. If you want to eat, drink or have shelter, bring it with you.
  • There aren’t cell towers in the National Parks – or in most of our wilderness areas – so expect coverage to be spotty at best, if carrying your cell phone is your whole survival plan, expect to find yourself up a creek.
  • Technology can’t beat out common sense and preparedness, if you don’t have these, stay home.

Click here to read the full NYT article.

Linda


New Resource for Bullying, Cyberbullying Issues

August 29, 2010

A new website with A Comprehensive Guide to Bullying has been brought to my attention. It has been created by a woman in the SR Education Group. The website content offers an in-depth assortment of resources on bullying statistics; child bullying; cyber bullying; workplace bullying; resources on the laws and rights of victims; and resources on prevention, counseling, and treatment.

I think it  provides some excellent materials for schools, families, and individuals. Check it out.

Linda


Craigslist Under Fire Again for Child Sexual Exploitation

August 29, 2010

The adult services section of Craigslist has long been one of the most efficient and effective methods of selling women and children for sex services, and the company has been under steady pressure for years including threat of legal action by 43 state’s prosecutors in May of 2009.

In response, Craigslist chief executive Jim Buckmaster said that every ad posted to the new “adult services” category would be manually reviewed and that the section would be scrubbed of blatant sex-for-money ads and pornographic pictures.

Apparently the promise of manual reviews for every ad posted fell by the wayside, or the reviewers aren’t doing their job, or the lure of the projected $36 million in revenue Craigslist will earn from their adult services ads this year dampens enthusiasm for strict reviews. It took me less than 3 minutes to stumble across an image of male genitalia on Craigslist’s Adult “misc romance” page under the heading Mature Voyeur seeks Friendship with …..

And fresh charges leveled by the Rebecca Project for Human Rights and the Fair Fund say the site continues to be a hotbed for online prostitution, which often involves underage women forced into the sex trade.

“Craigslist is like the Wal-Mart of online sex trafficking right now in this country,” said Andrea Powell of the anti-human trafficking group The FAIR Fund in an interview with CNN.

Recently, the Rebecca Project and Fair Fund sponsored a half-page letter to Craig Newmark, the site’s founder,  in the Washington Post, written by two young women who were forced into prostitution on Craigslist.

Even more heavy hitting is a CNN investigative report into Craigslist, which ran earlier this month titled Selling Sex? Confronting Craigslist.

In this video, CNN’s Amber Lyon posts a fake ad implying that she is a child prostitute to see if Craigslist would allow it to be posted. It was posted with no issues, and in only three hours Lyon had received 15 calls seeking sex with a minor, and said her phone rang off the hook for two days. The video also captures the lives of Craig’s List sex workers, and captures face to face footage where Lyon confronts Craig Newmark with questions to which he remains silent.

Connecticut Attorney General Richard Blumenthal said in a statement last year that Craigslist’s announcement that it would manually review adult content was “a solid next step, not a solution,” and added: “Closing the erotic services section — a blatant Internet brothel — should lead to other blocking and screening measures, and set a model for other sites, if Craigslist keeps its word.” This summer Blumenthal joined the human rights groups calling for Craigslist to excise the “adult” section from its site.

Katherine Chon, Executive Director of the Polaris Project, wrote the following on Not For Sale, the campaign to end slavery in our lifetime:

In one recent case, two Chicago women were charged for selling girls as young as 14 years old on Craigslist. The girls were forced to have sex with 10-12 men per day, and the traffickers made tens of thousands of dollars. A Boston man and his niece were charged with plotting a child trafficking operation with teenagers as young as 13 by selling them on Craigslist to predators from Massachusetts to New York. These cases are just the tip of the iceberg. In fact, law enforcement efforts to fight trafficking nationwide are consistently reporting a spike in online Craigslist ads, and how sex trafficking has “moved online” lately.

The Craigslist for Washington, DC is one of the most active, with an average of 500 sexually oriented ads per day. As Chon points put:

A significant percentage of these ads on Craigslist do not advertise solely “legal escort services” as Craigslist may like to believe. Instead, a considerable percentage of the ads are a thinly veiled guise for one of the many faces of human trafficking that exists here in the United States. Although Craigslist may convince itself that it has created a beneficial online venue for advertising legal escorts, in effect, what it has done is create a fertile ground for traffickers to further their trade in human misery.

Additional articles regarding Craigslist and prostitution:

To be sure, Craigslist is not the only site where trafficking occurs. A quick check on the Seattle Times Personals pages, and the Washington Post’s personal pages shows ads equally explicit and suggestive of trafficking – as do many other personals sites.

NOTE: the Seattle Times/NWSource site also sells the email addresses and usernames of ‘interested parties’ to other “adult” sites ensuring you are spammed instantly.


And, a quick look on Eros.com – a site specifically designed for sexual hook-ups lists up front the per/hour charge for the ‘girls’, and the ‘services’ they provide.

Stopping the trafficking of women and children is something we all have a stake in – and holding ALL web services accountable for the content on their sites is an important first step.

Linda


Sexting often leads to heartbreak, humiliation

August 28, 2010

On behalf of the Safe Internet Alliance, Linda Criddle was interviewed for this story by Lois M. Collins. It was published Sat. Aug. 21st, by the Deseret News.

Also interviewed was Dr. Scott Whittle, a psychiatrist and medical director of Primary Children’s residential and day treatment programs who said “When our children face shame and embarrassment [from sexting] and aren’t able to find relief, they may consider drastic measures that place them at risk,” Whittle said. “This is a reaction we are seeing from bullying and the social taunting that comes from sexting that is shared beyond its intended audience.”

Read the full article here Sexting often leads to heartbreak, humiliation.

Linda


Seattle Schools To Hold Students Accountable for All Online Postings

August 27, 2010

The Seattle School Board voted this week to enact a new policy for this coming school year that holds students accountable for anything they post on a social networking site, forum, text etc., even if posted from home or private computer.

“The safety of our students and the security of our students is our first concern,” said Teresa Wippel with Seattle Public Schools, and adds that the Seattle School Board voted to approve the measure so schools can respond to kids who may be planning something on Facebook, MySpace, Twitter, or by texting that will be “disruptive”, according to a Komo News report.

At issue is what is defined as disruptive?

When Komo interviewed Wippel, she said, for example, a threat to fight another student after school, or bullying another student would be considered disruptive. When asked “But what if it’s a student saying something negative about a teacher? Is that free speech or is that disruptive?” Wipple responded “I think, again, that would be up to the principal to decide after he’s taken a look.”

The accountability policy won’t involve actively monitoring sites such as MySpace and Facebook according to district representatives. Instead, the policy is to prompt an investigation when a parent or student notifies the school or district that someone wrote something online that could be disruptive.

It’s easy to understand the intent of this policy, but there are troubling issues that need to be resolved to ensure that the intent and the reality are aligned, that privacy is maintained and that the policy remains within the appropriate bounds of the law.

The ACLU says they are taking, hard look at the district’s new policy, and this is an issue worth following.

Linda