The European Union (EU) has adopted a new Safer Internet Programme, which will be in place as of 1 January 2009 aimed at making the web a safer place for kids.

To support the programme, the EU has announced funding of €55m over five years. This will cover initiatives to raise public awareness and promote a safer online environment, as well as prevent harmful content from being posted on the web.

According to the EU's budget breakdown, 66 per cent or €36.3m of the overall cash pot will be spent on education and promoting a safer web for kids, while the remaining €18.7m will go on tackling harmful content.

The EU also highlighted new research from Eurobarometer, which revealed that three quarters of six- to 17-year olds use the internet, while half of 10-year-olds have a mobile phone.

However, despite kids being comfortable with technology, their parents don't appear to feel the same. The study found that more than half of parents are concerned that their offspring will be the victim of online grooming or cyber bullying. In response, the majority of parents said they did not allow their kids to give out personal details or talk to strangers on the web.

What's worrying about the study is that 41 per cent of parents also admitted they don't use any kind of web filtering or monitoring software - so it's hard to work out how they stop their children from giving out their name, age and other details online, or from chatting to strangers. About two thirds of those not using any filtering tools said this was because they trusted their children, while 14 per cent said they don't know how to get hold of or use monitoring software.

Hopefully part of the €55m funding will trickle down into practical sessions for parents on the many available web filtering tools, how they work and where they can be downloaded or purchased from - and also a useful lesson in cynicism as I'm sure lots of the kids reassuring their parents that they don't give out any personal details or chat to people they don't know online are doing exactly that.

December 10, 2008 | Permalink | Comments (0)

You know how the last blog posting talks about technology being the most important thing in the anti-malware industry? Well, that probably has to be qualified a little bit, because the other key message coming from the Kaspersky Lab New Dimensions press event so far has been the importance of the engineers. So, it's actually all about the technology ... and the people.

Yes, the unsung heroes of anti-malware industry were finally given their day in the sun today - well, not literally, they were still locked away in a windowless room staring at code - as Eugene Kaspersky explained how the astonishing success of the company has been down largely to attracting and keeping talented engineers. The firm is lucky enough to have access to the talent pool of graduates from Russian universities, many of which have a reputation for excellence in engineering and technology courses. But it still has difficulty in finding enough of the best, and on occasion even loses them.

According to Kaspersky, one employee had to re-locate to another software company as it became too distressing to stay on the good side of the malware war, once he found out how much some criminals were making.

That's a pretty extreme example, of course, but what is true is that competition for the best of the best is fierce. Kaspersky also has a bit of an advantage over some of its competitors, however, because of its reputation, VP of R&D Nikolay Grebennikov told me. It is well-known in the industry for innovating, and supporting its engineers with whatever projects they might find it necessary to undertake, so it has garnered a good reputation among the security researcher community. Things get done, in other words, and with the recent creation of the Global Research and Analysis Team (although most security vendors have something like this already) there is yet another lure to tempt potential white hat recruits into the Kaspersky ranks.

December 5, 2008 | Permalink | Comments (0)

Internet and messaging security firm Websense has uncovered its first Christmas virus scam, and we aren't even out of November.

The scam, which is so devilish it can only have come from the Grinch, offers a lucky email recipient the chance to feel like they have the sort of friends who send out tedious e-cards, but has a nasty little payload.

Yep, apparently some swine has spoofed a reputable firm's type of message and put a stinky pile of malicious code in the back of it. Websense said that a URL within the postcard leads the recipient to a .exe file. If downloaded, this creates a backdoor on their computer which allows access to and control of the compromised machine. And all this from a Christmas message celebrating the season of goodwill.

However, it's difficult to not be dismayed with the type of person who would be conned by such a virus. "During the install process an image called xmas.jpg is displayed to the user as a distraction technique," Websense explains. A distraction technique - what are they, monkeys? It's amazing the impact a picture of some elves in Santa's grotto can have on IT security best practice.

Author: David Neal

November 28, 2008 | Permalink | Comments (0)

Some of the advice on offer at security events is interesting, thought-provoking, pertinent and pretty useful for those working in the IT industry; and lots of it is grandmother-sucking-eggs type stuff. And yet it still apparently needs to be said.

At the ISSE security show in Madrid this year, which has always claimed to have one of the more discerning audiences on the security conference circuit - ie the great and good from the information security community - one or two presentations fell into the later category.

Case in point. A presentation on SME security by a researcher from Cardiff University told us that SMEs aren't very good at security. Well, to be fair there was a little more to it than that.

Specific points raised from the research were that very few small firms have requirements in place for security; few test their backup data, even if they actually back up; and most tellingly, only around a quarter said they actually know what information assets they have.

A bit worrying, especially when you consider that SMEs employ about two-thirds of the workforce and contribute in total more to the economy than large organisations.

And then the more useful stuff for security chiefs. Many in the security industry get a lot of value from sharing best practice, looking at the things their peers are doing that have proven to work.

And so Roland Muller, corporate information security officer from Daimler Financial Services, explained the value of security assessments in a multinational organisation. To put it simply: they're very valuable. But the key points Muller made for anyone wanting to do similar were:

1) Get management buy-in for any security assessment scheme.

2) Link the scheme to international standards, rather than a local approach.

3) Maintain regular contact with management and local security guys: "The people who are always the victims".

4) User education is vital: "Policies are written by security guys for security guys. You need a simple way to bring the message to people," Muller said.

October 8, 2008 | Permalink | Comments (1)

You won't believe what people leave on the back seat of black cabs!

What's that? Oh. You would believe it? Because you have forgotten things in the past, and it is actually a fairly common thing? Ah, well. Never mind that now, because just in case you personally have never left an artificial leg, aunt or sticky deposit in a cab, a technology firm called Credant Technologies has done some research into what people do leave behind.

Surprise, surprise that the small, fall-out-of-pocket-sized mobile phone is a fairly regularly forgotten item. A "staggering" 55,843 mobile phones have been left in cabs over the last six months, just in London. That's enough to fill something rather large, or perhaps 12,000 taxis - frustratingly, we can't be sure without having access to this mountain of gadgetry.

Still, when compared to the number of other items left behind, lost mobiles beat all comers.

Twelve dead pheasants? Artificial limbs? Hop off, you can't compete with the mobile army. And as for false teeth - there would have to be a lot of sunken jaws in the metropolis if they are to be seen as serious competitors.

Apparently Credant surveyed 300 cabbies for the research, which has something to do with a security software solution it offers. But we can't help but wonder if they mean 300 drivers polled during expenses-funded rides to and from any number of "let's go to the pub and think of another survey" brainstorming sessions.

We would give them a call, but we've all just come back from the pub in a cab, and yeah... that's right, we can't be bothered.

Author: David Neal

September 16, 2008 | Permalink | Comments (0)

And lo there was a great wailing and gnashing of teeth in Apple headquarters. Is this called the big apple maybe? Less than 24 hours after the firm had fixed a ‘security hole’ that let people, quite reasonably, play the music they had paid for on any devices they want – not just iPods - the software wizards struck again.

There’s an important lesson here; one that the industry has problems learning. There is no such thing as a foolproof security system. A thousand engineering wage slaves will never be able to outperform tens of thousands of amateurs – people who break such systems for the sheer joy of it.

Expect this story to run and run, with Apple’s next move neatly countered by improved software. This is a race Apple can’t win. Instead it should open its proprietary systems and let music be free.

March 23, 2005 | Permalink | Comments (0)