This came up at our discussion at ISSA on Thursday so I thought I’d mention it.  Gizmodo published a great article about the problems with passwords.  Couldn’t agree more.  They mention tools like 1Password which is a great app that stores passwords and gives people a shot at creating complex passwords.  I hope we’ll start to see better options for authentication at home.  If you know of some other tools, let us know.

About a month ago my daughter asked if she could sign up for facebook.  A couple of her friends had just done it and she wanted to be a part of the fun.  My reaction surprised me;  I didn’t immediately say no.  That took whole hours.  I started investigating it, looking at it as a parent first.  Of course the first message I sent was to Dave, asking for his opinion.  What follows are some observations and a lot more questions.

The first issue I discovered was that facebook has a policy that requires you to be over the age of 13 to use the service.  (My daughter is…not 13)  Of course kids lie and sign up with or without consent of their parents.  I began to realize that dealing with facebook with a kid is a tough problem:

• Letting an underage kid sign up means you’re agreeing to break rules with your kids
• Not getting them signed up soon enough may result in creating pressures that will encourage them to sign up without your knowledge
• Not letting them sign up wont allow them to build skills that will eventually be necessary

Beyond Facebook, some of the sites I looked at:

Webkinz (web site that accompanies the stuffed animals)

Togetherville (Most promising site in my opinion, links to Facebook for parents)

(I also looked at Kidswirl and Whyville and several others but wasn’t impressed.)

Other resources:

The Online Mom is a great website with a lot of articles that cover opinions on a wide range of ages.

This is still a work in progress and we’re interested in your thoughts.  How would you recommend approaching this issue?  What additional sites are you looking at for kids and what online resources have been helpful?

Thought I’d take a minute and send out a reminder about an annoying but necessary topic:  Patching.  There are quite a few patches that have been released in the last few days.  Microsoft, Adobe and Apple are all addressing some serious security issues.  So…Please take some time to update your systems.  It will reduce the likelihood of identity theft and other horrors.

1:  Microsoft OS.  Use the Microsoft updates link in Internet Explorer or visit the Microsoft Update page.  There are approximately 34 updates that are required.  Grab a coffee and sit back.  It takes a while.

2:  Adobe Flash player.  Adobe has been experiencing some serious issues recently and there’s a new one out.  You can either check for the updates button within the adobe applications or visit their website here.

3:  iPhone.  This one is a large download too.  You can access this by connecting your iPhone to your system and in iTunes, select your iPhone.  In the summary page click on the “Check for Update” button.  Instructions are here.

Patching is something many people avoid or ignore.  Treat it like mowing your lawn:  Do it with a beer and it’ll seem like less of a chore.

We’ve been exploring the issues we’re facing in social media and Dave and I have been talking about how we got here. One of the common issues we continue to see are links that claim to give access to a resource of interest, when in fact it’s a link to a piece of malicious software (malware).

Thinking back to how we got here, I recalled the first time I accessed a resource on the Web. It was with an early browser called Lynx. I went to a website and clicked on a link to a map of a building. Except, the browser couldn’t render the image file, I had to download it and open it with another program. The crude nature of this process made it very clear that the file I was accessing, picture.gif, was exactly that:  an image file.

Today, we access the same resources through increasingly confusing naming conventions. We used to tell people to pay attention to the URL they’re accessing. Today many of these addresses are encoded so that it’s impossible to discern what they are or where they’re located. When we started using Twitter, we had limited character space so we started to shorten the URLs, obfuscating them further.  This has made it very difficult to give guidance to people about safe practices in regard to URLs.

It’s still important to look at the links you’re clicking on and make an effort to determine if the destination appears to be legit.  www.gmail.ru is probably something you shouldn’t trust.

I’m not sure anyone is working on a solution for this and it’s probably going to get worse before it gets better. In the mean time, pay attention to the things you CAN recognize:

• Microsoft’s page on recognizing malicious URLs
• My favorite:  Carnegie Mellon has comic strips and a game to teach how to recognize phishing links

Do you have thoughts about how to improve the issue with URLs?  Do you know of anyone who’s working on this?

Please and thank you?  Microsoft has had some serious security issues over the years but recently there have been several problems that are so severe that they’ve had to release a fix outside of their normal schedule.  This is a pretty radical step since this causes companies (not to mention the rest of us) to spend time and resources that we hadn’t planned for.  Today, Microsoft released another out of cycle patch for Internet Explorer.  There have been a growing number of attacks that are exploiting this vulnerability.  I would recommend that you update with this patch as soon as possible so you can get back to Dave’s great series on scam spotting