Well, I came across some really cool content this week that I wanted to share for all of us who help kids navigate the computer. The first cool tip I read about in an article on Cnet is the Google ”Safe Search” tool. (http://news.cnet.com/8301-19518_3-10395112-238.html?part=rss&subj=news&tag=2547-1_3-0-20)

Users have always had the ability to tweak Google search returns so they don’t contain adult content. The problem was that kids could change the settings. Google has changed it so that you can now lock in the settings using your password. A feature that I think is cool is that you can see from across the room if it is still on while your kids are surfing because there are large colored balls that show up on the top of the screen. How cool is that?

Though it is not foolproof since the kids can shut it off if they figure out your password (another reason to nix the post it notes on the front of the computer), I think this is a great option for those that need a filter but don’t want to use a parental management tool such as MFP. It also is great for those folks who don’t have kids themselves but may have some kid friends that come to visit.

To install go to http://www.google.com/preferences, choose an option under “safesearch filtering” such as “use strict filtering” then choose “Lock Safesearch”. Note, you will have to do this in each browser you use on your computer, i.e. Firefox, Internet Explorer, Chrome, etc.

(Note This will not work if your kids are old enough to have email and use Gmail for their provider. In that case I would strongly suggest using a product like McAfee Family Protection that will filter everything for you.)

The next cool thing I found is a new update for the Kidzui Browser. I have long been a fan of the Kidzui browser for my littlest “surfer girl”. I love that it opens up in the entire window so she can’t accidentally click off the page and onto my desktop and I also love that it filters You Tube for me.

With the launch of Kidzui 5.0, kids and parents can now share weblinks between Kidzui and Facebook. (http://www.your-story.org/kidzui-launches-new-version-of-company%E2%80%99s-award-winning-kid%E2%80%99s-browser-featuring-new-ways-for-children-and-parents-to-safely-discover-and-share-the-internet-together-55046/) Go to Kidzui.com to learn more about Kidzui 5.0.

Today’s blog pertains to parents mainly, but with the holidays approaching, I thought this may be good for anyone who is expecting child visitors over the holidays. I know how much I would appreciate an aunt, uncle or friend who set up one of these options on their computer for my kids so I could relax on Thanksgiving Day – Delicious!

Stay safe!

Tracy
cybermom@mcafee.com
Twitter: McAfeecybermum

Where do you start when trying to protect them in cyberspace? Well, you are certainly not alone in asking these questions, so this week and next week I will blog about laying some very important foundations for your family on your quest to protect your kids from these unwanted cyberthreats.

So where do you start?…. Let’s start at the beginning!

Tip 1: Consider where you place your home computer

Position the computer in your main living space and make sure the monitor faces outward into the room so there is no secrecy. Be suspicious if your child quickly changes the screen when you pass by, or is hiding files or disks – someone may have sent them inappropriate or questionable content!

Tip 2: Work together with your kids to set boundaries

Discuss with your child exactly what is OK and what is NOT OK regarding what kind of web sites are appropriate for them, which chat rooms to visit, and what kinds of things they can talk about when online. Only let your kids use monitored chat rooms.

Get to know your child’s online friends as you do their school and neighbourhood friends. Learn to surf the web and chat online with your child so you understand what it is that your child is doing – you might just learn a thing or two!

Tip 3: Stress to your child that they need to tell you if they receive any odd or upsetting messages when online, and that you will not be angry with them or ban the internet as a result.

Make it clear that you understand that they cannot control what other people say to them and that they are not to blame if this happens. It’s so important that they feel they can come to you and talk about their online experiences, good and bad.

Tip 4: Set time limits for internet use and enforce them

Don’t allow your kids to be left alone in cyberspace for long periods of time – this is when they are most vulnerable. Ban late-night use. Parental control software such as McAfee’s Family Protection software enables you to enforce the time limits your family has agreed upon.

Tip 5: Make it clear to your child that people in chat rooms are always strangers, no matter how often they chat with them, and no matter how well they think they know them. They should be told that people can lie about who they are, and their new friend may be a 40 year old grown up instead of a 13 year old girl!

Open, honest and frequent talks with your kids about their online experiences, good and bad is so important when it comes to protecting your kids from online threats. And while some of these tips might sound blaringly obvious, I wonder how many or how often we apply them?

Mums (and dads) live busy lives working, studying, grocery shopping, helping with kid’s projects, completing house hold chores… the list goes on, but are we that busy that we can’t take a few minutes to ensure our kids are out of harms way when they’re at play on your home computer? Today sounds like a good day to start. But you can always send me a question or idea anytime.

Moira
Email me at: cybermum@mcafee.com
Follow me on Twitter: Cybermum_Oz

For more information on the 3-4-2 and Reseller Spiff promotions, please visit the “What’s New” section in the McAfee Partner Portal. More information is listed under “Programs and Promotions.”   Partners eligible for the Rebate Accelerator promotion received a direct email and should contact their channel account manager for more information.

As always, do not hesitate to engage me as I look forward to hearing your thoughts and responding to any questions in the comment section below and on Twitter.

Here is my video update on the key areas discussed with partners in New York and Toronto.

In the video, I referenced partner interest in additional resources for selling McAfee services.  To continue that topic, I’ll provide a video conversation with myself and Rob Louks, SVP of Worldwide Services at McAfee. If you have any comments, or questions you’d like us to cover, please connect with me in the comment section below or on Twitter.

Thank you for partnering with McAfee!

At its simplest, out-of-scope means beyond jurisdiction; it means that whatever is being discussed no longer falls under the rules and requirements of PCI. One critical problem is that the brands and the PCI Council giveth and they can taketh away. In other words, if you’ve started sharing some, for example, tokenized data with marketing because a temporary out-of-scope ruling makes you comfortable doing so, you may find it almost impossible to undo should that ruling be reversed. Put more philosophically, you won’t likely be able to get the clear-text toothpaste back into the “they’re going to fine me from here to Shanghai, aren’t they?” tube.

The safest route is to somehow identify things that are declared temporarily out-of-scope from those that are permanently out-of-scope. But nothing would likely ever be declared temporary, so that’s rather useless advice. The only wise route is to simply assume that everything declared out-of-scope could later be declared back in-scope.

Standards change, and nothing changes faster than security standards. “We all thought WEP was cool until the data security standard changed,” said Walter Conway, a QSA with 403 Labs.

What’s just about as dangerous as being cavalier with data that may be only temporarily out-of-scope is reading too much into the vague comments coming from various card brands and the PCI Council. Statements have been made hinting that some technologies may be considered out-of-scope.

“If it’s potentially out of scope, I think you’re mad to consider it out-of-scope,” Conway said. “I think you’re juggling razor blades if you treat it as out-of-scope data for PCI purposes.”

Speaking of juggling razor blades, why would IT want to treat data differently if it’s out-of-scope? Just because PCI may not—for the moment—care about it doesn’t mean that various kinds of bad guys might not care quite a bit.

Let’s say you now share those PANs with someone in marketing. And they copy it onto a thumb drive or print it out and stick in a bag to take home.

If out-of-scope doesn’t mean it’s OK to shed security rules, what good is it? The only practical advantage is a cost savings on PCI assessments, to the extent that the newly out-of-scope data represents a material portion of the overall data you need protected.

Tokens are a common target for out-of-scope, but Conway argues that it could prove to be a reckless move. (Tokenization is fine, but assuming it’s out-of-scope could be reckless.) Why? Because anything that could be made unreadable can, in various ways, be made readable again. “Key management is only one way to make something that’s out-of-scope in-scope again. What if someone breaks into the secure vault and steals the key and then comes into your network?”

Another Conway scenario: “The IT staff just picked up a rumor that they’re being laid off and they call and say, ‘Give me these 100,000 tokens for testing.’ You have to ask yourself: My controls, how effective are they?”

Behind a lot of these concerns are real issues about whether the seemingly iron-clad protections that data-breach-victim retailers have had for years—most involving zero liability programs—is starting to fade, with federal judges pushing back.

Also muddying the waters are the claims of various security vendors that one approach—coincidentally, almost always theirs—will truly protect retailers, but all of the others won’t. The true decision-makers here—the card brands and the PCI Council—are waffling on these issues, fearful of weighing in on either side. That alone should tell retailers all they need to know about whether it’s safe to trust any out-of-scope declaration.

Out-of-scope declarations are a great concept, and if they happen and can be used to lower your assessment costs, that’s wonderful. But if you start treating data as out-of-scope, you may find that out-of-scope could drive you out-of-mind.

Evan Schuman is a guest blogger on the McAfee Security Insights blog. Evan is the founder and Editor-in-Chief of StorefrontBacktalk.com, a global site that tracks retail IT and E-Commerce issues for readers. He also writes the weekly Retail Realities column for CBSNews.com. More on Evan can be read on his author page.

The annual McAfee Virtual Criminology Report has traditionally focused on the methods, targets and behavior of cybercriminals. And yet, as we put together the 2007 report, numerous experts pointed out that nation-states were not only spying on each other in cyberspace, but also developing increasingly sophisticated cyberattack techniques. Since that report was published, we have seen the concept of cyberwar debated more often in the face of mounting attacks and network penetrations that appear to be motivated by political objectives instead of financial gain, making it a stretch to characterize them as cybercrime. We decided to revisit the possibility of war in cyberspace in this year’s report.

Experts disagree about the use of the term “cyberwar,” and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime. We have also seen evidence that nations around the world are ramping up their capabilities in cyber space, in what some have referred to as a cyber arms race.

If cyberspace becomes the next battleground, what are the implications for the global economy and vital citizen services that rely upon the information infrastructure? What should those of us outside the military do to prepare for the next wave of cyberattacks?

Finding answers to these questions was not easy because much of this discussion is only happening behind closed doors. We believe this veil of secrecy around cyber warfare needs to be lifted. There is little doubt that the impact of cyberwar will extend beyond military networks. As our dependence on Internet technology grows, so does the need for thoughtful discussion on political conflict in cyberspace.

This year’s Virtual Criminology Report highlights the complexities and potential consequences that arise when political conflict goes online. Our hope is that the report will help encourage and frame a global dialogue on protecting our digital resources from the scourge of cyberwar.

Given that Microsoft itself recommends anti-malware for Windows 7, this back-and-forth seems to be a moot point. What is still up for debate is the relationships that security companies are going to play with regards to Microsoft’s product.

Microsoft has five business segments: Client, Server and Tools, Online Services, Microsoft Business Division, and Entertainment and Devices. Security is part of the Server and Tools division . While Microsoft has made progress in augmenting its operating systems with some security features like SmartScreen, BitLocker and AppLocker, these additions are usually evolutionary in nature and focused on securing Microsoft products only and not customer data as a whole.

Security is not a zero sum solution. Customers are looking for complete protections against the known and unknown malwares, data loss, intrusion prevention, … You can read more about McAfee’s view on whether Windows 7 changes the security equation in a brief white paper.

At the end of the day, security is an essential part of everyday digital life, especially when it comes to computers. What large security companies such as McAfee bring to the table is a dedicated security focus. In a sense, these companies complement Microsoft by letting it do what it is best at (developing an OS or application) and taking care of what they do best (securing these applications).

“The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.”

The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea.

Predicted to launch in 2010, a major initiative to review and strengthen the EU information security policy is in plan according to Reading, along with initiatives to consider emerging challenges for privacy and trust in the information society.

If this comes to place, it will bring the same kind of rigid requirement to report loss (or possible loss) of PHI and PII within Europe that is present in 48 US States today, and will further help companies both understand the risk of loss of PII, and will help consumers by giving them the choice to not do business with organizations known for having a lapse or defective stance on data security.

Remembering that PII information belongs to us, and not to corporates is a lesson slowly (and hard) learned in the USA – it’s encouraging that Europe is rapidly catching up.

Commissioner Reding made some firm comments regarding data protection:

“A key principle of EU data protection law is that those who process personal data have to take the necessary security measures to counter the risks to this data… when a security breach happens, the operator will have to inform the authorities and those citizens who may face harm.”

“It is absolutely essential that we find the right European responses to the concerns of European citizens about their fundamental rights to privacy and data protection.”

You can read the full text of Commissioner Reding’s speech on this matter from the EC.Europa.EU site.

Though we’ve had encryption products since the acquisition of SafeBoot in 2007, and those products have been deployable and reportable in ePO from soon after that – Endpoint Encryption for PCs 6.0 marks the first time that the total management and reporting of full disk encryption for PC’s has been available within our single-pane-of-glass strategy.

I am obviously really excited by this – not only does it lower the bar for adoption of full disk encryption, it means the 80% of Fortune 5000 companies who are currently struggling to be compliant with the 4,000 or so global laws and regulations covering the breach and disclosure of personal data, today have a very easy solution available to them.

For our valued McAfee customers who already have ePO in place, adding encryption technology now is just another plugin module, no new infrastructure, no new servers or hardware, and minimal new learning. I won’t go so far as to say it’s plug-and-play, but it’s damn close.

As one of the 217 million American residents in 2009 alone who’ve had their identity disclosed by a data breach, anything which makes securing my personal information is a good thing, and reducing the complexity, cost, and management overhead of technology always makes it easier to adopt and deploy in the corporate environment.

I hope over the next few weeks to be able to tell more about the success of this new platform, and how it’s changing people’s perception of how easy it is to secure our personal information. The product team certainly have some great stories to share.

Imagine my dismay when I see an article with a picture of my favorite Farmville in Time magazine that says “Are you getting scammed by Facebook Games?”
(http://www.time.com/time/business/article/0,8599,1935698,00.html)

Alas! The story doesn’t end with Farmville. The company that created it, Zynga, also created Mafia Wars, Café World, Yoville and Roller Coaster Kingdom. Chances are if you yourself don’t play one of these games, you know someone who does. According to the Zynga website, they have 50 million daily active users.

Here is how the game works:

You start Farmville with a plot of land and a small amount of virtual money. You earn more virtual money by tilling the land, growing crops and taking care of animals.

If you want to progress faster in the game, you can also purchase (through credit cards and Paypal) more virtual money. If you don’t wish to use a credit card, you can sign up for a promotion.

The scam comes in when you choose to participate in a survey in exchange for virtual dollars. When you complete the survey, they ask for a cell phone number to send the ”results”. There is no mention of the $9.99 per month “service” fee they are going to charge your cell.

My thoughts immediately go to all the young teens who don’t have a credit card but have a cell phone and might fall for this trick. Then I think of all the people I know who might not be very computer/scam savvy and may fall victim. The truth is that these online games are created by revenue based companies. It is important to keep that in mind when you play and explain this to the young people in your life.

This Techcrunch.com article by Mark Pincus (CEO of Zynga) said (on video), he did anything for profits in the formation of his company including giving virtual poker chips in exchange for a toolbar download which he said, he “couldn’t get rid of it (the toolbar)”. http://www.techcrunch.com/2009/11/06/zynga-scamville-mark-pinkus-faceboo/

According to the Time Magazine article, Zynga is doing everything in their power to be on the up and up and “has raised its BBB rating to a B+ from an F” in the past year which is great to see. Facebook and MySpace both say “they monitor all applications closely and have suspended companies that violate advertising protocols.” (Read more here: http://www.time.com/time/business/article/0,8599,1935698,00.html#ixzz0Wg2B2kaK)

I will still play my favorite games on Facebook, but I never “pay to play” and never click on ads or offers. I have told my kids to be careful of too good to be true offers. I also am very careful to keep my antivirus set to update automatically and use McAfee Family Protection to make sure my teens don’t give out their cell phone number online.

Cybermom’s Tips of the Day

1. Whenever you make purchases online, make sure that the Web site has encryption. If it is safe, it will display a closed lock in the Web browser – either top or bottom of the page. You can also check the Web address; it should begin with https:// if it is secure.

2. Never respond to an e-mail that asks you to validate or confirm any of your personal or account information. This could be a phishing scam. Contact the company directly if you are wondering if the email is legitimate.

3. Create a strong password for your Facebook account and all other accounts using a combination of letters, numbers and symbols. Example: password=“Pa$$w0rd”, apple=“@ppl3”, doggone=“d0gg0n3”

4. Make sure your anti-virus software is up to date(current subscription, correctly installed, set to update automatically) in case one of these online games contains a virus.

5. Remember these game companies want to make a profit. If you aren’t paying to play the game, how are they making money? Ads on the site? Offers? Be careful what you click on – if a deal sounds too good, it probably is.

If you have been a victim of this scam, will you please write to me? Send an email to cybermom@mcafee.com.

Tracy
@McAfeeCybermom