Probably not a big deal in the broad scheme of stuff to beware of, but with Christmas looming, a Barbie Doll that can record its surroundings is probably something parents should at least be aware of.

Recently the FBI issued a cybercrime alert on a new item in the popular Barbie Doll collection.

This doll has a video camera lens built into it as an ornamental necklace, and there’s an LCD screen in its back. Neither are immediately apparent (the screen at the back is under her clothes). The camera can record up to 30 minutes of footage which can then be downloaded to a computer via a USB connection.

The FBI accidentally circulated the alert to the media, when they actually intended it to only go out to law enforcement agencies. Apparently the purpose of the alert was to advise officers not to overlook the doll during any searches and/or investigations.

Although there was the suggestion that the doll could possibly be used to produce child pornography, they did say that there had been no reported crimes to date.

Sounds like a pretty cool toy, it’ll be very popular, and I venture to suggest that the risk level is pretty low. But it might be wise for parents to restrict the doll to the home or other controlled environments.

It should be obvious to all that technology with the potential for privacy invasion is going to become much more common in our everyday lives. For the most part, knowledge of its existence is adequate protection. There is no need to deprive ourselves (or our children) because of some perceived potential for misuse in certain circumstances. There is an important difference between potential and actuality.

Click here for a look at this new Barbie

What’s YOUR opinion of toys like this? Click here and share your thoughts in the Comment Box at the bottom of the page.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Way back on February 19, 2010, I published a blog article titled “Schools Spies On Kids — At Home!”. If you didn’t see that article at the time, and if you are at all concerned about your privacy, I suggest you CLICK HERE to take a quick look at the story now.

Now eight months later, it has just been announced that the school involved has settled with the victims to the tune of US$621,000.

My purpose in bringing this up again is the same as it was in February, and that is to remind you that there are many ways your privacy and security can be compromised.

Nationwide, identity theft has risen dramatically and consumers should be diligent in protecting their personal information.

It’s not paranoia if they’re really after you …

And believe me, there is no shortage of deviates, fraudsters and other assorted crims who are just itching to do you harm in one way or another.

YOU are responsible for YOUR OWN safety, and becoming a regular reader of this blog give you a head start in that direction. Also, you might consider doing your relatives, friends and associates a favor and referring them here also. Just tell them to browse to www.CAOS.nu. That’s a shortcut that will bring them right to this blog.

For more information on the School’s settlement check out this CNN article.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

How do you safeguard your privacy and security in the all too public social networking scene?

That social networking sites have become a raging phenomena is all too obvious. As of this writing Wikipedia has 179 entries in its “List of social networking websites“.

Seventy-nine of those claim memberships in excess of one million and thirty-nine in excess of 10 million. At the top of the heap membership numbers are astronomical — in excess of 100 million and up to 350 million.

Oh, and if you consider yourself fairly familiar with the “Internet social scene”, I think you’ll be in for quite a surprise when you check Wikipedia’s list, because I’ll bet you weren’t aware of the existence of even a fraction of them.

While we tend to think of social networking sites as a recent development, many of these entities have been around for quite a few years — much longer than the term “social networking” itself. Take a look at the top five sites listed by Wikipedia:

Those figures are for registered users only and don’t include visitors. Whichever way you slice it these sites command the attention of very significant numbers of people all over the world.

Which brings me to the point of this article…

Vermin Loves a Crowd

You see, it’s the nature of the beast that any large congregation of people is a magnet for crims and scam artists. If you accept that proposition then you might reasonably assume that a virtual congregation is no different in that regard to a physical one.

But you’d be wrong!

The virtual herd, especially those who flock to social networking sites, are comprised of very different cattle indeed. Let’s look at an example…

At a rock concert, a shopping mall, a rally, a sporting venue or a protest march, you won’t find everyone handing out flyers with their photograph, name, birth date, zip/postcode and comments about their work/social/love life. Why not? Because any fool would be aware that that sort of information can be used against you. You just don’t hand that sort of information over to strangers in public.

Yet that type of information sharing is quite common on social networking websites!

Organized Crime

Many members can’t wait to expose every detail of their lives to all and sundry. Even a fraction of that information is sufficient for a competent criminal to start building a profile on you, the ultimate detail of which would leave you dumbfounded!

And make no mistake about it, organized crime is not just making inroads onto the Internet — they are already there in full strength, with competent programmers and researchers on their payroll, and identity theft as a major money-spinner.

There is so much information available about individuals online — more often than not information that they willingly provided for all the world to see — that financial institutions are having to rethink how they will ask customers to identify themselves. The old favorites of date-of-birth and mother’s maiden name are now rarely used by security-minded enterprises, because that sort of information is frequently very easy to come by.

Online banking fraud and Internet shopping fraud are both up significantly on previous years and still rising, hence the search for more secure methods that aren’t susceptible to derivation from publicly available information. Personal pin machines are already a reality and, in the absence of something better turning up, could eventually become mandatory for all online transactions.

British banks seem to have been leaders in implementing this technology, with Barclays, NatWest and Nationwide sending out some 6 million devices free of charge to customers in 2007 alone. Designs vary, but a common type requires that users insert their credit or debit card into the device and then a number (typically eight digits) is generated. The customer must type this number into a field on the transaction web page before the transaction can be processed.

All the major social networking sites are aware of the information exposure problem, but it does sometimes seem that their efforts are aimed more towards limiting their own legal exposure than to educating their members and implementing systems that protect those users from themselves.

Our Own Worst Enemy

Even so, I’m not sure how much we can blame them, when so many people refuse to apply the most basic common sense in their dealings with complete strangers in the virtual world. After all, a “friend” on a social networking site is nothing like the real-world friend you have personally interacted with for some time and with whom you have developed a direct, one-on-one personal relationship. Instances have been well reported in the media where the cool, chatty 14 year-old boy met online and invited round to listen to music turned out to be a middle-aged pedophile.

The frightening thing is that the victim doesn’t even have to give out his/her address in so many words. With the answers to a few apparently innocent questions the predator, whether a sexual deviant or an identity thief, could soon dig up everything he needs to make physical contact or successfully impersonate his target.

But I digress, because a sexual predator is more inclined to use different tools to the identity thief. For the latter the garrulous denizens of social networking sites make every day like Christmas.

Enjoy, but Stay Alert

If you’ve subscribed to my musings for any length of time you’ve heard it before and I guarantee you’ll hear it again:

The first line of defense is the human brain!
Keep it engaged when online.

Don’t get me wrong; there is no need to avoid social networking sites — that’s not what I’m suggesting all.

By all means enjoy whatever it is that your favorite social networking site has to offer for you. But for goodness sake be circumspect about what you reveal of yourself. Be aware of the problems you can create for yourself, or that your children can create for you and themselves. Almost all such problems boil down to revealing too much personal information.

In most cases your real name together with either your zip code, city or state is more than enough to reveal your full physical address and phone number, because other resources, such as online phone books, are also very good at what they do.

Once an address is established, or even an approximate location, the area can be checked out using online maps. Depending on where you live, it may even be possible to get a look at your house from the street, without ever leaving the computer. Ever looked up your address on Google Maps? More and more street level views are being added all the time. This is all very useful information to someone with iniquitous intentions.

Your date of birth, obviously an important part of your identity profile, consists of three parts: day, month and year. If you announced to the world that it’s your birthday, you’ve just given away two-thirds of the answer. Your photograph will narrow down the year to a manageable range and a couple of “Do you remember when…” questions can do the rest.

What about that hot V8 or lovable little mini that’s the light of your life? Got a photo of that online? With registration plate in full view?

Get the point?

If gabbing to other mouse-trap collectors for 12 hours a day is your thing, all well and good. Whatever makes you happy. What I’m concerned about is that you don’t put out too much cheese and attract rats you can’t handle.

In part two of this article I’ll discuss ways to improve the protection of your social networking home page. In the meantime, remember…

The first line of defense is the human brain!
Keep it engaged when online.

Wikipedia’s “List of social networking websites”

Google Maps

Related articles:

• Social Media Demographics: An Analysis of the Leading Sites
• Refrain Giving Information on Net to Prevent Identity Theft
• Fan Pages on Facebook: I Set Up Mine, Do You Have Yours?

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Is the Internet censorship filter proposed by the Australian government really about protecting children, or is it just a politically motivated waste of money and resources?

I keep seeing in various magazines and newspaper articles, letters to the editor and suchlike, people declaring themselves in favor of a government mandated Internet filter implemented at the ISP level.

Invariably their position is that the government’s line of “protecting children” can only be a good thing.

Rather than condemn these people for their belief we should be striving to educate them. They either have no knowledge of the situation and are simply taking protection at face value or, more likely, they are amongst the many who have been conned by the the lies, obfuscation and misdirection that have emanated in a steady stream from the office of the Federal Communications Minister.

Many thousands of gullible people have fallen for a carefully woven and very intentionally devised fabrication.

It is neither commonsense nor logical to introduce an extremely expensive scheme that simply cannot provide the protection that is claimed for it, yet that brings with it many negatives. Every technically aware person in this country knows that to be the case, and thousands of them, from top-flight IT professionals on down, and from both sides of the political divide, have done their best to convince a pigheaded communications Minister of this fact.

The well-publicized shortcomings of the proposed filter are far from speculation. The results of the recent tests conducted by ISPs under the government’s direction revealed a very different picture to that which the communications minister and his spin doctors have put forth.

Consider also that every single participant in those tests (the ISPs themselves) acknowledged that bypassing the filter will be relatively simple.

In the early days only a few technically able Internet users will know how to bypass the filter. But in a very short space of time these techniques, which are trivially simple to implement, will become common knowledge and widely used.

Further, the tests themselves were a complete sham, as they did not assess real-world conditions in relation to bandwidth and traffic volumes. The government deliberately mandated that the tests be conducted at speeds below those available right now, and significantly below those to be available under the proposed National Broadband Network.

It is abundantly clear that this filtering plan is much more about politics and control than about child protection, and that it actually introduces a new danger of its own.

Thanks to Sen Conroy’s lies, half-truths and unsustainable promises parents, carers, teachers and all manner of people who have responsibility for children will be lulled into a belief that their charges are protected, while in reality that will be far from the truth.

Sen Conroy has precious little support for his plan from any significant community group — not even from most child protection agencies and religious organizations (so often the unrepresentative vocal minority), and certainly not from the technical intelligentsia.

So before you speak out in favor of this ridiculous filter on the grounds of “child protection”, please educate yourself to the real facts. Follow the links below for more information. Conroy is doing his best to hide the truth and wants you to ignore those facts that he can’t hide. Never forget that this man is a politician first and foremost, and the only “truth” he is bound by is that which serves his agenda.

Oh, and one final thought: Who do you think are going to be the first to run a Google search for terms like “bypass Internet filter”?

It’ll be the kids of course, and they’ll find all the instruction they need. Checkmate, Stephen Conroy.

Related articles:

• Net giants query Australia filter
• Australia plans Chinese-style internet filtering
• All you need to know that the Australian Governments Censorship Plan is Bollocks (and more)
• Curiouser and curiouser: Aussie gov censors the censorship news
• Oz censorship debate censored on Comms minister’s website

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Yes, you can be spied on through your own webcam! Let this true story be a lesson in how otherwise fun and useful technology can be turned against you if you don’t stay constantly alert.

A Philadelphia School district is facing a class-action lawsuit bought by parents of its high school students.

In 2009 the Lower Merion School District issued  laptop computers — all factory-fitted with webcams — to its high school students. Commendable and progressive, no argument there.

Now for the “What what on earth were they thinking?” part of the story…

The computers were configured so that the webcams could be activated remotely by the school. See where this is going?

When I say “the school”, obviously I mean one or more persons at the school. As far as I know the individuals directly responsible haven’t been named yet, but lawyers representing the incensed parents have aimed their class-action suit at the school district, members of the Board of Directors and the Superintendent. Not specifically named, as far as I know, is the person who, by an act of sheer stupidity, let the cat out of the bag.

How Dumb Do They Come?

Apparently the Assistant Principal of Harrington High reprimanded a student for “improper behavior in his home” and presented a screen-shot from the WebCam built into the boy’s laptop.

Now, quite apart from the legal and security breaches, should anyone with an IQ low enough to try a stunt like that be entrusted with the education of children?

You would literally have to be as thick as a brick to think that (a) such action would be viewed as acceptable by the law and the community, and (b) that you would have any chance at all of getting away with it.

The school district has placed a response on its website, but their reasoning doesn’t stand up to inspection. Quote:

“The tracking-security feature was limited to taking a still image of the operator and the operator’s screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.”

Apparently the last sentence is completely false, hence the lawsuit. And as for the rest, well, a mugshot of the operator might be of use in prosecuting a thief if he could be identified and apprehended, but neither a screen-shot nor a photo of the operator is going to be of much assistance in actually locating a stolen computer.

This revelation raises another question…

Just how widespread is computer surveillance by schools?

On the surface the video below is a feel-good story about how the application of available technologies has been life changing for the students at one particular school.

But pay careful attention at the point starting at 4 minutes 37 seconds into the video. That teacher is using a remote desktop facility to eavesdrop on the screen of a student’s computer, including what the webcam sees because she has it running. Don’t you find the potential for misuse just a little bit disturbing?

Protecting yourself

As you might expect I’m extremely careful about all aspects of my computer security, and I believe the likelihood of anyone being able to take remote control of my webcams is very low.

Even so, when they’re not in use my desktop WebCam is turned to face a blank wall and the camera lens on my Netbook is covered by a strip of paper.

Now you might well ask “Why not just disable the webcam”? Good question.

Most webcam software is configured to load ready for use on Windows start up, then you or some appropriate applications software actually starts the webcam running when required. And as I’m sure you can see, therein lies the potential for abuse.

Even if the webcam software is not loaded ready for use during Windows start-up, there is always the possibility that an interloper or some malicious software could initialize it. So the best precaution is to not load the webcam software during the Windows start-up, and also to ensure it can’t see anything “of interest” if it is running, until you want it to. It’s a simple matter to click a menu item or double click an icon to load the software when you need to use it.

Related articles

• Full text of the class-action suite case filing (PDF)

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

First the UK government announces it is going to record and store everything about everything you do, then Australia reveals its Great (Chinese-like) Firewall plans, and now it’s the Yanks’ turn.

Back in November last year I published an article entitled “Right to Privacy? Hah!“  The opening paragraph went like this:

“This is a story about something positively obscene that is occurring in the United Kingdom. But if you think something similar, to some degree or other, isn’t planned for you right now, wherever you are, then dream on — be happy in your ignorance.”

Well, it didn’t take long for me to be proved right about the imminent spread to other nations of this insidious Big Brother disease.

It’s not really a new idea by the US overlords. It’s been on the back-burner for several years, amazingly without receiving much media attention. I suspect that most reporters just didn’t know what the bureaucrats were talking about when they mumbled “blah blah data retention blah blah”.

I doubt it would come as a surprise to anyone that the American alphabet agencies have become a law unto themselves in covertly practicing pretty much complete disregard for the communications privacy of individuals. The main difference now seems to be that they wish to enshrine into law their right to know all about everything you do online.

Making the ISP responsible

Like the UK, American law enforcement led by the FBI is pushing to force Internet Service Providers to record all of their customers’ online movements and to retain that data for up to two years.

This is inevitably going to be a cost on the ISP, and guess who they’ll be passing that cost on to!

Previous revelations along these lines have all been a bit vague, but just days ago FBI Director Robert Mueller made it plain that he wants all ISPs to keep complete records of your online activity. The FBI is supported in this quest by Homeland Security and all State computer crime investigators.

But unlike the UK, the FBI is not requesting that content (such as the actual body text of e-mails) be recorded. For now they just want data on your movements from site to site. Emphasis on “for now” — ever known a government to be satisfied with its current level of intrusion into your life? There’ll be creep, and you know it.

Of course a lot of complacent citizens will be quite happy to accept that whatever an agency such as the FBI does will be in the best interests of themselves and their fellow Americans. If you’re one of those people then perhaps you need a reality check, so read this.

Who’s next?

Oh, and if your country hasn’t been mentioned yet, be aware that the International Association of Chiefs of Police are right behind such moves. Check out this map for an idea of the extent of the reach of the IACP (mouse over the countries ).

Legitimate investigation is one thing, but we must all be on constant alert for unwarranted levels of bureaucratic intrusion. If law enforcement really needs further investigative powers then we must insist that they declare their full intentions openly and publicly and with plenty of time for public debate. Obfuscation with techno-speak (“data retention”) that is beyond the understanding of a large section of the community is simply not acceptable.

What do you think? Do you believe this is really about the familiar smokescreen of  “combating child pornography”?

Stay informed about future articles by subscribing to this blog.
The subscription form is top-right of this page.

Related articles

• FBI wants records kept of Web sites visited
• FBI Pushing For 2 Year Retention of Web Traffic Logs
• Report: FBI broke law to get phone records
• Report: FBI illegally collected phone records

• Internet Censorship I [Bill Hely]
• Internet Censorship II [Bill Hely]
• Right to Privacy? Hah! [Bill Hely]
• Conroy’s Folly: The Great Australian Firewall [Bill Hely]
• A Worthy Goal Doesn’t Justify a Stupid “Solution” [Bill Hely]

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Minister for Communications Curtailment, Business Obstruction & Child Endangerment

Sorry folks, as much as I’d like to drop this Internet filter business, more proof of government deceit keeps surfacing. If this story doesn’t wake you up to their real motivations then I’m afraid you are blinkered beyond any help.

As regular readers will be aware, I have repeatedly accused the Australian government of using “child protection” as a bogus excuse to introduce oppressive and inappropriate censorship measures to the Internet access of the Australian public.

It has been my contention that the government’s real aim is not child protection, but to prevent adults from viewing information that they would prefer be kept secret.

The following quote, often incorrectly attributed to Adolf Hitler, succinctly expresses my belief as to what is happening:

“As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.”

In fact that quote originated with one Rabbi Daniel Lapin, in a fictional letter written from the grave by Hitler. But the words ring true and the ruse is currently being used by the Australian government to justify the implementation of Internet filtering and censorship.

In reality it’s not child exploitation or abuse they are interested in, not pornography, not hate or terror. What they are really trying to restrict are exposures that would adversely impact the government’s credibility; all the grubby little incidents that politicians and bureaucrats generate by the thousands and do their damnedest to keep secret. This is entirely political, not moral.

Here’s just one more example of why the “child protection” justification is a crock of crap. On January 5, 2010 there was a small article in The Courier Mail (major Australian newspaper) which in part read as follows:

A Queensland (Australian state) man caught in an international child pornography sting will be out of jail much more quickly than his American counterparts.

Despite being identified as a ringleader of a group trading in hard-core child porn, council father of three Derek Richard Mara, 30, was ordered to serve just 32 months of a six-year term.

A Victorian (Australian state) man also involved in the network known as “The Group” was sentenced to just 15 months jail.

In contrast, 14 Americans are all serving sentences of between 13 and 30 years. One was also ordered to pay $3.2 million restitution to one of the child victims despite never meeting her.

Does that inequality of sentencing not disgust you? The thing is, I’ll bet you won’t find a single American (with the exception of their fellow deviates) complaining that the US pedophiles have been dealt with too harshly.

Now I’m not a lawyer, and I don’t claim to have any real knowledge of the law, but my research indicates that under Australian Commonwealth law the crime of “producing, possessing or supplying child pornography” carries a maximum penalty of 10 years. Yet it seems that Mara’s 6 years is the longest sentence ever dished out under commonwealth law for that particular offence. And as if 60% of the maximum isn’t disgraceful enough, he only has to serve 32 months of it.

Is that a government acting against predators in the best interests of children and to the expectations of society in general?

On the other hand it would seem that the US government, which (as far as we know) is not currently planning to introduce an expensive, damaging and useless Internet filter under the guise of “child protection”, is genuinely serious about cracking down on predators.

Equally as obvious is that the various Australian governments aren’t nearly as concerned.

So again I ask: What is the real goal of the Great Australian Firewall? You are free to decide for yourself, but I can’t for the life of me see how you could possibly arrive at the answer “child protection”.

Australian lawmakers, hang your heads in shame.

Stephen Conroy, extract your head from your nether regions. Those of us who are already awake to your deceptions fully intend to do our best to educate those who, through technological naivete, are inclined to believe the rubbish that comes out of your office.

Related article:

• Aussie net filter satire site back after domain deletion

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

I’ve posted several times on plans by the Australian government to introduce mandatory Internet filtering at the ISP level. Since these plans first came to light it has become quite clear that one of the biggest obstacles we face is uninformed contributions by technically ignorant people, especially people who have some degree of influence over the thinking of others.

Would somebody please explain to me why the “professionally religious” always seem to feel the need to attempt to mould the opinions of their followers, regardless of the topic, and regardless of whether or not they have any specific expertise to backup their position.

Recently a major Australian newspaper published a Viewpoint article by one Ruth Limkin, described as a “pastor and writer”. The general gist of Limkin’s article was wholehearted support for the proposed filtering/censoring legislation. The arguments presented by Limkin were typical of those repeated ad nauseam by the technically illiterate expressing wish lists and personal opinions and ignoring facts and practicalities. Such action is all the more harmful, deceptive in fact, when the commenter is someone who could be perceived as a community leader.

Obviously Limkin is relying heavily on the veracity of the assertions made by communications minister Senator Stephen Conroy. Yet most claims relating to the Internet filter that have emanated from Conroy and his office have been at best a misrepresentation of the facts and in many cases a blatant lie.

Some of the main (but by no means all) objections of qualified observers are as follows:

1. Circumventing the filter will be trivially easy. The official Enex report into the testing phase states “A technically competent user could, if they wished, circumvent the filtering technology”, and further “Telstra did not test circumvention, because it considers that filtering can be circumvented by a technically competent user”. What isn’t admitted is that the level of technical competence required is itself trivial, and would in fact qualify pretty much any pre-pubescent old enough to manage a keyboard.It’s an inescapable fact that ease of circumvention and impact on performance are directly related. The only way to reduce performance degradation (a very big concern regarding this filtering regime) is to reduce the security, which in turn simplifies circumvention.
2. The list of websites which will be blocked will be secret and there is no avenue of appeal should your site be inappropriately listed. There have already been numerous instances of inappropriate listing, as has been publicly demonstrated (did a dentist get blocked because of his root canal work?). How can secret lists be justified? If the government was confident that its content filter worked there would be no purpose in secrecy, as banned websites would be inaccessible.
3. Law enforcement agencies the world over are well aware that peer-to-peer is the medium of choice for trafficking in the really nasty and unacceptable material, such as child porn. Conroy’s filters will have no impact whatsoever on this traffic.
4. The proposed filters will present no impediment to paedophiles and deviates who use social networking sites such as FaceBook, or any of the tens of thousands of chat rooms, to get access to their targets.
5. Conroy’s big claim that performance will not be impacted by the introduction of a mandatory filter. This claim is misdirection built upon fabrication based upon lie, over and over again. The Labor Government’s much touted National Broadband Network (NBN) promises 100 megabit per second performance, but filter testing contractor Enex was only required to consider the likely impact on the currently available 12 megabits per second system. Yet Enex didn’t even go that far. The report shows that they only ran their tests up to 8 megabits per second. This clearly violates the government’s own already inadequate and deceptive Technical Testing Framework, and produces results that bear no relationship to reality.

That’s not all of the anti-filter argument by a long shot — it would be very easy to fill pages with all the things that are wrong with this plan. Many technical commentators have done just that if you care to search further.

Many facts and arguments can be presented to indicate convincingly that this filtering and censoring plan is not about child protection, but much more likely to be about preventing adults from viewing material which the government would prefer they not have access to.

Australia, you are being conned. Senator Conroy has repeatedly deceived the Australian public on practically every aspect of his Internet censorship plan since it was first announced. How could we possibly take at face value anything that comes out of his office on the subject?

The bottom line is this:

There is no upside to this plan because for very sound technical reasons it cannot achieve its stated aims (which, incidentally, may be very different to the government’s real aims). Every competent technologist in the country knows this.

There is however substantial downside. This country’s Internet capabilities are already far enough behind the rest of the Western world, without stupid people bogging it down still further with stupid implementations.

My New Year wish is that the Ruth Limkin’s of this world either get a sound education in the technology, or cease giving their opinions on topics they know nothing about.

It’s one thing to have an admirable goal in mind, but to realize that goal you must have a practical and workable solution. And this isn’t it.

Wisdom is supreme, therefore get wisdom.
Though it cost all you have – get understanding.
Proverbs 4:7

• Internet Censorship I – by Bill Hely
• Internet Censorship II – by Bill Hely
• Conroy’s Folly: The Great Australian Firewall – by Bill Hely

Related articles:

• Reporters Sans Frontières – Open letter to Australia’s Prime Minister
• Australia Edges Us Towards the Digital Dark Ages
• China arrests 5,000 for internet pornography offences
• China Nabs 5,400 People for Online Porn in 2009
• All you need to know that the Australian Governments Censorship Plan is Bollocks (and more)

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Well, it’s finally out in the open — the duplicity and insanity that we knew would prevail. The clown prince of the Australian Internet regulatory system, Communications Minister Stephen Conroy, has announced that compulsory content filtering at the ISP level is to receive his blessing.

Duplicitous because right from the start Conroy claimed impartiality, and maintained that no decision would be made until thorough testing had been carried out, and the Australian people had been consulted. Yet all along his real intent has been plain to anyone following this sorry saga.

Conroy in particular, and the Australian government as a whole, know full well that there is negligible informed support for this ridiculous scheme, yet he has chosen to pig-headedly steamroll ahead regardless of what the majority of Australian voters think.

Even the usual coterie of fringe element ratbags, the Big Brother, mind-your-business-for-you crowd, have given him the thumbs down. But that won’t stop Steve — he knows exactly what’s best for everyone else.

What unmitigated arrogance!

We may all only have one vote, but some of us have long memories and very loud voices.

Australian readers, please take a moment to go to this webpage and send your thoughts to Senator Conroy via the web form made available there

I also urge you to read the right-hand column of that page and click the link to the fact sheet on Conroy’s plans for a Great Firewall of Australia.

And to our friends in other countries: Don’t Get Complacent! Be assured your government would love to do the same, and if they can find a way to sneak it through, they will.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

In previous posts I’ve made mention of the Australian government’s attempt to introduce mandatory, countrywide censoring of the Internet, not at all dissimilar in scope and effect to the oppressive restrictions which pertain in countries such as Communist China.

Although those plans to apply compulsory censoring to everyone have been overwhelmingly condemned by Australian Internet users, no reasonable person would claim there should be no control over the content that is accessible to children.The sensible position is that control should be in the hands of and managed by parents, guardians, schools and the like. But the usual objection to that policy is that it’s all too difficult, too technical, for the average parent to come to grips with.

In this article I’ll show you just how easy it is to apply your own filters to your home Internet connection. This very same technique is used by literally thousands of schools across America and around the world to protect students from dangerous, obnoxious or otherwise unwanted content.

In the process I’ll give you a few tips that will help protect your PC against infection by the many nasties that are always looking for an opening into your privacy.

Difficulty Level

This article is intended to alert readers to certain possibilities. Although there is enough information here to allow users who know their way around Windows to implement the project without further assistance, it is not a step-by-step tutorial. There just isn’t the space here to cover all the nuances of the various versions and possible configurations of Windows XP and Windows Vista. However, it is quite a simple project to implement even if you do need to engage in a little research to figure out how to access certain settings.

And speaking of research, always keep in mind that “Google is your friend”. The Google search engine’s ability to find information highly relevant to what you’re looking for is quite incredible, and it gets better all the time.

What You Will Need

Just two things; one of them is free and the other dirt cheap.

I’ve said many times that if you never do anything else to protect your computer from hackers, viruses, worms and various other malware, the one thing you should do is install a router.

A typical wireless router

It’s an established fact that a new Windows computer with a broadband Internet connection will be probed by automated hacker-bots within minutes, and repeatedly probed ad infinitum. For maximum safety you really need other mechanisms as well, such as anti-virus and anti-spyware software, and a good software firewall, but a router is an excellent start.

A router is just a small fifty-dollar box that you plug your broadband modem and your computer(s) into, instead of plugging them into each other.

These days most Routers come with clear installation instructions and near-foolproof software to set them up. They really are no big deal to implement. Speak to any reputable dealer about a “4-port wireless router”.

The free component you need is a service called OpenDNS. Again, no complexity here — just browse to OpenDNS and sign up for a free account. But before you do, consider this…

Both the router and the OpenDNS service require you to nominate a password for access to configuration and settings. It is EXTREMELY IMPORTANT that in both cases you use long, complex, unguessable, uncrackable passwords — a different one in each case. These two passwords are what will prevent the minors in your care from circumventing the safeguards you will put in place.

And for some insight into creating and using strong passwords see my article: How to Choose Use and Recall Strong Passwords. However, contrary to the recommendations in that article, DO NOT store the passwords for the router or OpenDNS in Roboform. Write them down clearly and store that paper somewhere safe and secure — somewhere the children will never be able to get at them.

Oh, and there’s another advantage to the OpenDNS service. They have the capability to detect and block major malware attacks, before the vermin gets anywhere near your PC.

How Will It Work?

Now if you’re a technophobe, don’t let the following explanation or any of the terminology put you off. You can still implement your own customized in-house Internet filtering without understanding a word of this section. But read it anyway — you never know, it just might help.

Here we go…

Whenever you type a Website URL (e.g. www.playboy.com) into the address bar of your browser, a sequence of events takes place that is invisible to you, but critically important for the success of your request.

A message is sent from your PC to a special computer “out there” called a DNS server, where DNS stands for Domain Name System. The message tells the DNS server what domain it’s looking for and asks where to find it. After consulting its database of domain names the DNS server replies with the IP address of the requested domain. If you don’t know what an IP address is just consider it a complex number that uniquely identifies every Internet-connected device.

There’s no way around this process. The Internet doesn’t understand requests for something like “www.playboy.com”, it only understand IP addresses. So until an IP address is obtained from a DNS server, no request for a domain webpage can be satisfied.

There are many DNS servers “out there” and your Internet Service Provider (ISP) almost certainly has at least a couple that your system is configured to send such requests to.

Now, official DNS servers don’t discriminate; when asked for the IP address of a domain they provide it honestly and without question. Asked for the IP address of playboy.com the reply will be 208.67.216.131 (at the time of this writing anyway — IP addresses can change), and the home page of the Playboy website will be loaded into your browser.

But consider this…

What if inquisitive young Johnny Junior enters the Web address www.playboy.com, and the DNS server finds a note in its database that this domain is forbidden to the particular computer making the request (that is, your home PC). Then, instead of returning the real IP address of playboy.com, the DNS server returns something like this: http://208.67.219.135. It’s OK, go ahead and click that link.

Note: in a real-world scenario “example.com” will be replaced by the forbidden domain name, such as “playboy.com” in our example.

In other words, by configuring your local system to send DNS requests to a special DNS server, and by telling that DNS server what not to serve up to your browser, you can control what the computer users in your household will see.

Okay, sounds simple enough but…

How Do You Do It?

As you may have guessed by now, the OpenDNS service you signed up for earlier provides the special DNS server, and your account with that service allows you to stipulate what domains, or type of content, is to be blocked.

The other part of the setup is to change your local computer configuration so that it is the OpenDNS DNS server that is queried for IP addresses, rather than your ISP’s DNS server or some other.

In a home setup that DOESN’T have a router:

The IP addresses of the DNS servers to be used are stored in Windows. These Microsoft articles describe how to locate and set DNS values:

Windows XP – - – Windows Vista

In either case you want to “specify an IP address”, NOT “obtain an IP address automatically”.

The IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220

In a home setup that DOES have a router:

The IP address of the DNS servers to be used will be stored in the router, and Windows will be configured to use the router settings. These Microsoft pages describe how to locate and configure the appropriate DNS settings in Windows:

Windows XP – - – Windows Vista

In either case you want to “obtain an IP address automatically”, NOT “specify an IP address”.

In this scenario you also need to configure the appropriate DNS IP addresses into the router. Whereas Windows only offers fields for two DNS addresses (more if you go into advanced settings), most router’s offer three fields. Once again, the IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220
208.67.222.220

Special Considerations

From a security perspective it is a very bad idea for users to login to their computers with Administrative rights. People working away at computers on a day-to-day basis with Administrative rights is one of the reasons that malware does so much damage. There should be one Administrative account that is used only for configuration purposes. All users should login for their day-to-day computing activities with only a basic User account.

Now, this becomes important for another reason when your aim is to protect your children by implementing parental controls against undesirable Internet content. Here’s why:

If little Johnny Junior has Administrative rights there is nothing to stop him from entering any DNS IPs he likes into Windows’ configuration. Ordinary users can’t make such changes, but Administrators can. Regardless of his Windows user level he won’t be able to change DNS settings in your router (if you have one) because you will have protected that with a very strong password.

But if Junior changes the DNS settings in Windows from “obtain an IP address automatically” to “specify an IP address”, and then enters some DNS IPs that aren’t from the OpenDNS service, the Windows settings will take precedence over the router settings. Then Johnny is straight off to playboy.com, sex.com or anywhere else that catches his fancy.

Summary

As stated earlier, although this is a fairly simple project, you may need some help in particular areas.

• For help with purchasing a router I suggest you locate and consult with an honest and reliable retailer. Don’t expect a retail salesperson to have the breadth and depth of knowledge of an IT professional, but they should know their product line well and be able to advise you on a suitable make and model to meet your needs. Before handing over your money ask the sales person to prove to you that there is a public Support or Users Forum online for the brand he recommends.

• For help with configuring the router the best place is usually the manufacturers Support Desk or a Users Forum.

• For help with configuring OpenDNS, there is both a company-operated support department and a very useful Users Forum. Login to your account at OpenDNS and have a look around — its use is simple, obvious and self explanatory.

From both a security and a parental controls perspective, it may be worth your while to reconsider how each member of the household accesses computer resources, even to the extent of creating new User-level accounts, one for each person, deleting any old user accounts that had Administrative-level access, and applying a secret and secure password to the main Administrator account. The following URLs may be of some use in this endeavour.

Windows XP – - – Windows Vista

Warning

Is OpenDNS 100% effective?

Unfortunately, no it’s not. It’s just a fact of life that no blocking technology of this nature can be 100% effective. And the more effective you make a blocking technology, the harder it becomes to implement and maintain.

Keep in mind also that some of the best minds on the planet are constantly striving to find ways around the onerous censorship policies implemented by some communist and fascist-like governments, so there’ll likely always be some software or technique available that will be able to circumvent your parental controls.

OpenDNS strikes a convenient balance between effectiveness and ease of use, but it should not be assumed to give parents, teachers or others in a guardianship role such peace of mind that they no longer feel the need to actively monitor the online activities of their charges.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.