Pacific Coast Informer Blog

Getting Rid of the Google Website Warning

Vaclav Vincalek — Tue, 10 Nov 2009 15:00:00 -0700

We've had such good response and interest in our white paper on "How to Remove the Google Website Warning" that we wanted to re-publicize this useful resource on our security site for newer readers.

To provide a little background, we first started looking into the Google security warning when a number of organizations started getting hacked, with malicious scripts being put onto their websites that could pose a threat to any visitor. These organizations contacted us to try to fix their problem, which typically involved not only scrubbing the bad code off their infected websites, but undertaking a more comprehensive web security assessment, to find the vulnerabilities and enable fixes to close the holes that had led to the breaches in the first place. The reason these organizations even found out that they were hacked (possibly after months of not knowing) was that Google had labeled all search results for their websites with a dreaded "This site may harm your computer" warning, which was driving away traffic -- and business.

Removing that warning isn't necessarily easy. You can't just call up Google and ask them to change your status. First you have to use Google’s Safe Browsing diagnostics pageto help you determine what kind of badware (malware, spyware) Google detected on your organization’s website. Use the URL, http://www.google.com/safebrowsing/diagnostic?site=http://malware.testing.google.test/testing/malware/ and insert your own website address into the section after /diagnostic?site=
This page will show you the following information:

• Whether the current listing status for the site is suspicious or not suspicious in search engines
• What happened when Google visited the site
• If the site acted as an intermediary for malware distribution
• Whether the site hosted malware
• How malware became present on the site.
• Instructions for next steps to take

After that, you can move to the stage of actually fixing the problems. You don't want to just keep deleting and replacing your website (assuming you've got a reliable backup) since the same problems that led to your site getting hacked will ensure it gets affected again. Vulnerabilities must be fixed. To get more information on how to proceed, read the full white paper, "This Site May Harm Your Computer" - How to Remove the Google Website Warning

Cloud Computing A Myth

Vaclav Vincalek — Wed, 21 Oct 2009 08:30:00 -0700

Is all of the excitement about the advent of cloud computing all just hype? To an extent, yes. As ZDNet reporter Lori MacVittie points out, to an extent, organizations are already using the cloud in plenty of applications:

Google's Chrome OS is not the only operating system to which the cloud handle has been attached. It is merely the latest in a long line of attempts to capitalize on the growing interest and hype surrounding cloud computing.

Novell, Dell, Microsoft--in fact, anyone who is anyone with a stake in operating systems has been mentioned at least once in conjunction with a cloud operating system.

There is no such thing. It is a myth existing entirely in the minds of those who cannot seem to get enough cloud in their daily technology diets. And the problem in perpetuating that myth is that it continues to confuse an already confused market.

What MacVittie talks about is true enough, but not the whole story. As it is seen now, moving to the cloud can be evolutionary, not revolutionary. However, the potential of what the cloud could be certainly qualifies as revolutionary.

For enterprises to move their networks in whole or in large part to the cloud, we will need to see big changes in terms of how organizations can effectively protect their data online through a reliable system. As well, if we can really get to the type of utility computing businesses have been clamoring for, pretty much since the first computers, then operating systems may have to fundamentally change (as MacVittie acknowledges).

Of course, the benefits of cloud computing could also have a revolutionary impact on business itself. Entire IT departments may be broken down or even wiped out as many routine IT tasks are made redundant by the cloud and a small remainder are outsourced to network infrastructure consultants.

Access Management and Protecting the Network

Vaclav Vincalek — Tue, 20 Oct 2009 08:30:00 -0700

When we think about maintaining and protecting the network, we often focus on hardening the system against outsider threats. It makes sense, since the majority of attacks on a network come from the outside. But when insider attacks occur, they can do a lot more damage. That's where access management comes into play.

Remember the case about a year ago of the disgruntled City of San Francisco IT administrator who locked out other city administrators from the network (TechNewsWorld)? Even after he was carted off to jail, other administrators still couldn't get in. It was a worst case scenario. You had a generously-paid administrator in a good position who sabotaged his own organization after being cited for poor job performance.

Assuming your most senior IT people aren't plotting against you, locking down the system from the inside gets a bit easier than the above example. Access management procedures and tools can help organizations ensure network security as only trusted people have authorized access to specific parts of the network. Ideally, that authorization can be revoked at the click of an IT administrator's mouse. This can also be integrated with key HR and Payroll systems.

Of course, this still assumes at least some level of manual interaction (a mouse click, or several) by people who can be trusted. Access management technologies can greatly help organizations that hire right and have the capacity to realistically assess risks from within. Your network's operations and security depend on it.

Marines Attack Social Media Site Security Holes

Vaclav Vincalek — Mon, 19 Oct 2009 08:30:00 -0700

When it comes to physical security, there are few organizations on par with the US Marine Corp. In an unprecedented step to protect their computer network, the Marines have banned the use of social media sites (Wired). Is this a lesson here for the corporate world?

"These internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries," reads a Marine Corps order…

But the battle of ideas over whether all US military assets will be prevented from using social networking sites is far from over. According to the same Wired report:

Many within the Pentagon's highest ranks find value in the Web 2.0 tools. The Chairman of the Joint Chiefs of Staff has 4,000 followers on Twitter. The Department of Defense is getting ready to unveil a new home page, packed with social media tools. The Army recently ordered all U.S. bases to provide access to Facebook. Top generals now blog from the battlefield.

Price Floyd, the Pentagon's newly-appointed social media czar, seems awfully skeptical of the Marines’ social media lockdown, suggesting that security concerns must not trump using social networking tools if the activity will contribute to enable “business”. And for now, that seems to be an appropriate message for organizations that don’t spend their time organizing beachfront assaults. Use social media tools carefully, with an eye to security. They’re just too useful to ignore.

You Can Never Have Too Much Backup

Vaclav Vincalek — Fri, 16 Oct 2009 08:30:00 -0700

It’s been the number one rule for working on computers pretty much since the beginning: save your work and back it up somewhere else. Eventually, the hardware you’re using WILL fail. You need to make sure your hard work doesn’t vaporize with the last cough of your hard drive or software. That goes triple for business.

But without automated backup built into your process, it’s almost inevitable that you’ll face a data recovery disaster. They still happen all the time. Globe and Mail reporter Michael Snider furnishes an example in “A Way to Protect Your Sunshine”:

Last October, a power failure crashed my computer while I was installing a Windows Vista service pack update. The operating system would not boot after that and though I tried to fix the problem with help from a few Globe and Mail IT staff and Microsoft Support I ended up having to wipe my hard drive and reinstall the OS.

I lost a lot of stuff.

I had backed up my documents a few weeks earlier on a second PC in my home, and have, over the years, copied my music and pictures. But I have never backed up my entire video folder because ... I don't know.

Are there files not backed up on your computer because… you don’t know? If you’re like most people, you’re probably shrugging guiltily right now.

Fortunately, there are a number of solutions individuals and businesses can take to prevent a data recovery disaster. You could buy a networked hard drive and back up your data there. You can buy software to automatically backup your data regularly as you work.

Data disaster recovery is a lot pricier than ensuring your work is safe to begin with.
If you’re not sure which solution to go with, talk to an IT expert and get it done ASAP.

Remember, everybody can do a backup, but only a few chosen ones can do a data restore.

Collaboration tools provide value from top to bottom

Vaclav Vincalek — Thu, 15 Oct 2009 15:00:00 -0700

Collaboration tools are used to boost productivity and improve communication and cooperation between employees and team members working from remote locations. But do top-level executives use these tools well?

A great example comes from Microsoft founder Bill Gates, who is a big collaboration tools fan, calling them indispensable for his work. Straight from Microsoft’s Office Online blog, Bill tells all:

This release of SharePoint also has many social networking features that I find enormously helpful. In addition to searching any corporate intranet site for documents, SharePoint now enables me to search for specific people based on their expertise, job title, or the department they work in. Also, employees can easily create personal Web sites where they can post photos and list their experiences and interests. SharePoint even automatically associates every document with its author, and explains his relationship to other employees on the same team and in his department. So SharePoint makes it far easier to quickly identify the two or three people who are experts in parallel computing, for example, even though there are more than 80,000 employees at Microsoft now.

Bill also talks about acquiring industry and market-trend information by using Excel 2007 and Sharepoint to access “the kind of data that used to be hard to find because it was stored in back-end databases”.

Bill might be just a teensy-bit biased about Sharepoint’s capabilities (and of course, you can imagine the fallout if Microsoft was discovered to be using the competition’s offering. We all have to drink our own champagne...). But the main point here is that collaboration tools of any brand of technology can provide essential productivity benefits for employees from the bottom to the highest levels of an organization. Provide your employees with the tools to overcome geographic, organizational, or corporate boundaries and start working smarter.

Grand Jury: “Get a Web Portal”

Vaclav Vincalek — Wed, 14 Oct 2009 17:24:26 -0700

When it comes to good government, a collaborative online presence is no longer an option. It’s a necessity.

When you need to get in touch with City Hall, or your provincial or state government, the first place many of us go is online. We expect to see integrated web portals that allow us to easily get information and access to services. Static web pages may still (barely) be adequate for some very small businesses, but it won’t cut it for organizations of any kind of scale.

Case in point, the Colusa County Grand Jury has blasted Colusa County for being “the only county in California without a single Web portal providing easy access to services and information” (Sun Herald). The superintendent of the county blamed recessionary cutbacks for failure to develop its website, but the Grand Jury stuck to its guns, practically demanding that the project move forward.

As you can see from the Colusa County website as of October 8, 2009, there’s still a lot of work to be done.

This case highlights the expectations people have about the need for better access to information through collaboration technologies.

Web Application Firewall Shines Light on Vulnerabilities

Vaclav Vincalek — Tue, 13 Oct 2009 08:30:00 -0700

Here we have a perfect example of how a web application firewalls is supposed to work, courtesy of IT security manager Jeff Rice, testifying in the ComputerWorld article, We've been blind to attacks on our Websites.

The earnest executive knew that his company’s website was being scraped, but he needed more information:

The firewalls and IDS allow us to see some of what's going on, but can they really detect active content-based attacks? To find out, I installed a Web application firewall in my company's DMZ to tell us about active attacks that may not be identified by our other devices.

Sure enough, the WAF did what it was supposed to do. His report:

Our Web sites are being "scraped" by other companies -- our competitors! Some of the information on our sites is valuable intellectual property. It is provided online, in a restricted manner (passwords and such), to our customers. Such restrictions aren't very difficult to overcome for the Web crawlers that our competitors are using, because webmasters usually don't know much about security. They make a token attempt to put passwords and restrictions on sensitive files, but they often don't do a very good job.

Not only that, but the site was under constant attack from hundreds of SQL injection attacks every day.

Given his job title, Jeff probably wasn’t sleeping too well at night. But at least now he had the information to go back to his web developers and push them to build their site with better security in mind.

Their WAF’s findings furnished the proof management needed to begin fixing the known issues – no doubt with far less cost than if hackers perpetrated a successful data breach through the website (See Investment in Proactive Security Beats Cost of Doing Nothing). When you know where the problem is, it’s a lot easier to fix it.

BC Retains Commitment to Tech Sector

Vaclav Vincalek — Mon, 12 Oct 2009 08:30:00 -0700

As an Information Technology consulting firm in the heart of BC’s tech hub in Vancouver, we’re certainly heartened by the BC government’s commitment to critical support for our province’s knowledge economy. As BCTIA President Pascal Spothelfer has noted in the Voice, key technology sector initiatives that have retained funding include:

• investment tax credits under the Small Business Venture Capital Tax Act;
• provincial SR&ED tax credits; and,
• The Innovative Clean Energy (ICE) fund.

The economy is still in a fragile state and the province has had to resort to some serious cut-and-slash budget planning. That they were able to continue providing support for these projects says something about the government’s priorities. As I pointed out a little while ago in Trading Up to A Tech Hub Requires Accountability, the benefits of that support will affect BC’s ability to compete globally and improve our standard of living in the future:

“After all, the question of what is a fair minimum wage fades into the background when everyone from the entry-level worker on up to the president of the company is does well by exporting technology products and services that can’t be duplicated easily elsewhere. Technology companies pay their employees better than most other sectors, so a healthy tech sector also translates into bigger tax revenue for government. Then there are the benefits in terms of a lower carbon footprint from the tech sector as compared with traditional resource-based industries, and better opportunities for finding highly-trained support staff for our technology-driven health sector.”

Web Application Security 101 Webinar

Vaclav Vincalek — Fri, 9 Oct 2009 08:30:00 -0700

What do hackers look for when attacking Websites? And how do you know when you've been hacked? As hacking expertise has become a lucrative endeavor, hackers rather stay silent instead of promoting their conquests to the world like they did 10 years ago.

So what are some easy ways to protect your brand and data from this subversive underworld? With 400 new application vulnerabilities a month (and growing), you need to keep ahead of hackers by taking proactive approaches towards Web application security. We will walk you through a demonstration of what hackers look for in a Website as "easy prey" and ways they can break into security layers to steal personal information and other valuable data from your system.

He'll also show you fast, simple ways to fix such flaws and how to monitor future possible breaches.

Date and Time: Wednesday, October 14, 9-10 am

How to register:

1. Go to http://boonbox.webex.com/meet/boonbox

2. Click "Show All Meetings".

3. Click the "Register" link on the right in the Status column for "Web Application Security 101 " and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

Who Should Register: Business owners and IT professionals looking to improve their business operations.

As an additional benefit of signing up for this Case for Security webinar, you will also receive a complimentary subscription to our weekly newsletter, Cyber Security Informer and the Pacific Coast Informer.

If you have questions about this webinar, please contact info@pcis.com

The Challenge of Keeping Up With Network Security

Vaclav Vincalek — Fri, 25 Sep 2009 08:00:00 -0700

For those organizations still insisting on maintaining all aspects of their network security in-house, the challenge of maintaining up-to-date security standards rather than outsourcing it to full-time professionals has become extreme. Another example of this phenomenon, in The PC Report:

"I was just looking through the network security part of an IT Textbook currently in use by high schools and noticed the dodgy security information it was giving. The textbook recommends using WEP encryption to “secure the network” , hiding the network’s name (SSID) and filtering MAC addresses; and then goes on to explain why you should use these multiple methods of “security” together.

"The textbook writers are clueless, and that information is out of date, even though it was printed only last year."

Security has become far too specialized to remain the preserve of most in-house IT professionals, who are often so busy with incident support that they can't cover off all of the patching, updating and code reviews required for an organization's network and web presence.

System Migration and a Value for Money

Vaclav Vincalek — Thu, 24 Sep 2009 08:00:00 -0700

System migration is one of the most challenging IT projects a business can go through. We help companies with this all the time, migrating systems involving Linux, Windows, Microsoft Exchange, Lotus Notes, Domino, Linux webmail, First Class, IBM WebSphere, RedDot, and a wide range of other technologies. We've got a lot of experience with it, but even before the client formally moves the project ahead, there's plenty of work for us to do to make sure it will fit with the company's scale and goals.

For instance, I was reminded of a time recently when one of our IT consultants in our Vancouver office looked a bit glum as I came by his desk. He'd just gotten off the phone. "It looks like I might need this specific tool to undertake the system migration remotely," he said.

That's a common enough issue, so I shrugged and smiled. "Nothing we haven't seen before."

He wasn't cheering up. "I know," he replied. "But it looks like this one tool costs $15,000. For that price, we could just drive over there and do the work ourselves and have plenty to spare." For a company that wanted to do the migration, that would have raised the price far beyond what they were anticipating.

The consultant searched hard for an alternative. Eventually, the consultant's research paid off and he found a solution that would do the job for far, far less than $15,000. The client wouldn't have to pay for something they didn't really need and we would be able to keep them happy.

Understanding the company's needs and the required scope of the project was essential in putting together a proposal for the migration that would be cost-effective, not just expedient. It took some time and effort on our part, but as the IT consulting experts, we have to be able to find a solution that our customer can not only live with but will be happy with, so they'll trust us for the long term. It's not always easy, but it's always worth it.

Growing Not Quite Ready for Enterprise Use?

Vaclav Vincalek — Tue, 22 Sep 2009 08:00:00 -0700

I caught an interesting snapshot of some companies' experience in moving their email from Lotus to Gmail on what seems to be a purely cost-cutting basis:

Genentech, Hamilton Beach, and Johnson Diversey are among a smattering of large companies that have turned off their e-mail servers and signed up for Google Gmail. And, for nearly two hours on Sept. 8, tens of thousands of employees at those companies couldn't access their Gmail accounts...

Since e-mail is relatively benign -- an outage wouldn't stop a production line, for example -- those businesses who've signed up for Gmail are willing to tolerate the occasional blip in service as the trade-off for inexpensive email.

While uptime is important, Google (NSDQ: GOOG)'s success in the business world will depend on whether it can continue to work as closely with other businesses as it's apparently working with its early adopters, so that when -- not if -- relatively brief outages occur, businesses don't feel deserted.

Whether or not Google email is as reliable as enterprise vendors for email not even the biggest part of the decision for organizations looking at migrating. There are a number of reasons why companies might want to hold off for the foreseeable future.

First of all, who owns the email? Does ownership reside with the the enterprise or with Google? As of right now, Google's terms of service, are at best contradictory on this point. For organizations that have to comply with E-Discovery rules, how do they retain records? The benefits aren't clear to me.

Even worse for those organizations that want to get maximum bang for their buck from their collaboration tools, the prospects for integration between systems is not so good. Can data residing on Google be easily integrated into your Lotus Notes desktop applications, or Microsoft Office? Could Novell's Groupwise offer the real functionality that your business needs in terms of collaboration capabilities?

We're still a long way away from seeing Google as a fully-qualified enterprise solution. The company undoubtedly has the resources to deliver enterprise solutions if it so chooses, but until then, companies are advised to steer clear.

Devfense Cyber Alert Goes Online

Vaclav Vincalek — Tue, 22 Sep 2009 08:00:00 -0700

We've just launched a new public service, Devfense Cyber Alert. The free service will help users know which websites have been flagged as vulnerable to hackers and may harm Internet surfers' computers or be used to violate their privacy. This information is published on Twitter at www.twitter.com/devfense_alert (Twitter username @devfense_alert).

As you are probably already aware, we are using multiple channels to publicize which sites have been flagged for security issues. We also publish short lists of these vulnerable websites in our bi-weekly Cyber Security Informer newsletter. This public service aims to help users take evasive action and create awareness about the widespread problem.

Based on our experience of helping organizations with their web security, we know that visiting websites can be a dicey proposition. As part of the public service, you are invited to contact us if you discover websites infected with malware or showing vulnerabilities. We will facilitate communication between the Internet user and the website owner to help provide some explanation about the security issues involved.

We hope you'll find this public service useful in helping you stay safe online. To contact us, email info@pcis.com or for more information, visit www.boonbox.net/devfense-cyber-alert.htm

Watch out! We now offer Impervious security

Vaclav Vincalek — Mon, 21 Sep 2009 08:00:00 -0700

We're pleased to announce PCIS' new partnership with Imperva, a leader in data security. As a reseller of Imperva’s SecureSphere Enterprise products, we'll be able to offer our customers a holistic solution to protect against data breaches. The SecureSphere Data Security Suite delivers a complete lifecycle for Web application and database security in a single platform. By securing transactions from the end user through the Web application to the database, the SecureSphere Data Security Suite offers complete data security and visibility.

We've begun this partnership because our customers have been asking for more options for improving their IT security posture. We currently perform web application security assessments, which provide an effective diagnostic and roadmap for remediation; however, code fixes and reviews may not always be a practical or effective solution for all situations. Deployment and configuration of a Securesphere WAF delivers automated protection against application attacks and drop-in deployment with no changes to existing applications or network. Organizations can begin to protects web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications.

Either way, if you are looking for the protection of a WAF or a more complete security solution, we are here to help.

IBM or Microsoft for your business needs?

Vaclav Vincalek — Mon, 7 Sep 2009 08:00:00 -0700

Which technology is better for your business, IBM's or Microsoft? Security Channel News has a great overview of the different features of Lotus Domino and Microsoft Small Business Server for the SMB market.

As we always say, the technology you choose has to be based on the business process you're going to use it for.

Webinar on The Top Ten Application and Database Vulnerabilities

Vaclav Vincalek — Fri, 4 Sep 2009 10:00:00 -0700

Join PCIS and Imperva for this live educational web seminar as we reveal the top ten application and database vulnerabilities. Corporate databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions in fines, lawsuits, and customer attrition.

The good news is there are 10 commonly used methods to attack databases. Defend against these, and your databases will be virtually impenetrable. Webinar attendees will learn to:

* Understand the 10 most prominent application and database security threats and how they are carried out
* Know how to assess and mitigate application and database threats
* Develop a blueprint for implementing comprehensive application and database protection

The discussion will cover definitions of the programming errors, how to identify and assess risks in your application, and references to resources surrounding best practices in web application development

Date and Time: Wednesday September 9, 8:30-9:30 am

How to register:
1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "The Top Ten Application and Database Vulnerabilities" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

As an additional benefit of signing up for this Case for Security webinar, you will also receive a complimentary subscription to our weekly newsletter, Cyber Security Informer and the Pacific Coast Informer.

If you have questions about this webinar, please contact info@pcis.com

What is Social Networking (and Can I Outsource It?)

Vaclav Vincalek — Fri, 4 Sep 2009 08:00:00 -0700

What is Social Networking (and Can I Outsource It?)

Social networks are online platforms that provide people with the ability to create and define their individual profiles and interact with others who have similar interests or expertise. Some of the more common ones people use are Facebook, LinkedIn and Twitter.

Big global corporations have already dived in head first into the Web 2.0 sector, and Forrester says the bulk of $4.6 billion spending on these tools by 2013 will be on social networking (ZDNet). SMBs, which were expected to be the early adopters due to the competitive leveling effect of these tools, are already starting to follow the big boys’ lead.

Some organizations have already started outsourcing that social networking work. PCIS has helped organizations to establish their presence on various social networking platforms, including Twitter, Facebook, Crowdtrust, Second Life, Digg and Delicious.

Outsourcing social media requires a deep understanding of an organization’s operations and corporate culture and comprehensive analysis of their traditional communications efforts. It also takes an expert understanding of social network behavior, an ever-increasing assortment of tools, metrics for measuring ROI, and disparate areas of expertise like marketing and online security that don’t often get considered in the same space. This expertise is needed to get the biggest bang for the buck, but also to avoid some very serious mistakes that can ruin a social media presence before it gets a chance to take off.

Some questions to think about before outsourcing your social networking:

1. How do we want to be seen? Do the new social networking efforts give my company a chance to brand (or re-brand) our image?

2. What do we have to say? At the heart of social networking is a conversation with your customers and supporters, so messaging is critical. You may not be writing your own content, but the service provider will need to go over your “talking points” with you before they begin.

3. How will the social network service provider protect me? Bad apples are active on social networks, so the provider must have processes in place to mitigate risk.

Have you started using social networks, or are you thinking of outsourcing that work? We’d love to hear your feedback on our take. I'll also leave you with this amusing take on outsourcing generally, courtesy of the Onion News Network: More American Workers Outsourcing Own Jobs Overseas

Contributed by Karen Chiang, PCIS Program Manager

Online Security Not an Oxymoron, Part 2

Vaclav Vincalek — Wed, 2 Sep 2009 10:00:00 -0700

At the beginning of this year, we discussed some online security measures ordinary Internet users can use immediately to protect their computers and the data they contain from predatory hackers. Social networks are increasingly being exploited to commit ID theft and fraud, so it's time to add a few more tips. A few good ideas (with notes from us below) from TechNewsWorld:

* "Think about keeping some control over the information you post. Consider restricting access to your page to a select group of people -- for example, your friends from school "

It's important to note, though, that privacy restrictions on sites like Facebook can be gotten around fairly easily. I "friend" your contact, then I "friend" you after leaving a helpful message, and now I get to see everything you post.

* Consider not posting your photo. It can be altered and broadcast in ways you may not be happy about. If you do post one, ask yourself whether it's one your mom would display in the living room.

Also keep in mind that people can tag photos of you without your knowledge. There's no way to prevent it. The only way to deal with it is to check all photos tagged with your name and "untag" yourself. You can do that on sites like Facebook, although that won't work with Flickr. You would have to ask the owner of the photo to remove it (or call the cops, if the image of you is so embarrassing or incriminating that it rises to the level of harrassment).

* Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, tell an adult you trust and report it to the police and the social networking site. You could end up preventing someone else from becoming a victim.

Of course, adults can be cyber-stalked as well. Don't stand for it. Law enforcement (and civil litigation lawyers) are increasingly cracking down on this kind of activity.

If you have questions about keeping yourself or members of your organization safe online, or possibly require security awareness training, contact the web security experts.

Is the Facebook Privacy Lawsuit Without Merit

Vaclav Vincalek — Tue, 1 Sep 2009 10:00:00 -0700

Facebook needs to find a simple way for users to ensure that others can only see what the user wants them to see in their profile. Seems simple enough, but there are ways of seeing that content despite current Privacy settings. On the other hand, Facebook can't necessarily be held responsible when users violate its terms of service or don't use the protections that are there for their benefit.

From Larry Magid at Safe and Secure, commenting on a California-based lawsuit against Facebook:

The child who said he had swine flu is identified as "Xavier O." The complaint says he "has a Facebook account that was opened without the knowledge or consent of his parents." He allegedly "uploaded personal information, videos and photographs, including swimming and/or partially clothed photographs of children ages 5 to 11"...

I don't know where to begin parsing young Xavier's case. First, by simply having a Facebook account he was violating Facebook's terms of service. And why did his parents only remove "the minor's medical information?" They should have deleted his entire account.

Like all reputable social networking sites, Facebook complies with the Children's Online Privacy Protection Act (COPPA) by not allowing children under 13 to have accounts (COPPA does make provisions for accounts for children under 13 but imposes certain conditions including parental consent). The only way for this young man to obtain a Facebook account would be to lie about his date of birth.

What's your take? Is Facebook legally guilty of violating privacy laws? Or should parents start parenting instead of suing and spend the money on their kid's education?