source: wired.com

IF THE WEB were an amusement park attraction, you’d have to be 10 feet tall to ride—it's terrifying enough for adults and a funhouse of horrors for kids, from inappropriate content to unkind comment sections to outright predators.

 

And yet! The internet also affords opportunities to learn, to socialize, to create. Besides, at this point trying to keep your kids off of it entirely would be like keeping them away from electricity or indoor plumbing. They’re going to get online. Your job is to help them make good choices when they get there.

Yes, there are parent-friendly routers you can buy, and software you can use, to limit your child’s access to the internet. But it's more important to create a mental framework that helps keep your kids safe—and teaches them to protect themselves.

Adjust as Needed

One reason it’s so hard to offer concrete rules governing kids and the internet is that no two kids are alike. It’s like keeping kids safe after homecoming. Some might just need a curfew, others a breathalyzer.

Think of sending your kids out into the internet, then, in the same way you think about sending them out into the world. Different age groups require different amounts of oversight; even within a specific age, different kids have different inclinations, and with them different needs.

As muddied a picture as it sounds, at least some legal guidelines exist. The Children’s Online Privacy Protection Rule, established in 1998, creates safeguards like keeping children off of social media under the age of 13. (Facebook has recently attempted to skirt that with a version of Messenger aimed at kids 6 and older.) Even so, millions of kids under 13 have found their way onto Facebook anyway, often with parental consent. Don't give in!

 source: cnet.com

 

WATCH THE VIDEO HERE!

 

The holidays are upon us! And that means you've got gifts to buy and questions that need answers -- and the clock is ticking!

The CNET Holiday Buyer's Guide Live is back again to help, streaming live from our New York studios. We have gift-giving advice, tips on finding hot deals and answers to readers' questions -- live, with a cast of CNET experts!

Highlights include:

There will also be a a giveaway! During the first 40 minutes of the live show, 10 lucky viewers will get a chance to win* a Sphero Mini robot by tweeting using the hashtag #CNETHoliday. 

*Remember that you have to be following @CNET on Twitter. And if you're stuck for something to say, let us know what your most desired tech gift is this year. Due to the legal boundaries of sweepstakes, the giveaway is for residents of US and Canada only, and you do have to be 18 years or older. Please check the rules for more details.

Watch live right here (above) or on YouTube today, Dec. 14 at 10 a.m. PT/1 p.m. ET.

 source: securityweek.com

Google has decided to share detailed information on how it protects service-to-service communications within its infrastructure at the application layer and the the system it uses for data protection.

Called Application Layer Transport Security (ALTS), the technology was designed to authenticate communication between Google services and keep data protected while in transit. When sent to Google, data is protected using secure communication protocols such as TLS (Transport Layer Security).

According to the Web search giant, it started development of ALTS in 2007, when TLS was bundled with support protocols that did not satisfy the company’s minimum security standards. Thus, the company found it more suitable to design its own security solution than patch an existing system.

More secure than older TLS, Google describes ALTS as “a highly reliable, trusted system that provides authentication and security for […] internal Remote Procedure Call (RPC) communications,” that ensures security within the company’s infrastructure.

The system, Google explains, requires minimal involvement from the services themselves, as data is protected by default. All RPCs issued or received by a production workload are protected by ALTS by default, as long as they stay within a physical boundary controlled by or on behalf of Google.

According to Google, the ALTS configuration is transparent to the application layer; all cryptographic primitives and protocols used by ALTS are up-to-date with current known attacks; ALTS performs authentication primarily by identity rather than host name; the system relies on each workload having an identity, which is expressed as a set of credentials; after an initial ALTS handshake, connections can be persisted for a longer time to improve overall system performance; ALTS is considerably simpler than TLS as Google controls both clients and servers, the company also says.

 source: technewsworld.com

Some HP laptops users came with a preinstalled program to capture the keystrokes of users, a security researcher recently discovered.

The researcher, Michael Myng aka "ZwClose," discovered the keylogger software while trying to solve a keyboard problem for a friend. The software is turned off by default.

After Myng contacted HP about the program, it quickly released a patch to get rid of it.

"A keylogger is a very dangerous piece of software," said Lamar Bailey, director of security research and development at Tripwire.

"It is like having someone looking over your shoulder while you are typing," he told TechNewsWorld. "Keyloggers can capture passwords that can be used to access financial accounts, record personal communications or even proprietary code under development."

No Malicious Intent

Keyloggers are an important weapon in the arsenal of cyberattackers, noted Chris Morales, head of security analytics at Vectra Networks.

"They're often used in the recon phase of targeted attacks to gather user credentials and other sensitive information which can later be used to compromise user accounts," he told TechNewsWorld.

"Keyboard loggers can be very hard to spot with consumer AV," Morales added.

Once a machine is compromised, instead of using a malicious payload that possibly could be identified by security products, a smart attacker might turn on and use the built-in keyboard logger feature, explalined David Picket, a security analyst with AppRiver.

"This would help them evade traditional detection methods that security products might have otherwise detected," he told TechNewsWorld.

Production Error

As dangerous as keyloggers can be, the software in the more than 460 HP laptop models doesn't appear to have any malicious intent behind it.