The Week in Online Safety, October10, 2011A weekly global roundup of online safety news, policy developments, research, and influence
NewsU.S. - Teens Grapple With Cyberethics in the Digital Age, Tech News World, Oct. 7, 2011
U.S. - Facebook makes strides to stop bullying, Newsday, Oct. 6, 2011
U.S. - Protect Your Kids With These Cybersecurity Apps, Fox News, Oct. 7, 2011
U.S. - Comcast offers tips for parents on talking to their kids about keeping safe online, Boston Globe, Oct. 7, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsU.S. - House Subcommittee Vets FTC COPPA Proposal, Broadcasting & Cable, Oct. 5, 2011
ResearchU.S. - Increasing Youth Safety and Responsible Behavior Online, Lisa M. Jones & David Finkelhor, Oct. 2011
U.S. - Internet Conversations Lacking Between Parents and Teens, Comcast, Oct. 6, 2011
Australia - Bitdefender survey finds cyber bullying affects most children, BitDefender, Oct. 7, 2011
AdvocatesU.S. - Another Bullycide Teachable Moment, Donna Rice Hughes, Oct. 1, 2011
U.S. - In Need of Positive and Hollistic Internet Safety Instruction, iKeepSafe, Oct. 3, 2011
E.U. – October Newsletter, insafe, Oct. 4, 2011
U.S. - Cyberbullying’s offline roots: Research, Anne Collier, Oct. 7, 2011
-- Compiled by David Burt, CISSP, CIPP
Jacqueline Beauchere, Director, Trustworthy Computing Communications, writes on the Microsoft on the Issues blog:
October is National Cyber Security Awareness Month (NCSAM) in the U.S. and around the world. This year's official launch is taking place in Ypsilanti, Michigan to coincide with the Michigan Cyber Summit 2011.
Department of Homeland Security (DHS) Secretary Janet Napolitano, White House Cybersecurity Coordinator Howard Schmidt, Michigan Governor Rick Snyder, other state officials, and I shared the stage just a few hours ago kicking off NCSAM 2011. I represented Microsoft, as well as the Board of Directors of the National Cyber Security Alliance, who are long-time sponsors of NCSAM and an important public-private partnership of which Microsoft is a founding member.
This year's NCSAM theme, “Our Shared Responsibility,” refers to the ongoing work each of us can do to help secure our own piece of cyberspace—because when it comes to making the Internet safer, no individual, corporation or government entity is solely responsible. Moreover, individual acts and omissions can have a combined impact. When we exercise safer habits and practices, we help make the Web more secure for all. If each of us does our part, whether it be implementing stronger security, raising awareness of risks, or educating youth—together we can create a more resilient digital world.
It all starts with STOP. THINK. CONNECT. (STC), a simple, action-oriented reminder for all of us to stay safer and more secure online. In fact, it was just one year ago that, the White House, DHS and a public-private coalition launched STC in Seattle as part of NCSAM 2010. In short, STC means:
• STOP: Before going online, learn about the risks and how to avoid potential problems.
• THINK: Take a moment to check that the path ahead is clear. Watch for warning signs and consider how your actions (or inactions) might impact your safety or security or that of your family.
• CONNECT: Enjoy the Internet with increased confidence, knowing that you’ve taken some key steps to help safeguard yourself, your family, information and devices.
At Microsoft, we refer to these efforts as fostering “digital citizenship,” and we promote and share this work globally. Specifically, we create and offer, free of charge, a host of resources on our consumer safety website. These include a series of STC videos, one of which was honored by the White House and DHS earlier this year. We also help spread the STC message via our social media properties on Facebook and YouTube.
In the weeks to come, we will participate in other NCSAM events across the U.S., and hold our own forum in Washington, D.C., on October 27th. There, Trustworthy Computing will release new online safety research, as well as a toolkit of helpful resources for youth, parents, governments and educators.
Join us in our digital citizenship efforts to help create a culture of online safety where everyone embraces this shared responsibility.
Yesterday, Microsoft released the Microsoft 2011 Citizenship Report. The report provides an overview and assessment of our work over the past fiscal year (July 2010 to June 2011). On The Official Microsoft Blog, Dan Bross, Senior Director, Corporate Citizenship, has a full description of the report.
The report has a full section on “Privacy & Safety:”
What We're Doing
Developing safer products
Product design can play a major role in helping protect users and giving them greater control.
Teaching people how to stay safer online
As we committed to in our FY2010 Citizenship Report, we focused on teaching people online safety techniques in FY2011.
Safer Internet Day: For the ninth year, we worked with partners to celebrate Safer Internet Day. More than 1,000 Microsoft volunteers visited schools around with world and, together with local partners, helped teach more than 100,000 parents, teachers, and students about online safety – up from 50,000 reached on Safer Internet Day 2010.
Helping protect people and businesses online
Our priorities for FY2012 include:
Dick Craddock writes on the Inside Windows Live Blog:
In previous posts on our blog, we talked about how we’ve reduced true spam in the inbox to under 3% using SmartScreen™ filtering. But we realized that getting rid of true spam wasn’t enough, because 75% of the email messages that people reported as spam are really legitimate newsletters, offers, or notifications that you just don’t want anymore. We call this type of unwanted email graymail, and we’re excited to announce five powerful tools to help you take control of your inbox, get rid of graymail, and keep track of the email that’s important to you.
In the early days of email, most mail in the inbox was from someone you knew, but today’s email is used for much more, and so the inbox is different. More than half of the mail in a typical inbox is newsletters or deals, 17% is social updates, and about 14% is person to person email. The rest represents mail from group distribution lists, shopping receipts and commerce, and true spam.
The problem with today’s inbox is that it is easy for it to get filled up with mail you don’t want. It could be newsletters you signed up for and forgot about (but keep getting), or it could be newsletters you get when you join a new service (and forgot to uncheck that pesky box that says “send me lots of email!”). Or it could even be updates you get from a social network or website. What really characterizes graymail is that the same message that one person thinks is “spam” could be really important to another person. It’s not black and white, hence the name.
Despite the drastic decrease of true spam in the inbox, we found that most customers are still seeing newsletters, product offers, and other clutter. In fact, 75% of email identified as spam by our customers actually turns out to be unwanted graymail that they receive as a result of having signed up on a legitimate website. And because of inbox clutter, it’s easy to lose track of the really important messages in your inbox that you want to get back to. So we decided in our upcoming release to add five new features that help customers take back control of their inbox.
We’ve talked about categories for a while now – in our last release we delivered automatic categorization of social updates, messages that contain Office documents, messages with photos, and even shipping notifications. We’re now adding a special category for newsletters. We use the same SmartScreen™ technology that helps us fight spam – a machine learning engine that gets better over time. Right out of the gate, we’re 95% accurate with the mail we categorize as newsletters, and this will only get better as you help us build the feature by categorizing or un-categorizing your own mail. In fact, every time you categorize an email as a newsletter, you help make our filtering better for yourself and every other customer.
Sometimes you don’t want a newsletter, but it’s hard to find out how to stop getting it. Now with Hotmail you can do it all in one step. Click on unsubscribe, and we’ll do the rest – let the site know to stop mailing you, use Sweep to immediately clean up your mail and remove all the old newsletters from that sender, and finally send any new ones that come in to your junk mail until the sender takes you off their list.
There are other times you want to keep getting the newsletter, but only want to keep the latest copy. This is great for shopping sites or deals where the newsletter is really only useful for the first week and then the offer expires or a new newsletter takes its place. Today, we’re introducing Schedule Cleanup, a new tool, unique to Hotmail, that works behind the scenes to keep your inbox organized. With Schedule Cleanup, you can:
Here are some ways to use Schedule Cleanup:
The war on graymail isn’t just about deleting things or moving them to folders. It’s also about making sure you can find messages quickly, especially messages that are most important to you.
This happens to our customers all the time: they get an important message and want to keep it right up front where they won’t forget it. How do you handle that? A lot of people mark the message unread. But, of course, as new mail comes in, that can get confusing. Some people forward the message to themselves so that it stays at the top of their inbox.
At Hotmail, we think the right way to track important messages is with flags, and our upcoming changes make flags even more powerful. Now when you flag a message, it gets “pinned” to the top of your inbox and stays there, even as new email comes in. This means it is easy to keep track of your most important messages, right up front, all the time. What’s more, you can even set up rules to automatically flag incoming mail from certain senders, so that your most important mail is always right there at the top of your inbox.
Of course, flags are a category, just like newsletters or social updates, so you can use Sweep or Schedule Cleanup on flags.
While we think these automatic categories work great for most customers, we recognize that some customers want even more control over their inbox, or they like using labels in products like Gmail. So we’re adding support for custom categories, powered by Sweep and Schedule Cleanup, so they are easy to set up and use.
You can quickly create a new category and apply that category to all related messages at the same time – no searching for mail, no complex rules to create. You can categorize messages right in the message list with the new categories column. And categories show up as QuickViews right next to folders, so it’s easy to find what you’re looking for.
Now if you’re a filer and use folders, you might be wondering how all of this helps you. Categories, Sweep, and Schedule Cleanup work great for folders. Simply click on a message, click Sweep or Schedule cleanup, and move all messages from that sender (or in a category), including future messages, to a folder. And of course, you have the same ability to create your own folders and sub-folders. But we didn’t stop there – we’ve added advanced folder management tools: nested folder with drag and drop, creating new folders right inline, and a new right-click menu for folders that lets you mark everything in the folder as read, or rename, empty, or even delete the folder.
Whew! That’s a lot of new features for fighting the war on graymail and keeping track of your important messages. And we’re just getting started. We’ll have more on these features and others as they roll out in the coming weeks. So try out our new tools when they hit your inbox and let us know what you think!
Dick Craddock - Group Program Manager, Hotmail
The Week in Online Safety, October 3, 2011A weekly global roundup of online safety news, policy developments, research, and influence
NewsU.S. - A Call for Opening Up Web Access at Schools, The New York Times, Sep. 28, 2011
U.S. - Beware of Blipdar, an anonymous dumping ground for slander, insults and cyberbullying, CBS News, Sep. 29, 2011
U.S. - How to spy on your kids online, CBS News, Sep. 29, 2011
U.S. - Why geolocation apps can be dangerous, USA Today, Sep. 27, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsKenya - UN Takes on Child Porn, Cybercrime and Other Global Issues, Huffington Post, Sep. 27, 2011
U.S. – NJ AB 1561, Signed into Law, Sep. 16, 2011. (Lessens penalties for juvenile sexting) News coverage.
U.S. - NY State bill would punish cyberbullying, Newsday, Sep. 27, 2011
ResearchU.S. - Young people say online meanness pervasive, AP/MTV, Sep. 26, 2011
Australia - Sexting driven by peer pressure, Melbourne University, Sep. 30, 2011
AdvocatesU.S. - Common Sense Media, Yahoo! Safely, and MTV Stand Up to Cyberbullying, Common Sense Media, Sep. 28, 2011
U.S. - "Don't Filter Me" at Six Months, ACLU, Sep. 28, 2011
U.S. - Digital citizenship reality check: Notes from Nairobi’s IGF, Anne Collier, Sep. 29, 2011
U.S. - Law Enforcement Perspectives on Cyberbullying, Justin Patchin, Sep. 28, 2011
U.S. - Are We Doing Enough to Protect our Teachers?, iKeepSafe, Sep. 30, 2011
Steven Sinofsky, President, Windows and Windows Live Division at Microsoft, writes on the Building Windows 8 blog about Signing in to Windows 8 with a Windows Live ID, including a section on "Privacy and Security" below:
With Windows 8, we introduce the optional capability to sign in to your PC with a Windows Live ID and, by doing so, gaining the ability to roam a broad range of settings across all of your PCs. In this article by Katie Frigon, the group program manager of the You-Centered Experience team, she describes the feature and its benefits. --Steven
Each Windows user wants to have the ability to set up and use a PC in a way that is unique to them. Doing so, however, can be challenging in today’s multiple user and multiple PC environment. We know that shared PC usage is common and we’ve heard from many of you that switching between multiple accounts can be cumbersome. The difficulties associated with managing multiple accounts often lead to the sharing of a single account on a PC, and a less personal (and potentially less private) experience for each user. We also know that users are utilizing multiple devices more often now, and setting up a new PC can be inconvenient and time consuming. In Windows 8, we have set out to ensure that each PC user has a truly personal experience that seamlessly bridges their online and offline tasks, is simpler to set up and use, and persists across their set of Windows 8 PCs. To do this, we’ve introduced the ability to log in to Windows (optionally) with a Windows Live ID that works across devices, apps, and services, allowing you a uniquely personal experience with Windows.
Shared PC usage occurs in 72% of desktops and 49% of laptops
How user accounts are used on shared computers
PCs per household in the United States
Download this video to view it in your favorite media player: High quality MP4 | Lower quality MP4
Signing in with an ID allows you to:
When you buy a Windows 8 PC and set up your user account for the first time, you can optionally choose to create an account that is associated to a Windows Live ID. You can either use an existing ID or create a new one. If you choose to create a new one, you can use any email address you want as your new ID, and then create your unique password. For example, you can use example@live.com or you can use someone@example.com. You just need to identify an email address that you want to have associated with the Windows Live ID service, and provide a unique password. Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.
So, although many people assume they will need to sign up for a new email account to get a Windows Live ID, it’s actually not necessary. In fact, many online services use a "string" like someone@example.com to represent a user name, even though that string looks like an email address. For example, when you order books at an online bookstore, your user name may look like an email address, even though your online book seller does not manage your email. The someone@example.com address is just a convenient way of identifying you, since most Internet users these days have email addresses. So, your email account and password will still be managed by whatever email provider you choose, and we use the user name and password you give us to help manage your settings and state across your Windows 8 PCs, even if you haven’t signed up for Hotmail or other Microsoft services that use this ID.
Like all of us, you probably spend a significant amount of time personalizing your Windows experience to reflect your style, your life, and how you use your PC. We all know how frustrating it is when all that work is lost when you buy a new PC or use a different one (or just reformat your hard drive). With Windows 8, we are working to change that—you will be able to have your personal Windows experience on any Windows 8 PC you sign in to with your Windows Live ID. Settings such as your lock screen picture, desktop background, user tile, browser favorites and history, spell check dictionaries, Explorer settings, mouse settings, and accessibility settings, among many others are now associated with your Windows 8 account and stored in the cloud. They are kept in sync and come down to each machine you use as they are changed or updated.
Having a truly personal experience in Windows 8 also includes your Metro style apps—how you use them, the settings you use, and where you left off. It will be easy to see which Metro style apps you’ve purchased and choose which ones you want to have on each of your Windows 8 PCs. By using your ID to sign in to Windows, the settings and state for your Metro style apps stay in sync between each PC you use. For example, let’s say you are reading the news in a reader app on your tablet. If you add specific feeds you want to continue to follow, those feeds could automatically be available in the same reader app on any of your other Windows 8 PCs. We will also enable developers to build Metro style apps that tell Windows their state, so you can pick up where you left off as you move between PCs. You can pick up on the same page of a book, the same level of a game, or the same place in the movie you were watching as you switch between your Windows 8 PCs. In the developer preview of Windows 8, you can see this functionality in Internet Explorer 10.
You might be wondering how you can roam non-Metro style apps and settings without a domain. This isn't something that can be done with Windows Live ID, and we would discourage using tools that manually attempt to do this by mechanisms such as going through the registry or copying around executables. However, using the new Restore/Refresh tools, it is possible to easily create an image that has your preferred desktop apps installed, and then use that as a refresh point. If you do want to roam your settings for desktop apps then you can continue to use the mechanisms available for roaming profiles and client side caching of files available with Active Directory and Windows Server.
Another benefit of signing in with a Windows Live ID is how we’ve simplified the need to sign in to multiple services and applications. We accomplish this in two ways. First, once you’ve signed in to Windows with your ID, you do not need to enter it again to sign in to any app or website that also uses Windows Live ID. For example, once you sign in to Windows with your ID, you can launch the Windows Messaging app and start talking with your friends without the need to sign in again. Similarly, you can browse to your Hotmail inbox page without needing to enter your email address and password again. You can always sign out of a webpage and sign in as a different user, but by default you will be automatically signed in. To be clear, however, those applications and websites do not have special access to your Windows PC or your personal data.
Second, if you choose to, Windows can store separate Metro style app and web site credentials. Those credentials can then sync to each Windows 8 PC that you’ve trusted and verified yourself with. You won’t have to type in your user name or password; just confirm your sign-in as needed. Similar to the Messaging application example, when launching a Metro style application that uses this feature, you will be signed in automatically and the application will resume right where you left off.
There is a lot of benefit to using a Windows Live ID to sign in to Windows. However, it is important to note that every Windows user is unique in their needs. Your Windows 8 experience is in your control. When you create a Windows account, you choose the type of account you want to use. You can choose to create one that associates with Windows Live ID, or stick with a local account that works just like in Windows 7. You can also change a local account to link it with a Windows Live ID at a later date.
If you choose to associate your local account with an ID, we’ve provided control over what you want to sync to each Windows 8 PC you use. In Control Panel, there is a section called “Sync PC Settings” where you can manually turn settings sync on or off.
You can choose to turn off all syncing or you can turn off syncing per the type of setting. The settings groups include:
We’ve recommended a default behavior that assumes you want to roam settings that are used most often to personalize and customize the way you use your PC. In particular, we’ve heard from you that visual personalization for your PC is important. For Windows 8 we’ve included key settings like changing your lock screen image. In addition, you can also roam the desktop themes you use and create, including colors, sounds, and desktop background (note: currently for the background image we roam the original image that was selected if it’s under 2MB. If the image is over 2MB we compress and crop the image to 1920x1200).
It is also important that you maintain control of your data when work and personal start to mix. In Windows 8, when you link your Windows domain account to a Windows Live ID, we ask you up front (before data is synced) what data you want to sync between your domain-joined PC and other PCs you use with that ID. That way, you can decide if things like your web history, favorites, or credentials should sync to your work machine, or if you’d prefer to keep those or anything else that is synced only on your personal machines.
We also empower IT administrators to control what a user can sync to a work PC through group policy. We have provided control to IT administrators to decide if a worker can link their domain account to an ID, and if the admin allows that link, what types of data the worker is allowed to sync.
Finally it’s important to note that credentials that are entered and stored on a domain-joined machine do not get uploaded to the cloud, and never get synced to your other PCs – this ensures that corporate credentials stay on the PCs that are managed by the IT admin.
We understand that when using services connected to the cloud, privacy and security are on the top of your mind. When you associate your Windows user account with a Windows Live ID, there are three categories of data that are especially interesting from the privacy and security perspective:
We’ve taken measures to safeguard the ID and password you use to sign in to Windows. We do this in a couple ways. First, we will require a strong password (and you can’t leave password blank). Next, we’ll collect a secondary proof of your identity. This will allow us to establish ��trust” with specific PCs that you use frequently or own. This in turn will also enable more secure syncing of private data like passwords. Collecting the secondary proof of your identity also helps make account recovery easier and more secure. Examples of secondary proofs are alternative email addresses, mobile phone numbers, and questions with secret answers—something that generally only you will know.
Signing in with a Windows Live ID also gives you much more control over your password, including your ability to recover a lost one. If you use a local account and you forget your password, you’re in a tough spot, and your options are limited. You may be able to recover your password with a hint or a recovery key, but if neither of those works, you’re generally left with having to rebuild your PC from scratch. (Technically there are some password cracking tools available on the Internet that you could download and try, but they’re unlikely to work on a suitably strong password, and many of the cracking tools available online are actually malware downloads!) However, if you sign in to your PC with your Windows Live ID and you later forget your password, you can reset your password from another PC by navigating to https://login.live.com and clicking on “forgot my password.” This will allow you to reset your password in a secure fashion without losing any information on your PC. Resetting your password this way is also more secure because it takes advantage of the secondary proof we mentioned earlier to make sure it’s really you resetting your password.
You might also be wondering, “what happens if somehow my Windows Live ID gets stolen?” Well, we have some help for you there too. Windows Live ID includes a number of different safety features to detect if your account is stolen, and it will change your account to a “compromised” state (limiting what it can do) until you can regain control of your account using the two-factor authentication features (secondary proofs) that you set up earlier. Importantly, you will still have full access to your PC, since your PC will allow you to log in with the password you had before your account was stolen – you just won’t be able to use the services and applications that rely on this ID until you go through our “recover my account” workflow online.
With Windows 8, we want to put you in control of how your data is used and what you want to sync between Windows 8 PCs. When you choose to sign in to your Windows 8 PC with a Windows Live ID, only a small amount – your first name, last name, and display name -- are shared with Windows. Windows does not use any of your other profile data. Your profile data stored in the cloud is released to apps or websites that you allow to have that data. While any Metro style app can leverage Windows Live ID for their own sign-in authentication, they must always ask you first if you want to allow access to particular details from your profile.
As mentioned earlier, there are three categories of data that can be synced to your Windows 8 PCs when you sign in with your ID: 1) Windows settings, 2) App settings and data, and 3) credentials. This data is stored in the cloud so that it is available to you when you sign in to your various Windows 8 PCs. The size of the data we roam is minimal and we only enforce some limits on a per setting basis, for example, the file size for the lock screen image. None of this counts against your Windows Live storage quota. This data is also stored separately from your other Windows Live data, for example, what you store on SkyDrive.
You might be concerned with how profile data is protected. In order to secure user data, we’ve taken several measures. First, we do not roam data over WWAN by default. Second, all user data is encrypted on the client before it is sent to the cloud. All data and settings that leave your PC are transmitted using SSL/TLS. The most sensitive information, like your credential information, is encrypted once based on your password and then encrypted again as it is sent across the Internet. The data stored is not available to other Microsoft services or third parties. Lastly, before the sensitive information can be accessed on a second Windows 8 PC for the first time, you must establish “trust” for that PC by providing further proof of your identity. This further proof can be done by providing Windows with a code sent to your mobile phone number or by following the instructions sent to an alternate email address.
Any of the data that is saved to the cloud via the roaming mechanism is only accessed by Windows for roaming. This is very important. So for example, Internet Explorer's history is saved as a roaming state but is not used or accessed in any other context—it is no different than if you had manually created that same record of website history on another PC.
We are very excited about the opportunity to make the Windows 8 experience more personal and easier to set up in a way that protects your privacy and safety. We look forward to hearing about how you are enjoying the feature and to receiving your feedback!
Here’s the third in our series of privacy profiles at Microsoft. As the privacy officer for the German subsidiary of Microsoft, Dominik Stockem plays a key role in addressing data protection issues and helping Microsoft to develop privacy standards that often have a global impact. Read the entire profile:
Chris Stetkiewicz writes on the Security Tips & Talk blog:
If you’re a parent, guardian, or a caregiver for kids, parental controls can help you control the content that your kids see on the Internet or on their Xbox. You can use parental controls to help support your own house rules and you can even customize them to fit a child’s age or maturity level.
The Family Online Safety Institute recently released the Parents’ Views of Online Safety study (sponsored by Microsoft) that found just over half of all U.S. parents say they’ve used family safety software to limit or monitor their child’s Internet use.
Compare family safety tools from Microsoft.
Read more.
What’s your experience with parental controls? Tell us about it in a comment below.
NewsAustralia - Bullying,violence, revenge: the dangers of antisocial networking laid bare for children, Sydney Morning Herald, Sep. 23, 2011
U.S. - In Small Towns, Gossip Moves to the Web, and Turns Vicious, The New York Times, Sep. 19, 2011
U.S. - Jamey Rodemeyer Suicide: Police Consider Criminal Bullying Charges, ABC News, Sep. 22, 2011
U.S. - Online predators adept at 'grooming' their targets, SI Live, Sep. 20, 2011
U.S. - Combatting cyber bullying and technology’s downside, The Washington Post, Sep. 21, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsU.S. - COPPA: What happens when a generation ignores a law?, Online Journalism Review, Sep. 20, 2011
U.S. - New Rules for Alcohol Companies to Advertise and Market on Social Networks, The Wall Street Journal, Sep. 20, 2011
U.S. – PA SB 850, Re-reported as amended, Sep. 26, 2011. (Create the offense of cyberbullying and sexting by a minor if a minor transmits nude images with the intent to distress.)
ResearchU.S. - The Drama! Teen Conflict, Gossip, and Bullying in Networked Publics, Alice E. Marwick & danah boyd, Sep. 2011
U.S. - Account Deactivation and Content Removal: Guiding Principles for Companies, Berkman Center, Sep. 21, 2011
U.S. – Human trafficking online: the role of social networks and online classifieds, USC Annenberg Center, Sep. 18, 2011
U.K. - How video games blur real life boundaries and prompt thoughts of 'violent solutions', Daily Mail, Sep. 21, 2011
U.S. - Tormented teachers: How cyberbullying affects educators, OnlineSchools.com, Sep. 1, 2011
AdvocatesU.S. - Three Provocations about Parental Controls, Online Safety & Kids’ Privacy, Adam Thierer, Sep. 21, 2011
U.S. - Bullying as True Drama, Alice E. Marwick & danah boyd, Sep. 22, 2011
U.S. - Parents and Cell Phone Rules for Children and Teens, Sameer Hinduja, Sep. 19, 2011
E.U. - The Resource Catalogue September 2011 is online, inSafe, Sep. 21, 2011
U.S. - SafetyVillage.com is stealing content from SafeKids.com, SafeKids.com, Sep. 18, 2011
Tim Raines, Director, Trustworthy Computing writes on the Microsoft Security Blog:
The sixth annual United Nations Internet Governance Conference(UN-IGF) meeting is being held this week (September 27-30, 2011) at the U.N. Office in Nairobi, Kenya (UNON). The main theme of this meeting is “Internet as a catalyst for change: access, development, freedoms and innovation.” Representatives from government and industry from numerous places in Africa will be gathering to address a host of Internet governance topics, including security. A delegation from Microsoft is in attendance.
Historically Africa is one area where it has been difficult to obtain reliable, long-term trend data on the threat landscape for specific locations. As shown in the heat map below, published in the Microsoft Security Intelligence Report volume 10 (SIRv10) insufficient data exists for many regions in Africa. Typically, this indicates there were fewer than 100,000 executions of the Microsoft Windows Malicious Software Removal Tool (MSRT) in these locations during the reporting period. Since the number of systems that run MSRT changes from month to month, however, we do get glimpses into what is happening in some of these regions… and it’s very interesting. In addition to MSRT data, we also published data from Bing and from Internet Explorer in SIRv10; the analysis below is all based on data published in SIRv10.
Figure: Infection rates by country/region in the second half of 2010 by Computers Cleaned per Mille (CCM)
Figure: Infection rates by country in Africa in the second half of 2010 by Computers Cleaned per Mille (CCM), with GDP figures[1]for 2010
Country
1Q10 CCM
2Q10 CCM
3Q10 CCM
4Q10 CCM
2010 GDP
Egypt
9.7
9.0
10.0
11.4
218.47
Ghana
2.9
1.6
1.5
1.2
31.08
Kenya
3.4
2.7
2.5
32.16
Nigeria
3.5
3.2
3.7
2.8
216.80
Senegal
2.6
2.4
1.9
12.88
South Africa
12.8
11.9
11.8
9.8
357.26
Tanzania
4.3
3.9
3.1
22.67
Uganda
4.4
17.01
Worldwide Average
10.8
9.6
9.9
8.7
The CCM figures are normalized allowing us to compare regions’ infection rates without skewing the data based on the different install bases/populations in each location. Notice that some of the locations with the highest GDP and, perhaps, generally the best Internet connectivity of those locations listed - Egypt and South Africa - also have the highest malware infection rates.
Figure: CCM trends for selected locations in Africa by quarter in 2010, compared to the world wide average
Interestingly, worms were the number one category of threats in all of the locations listed above. Worms were found on between 40 percent and 56 percent of all infected systems in these locations. The top two malware families driving this trend were Win32/Rimecud (a.k.a. Mariposa botnet) and Win32/Autorun. Both of these threats spread using multiple techniques and have been observed spreading via mapped drives, removable media like USB drives, and by abusing the Autorun feature in Windows. I addressed threats that use Autorun-feature abuse, like Win32/Autorun and Win32/Rimecud, in this blog post: Defending Against Autorun Attacks.
To combat these threats, Microsoft has taken several steps to help protect customers including releasing updates for the Windows XP and Windows Vista platforms to make the Autorun feature more locked down, as it is by default in Windows 7. If computer users in these geographies install this one update, it will likely drive down the number of systems infected with these threats and have a very positive effect on the regional ecosystem. One important factor to note is that there are many people in these geographies still running Windows XP Service Pack 2. Support for Windows XP Service Pack 2 ended on July 13, 2010. This means that security updates are no longer offered for this platform. Windows XP Service Pack 2 was out of support when this AutoRun update was released in February 2011, so systems running Windows XP Service Pack 2 did not receive this update as a result. This means that users in these regions that haven’t yet installed Windows XP Service Pack 3 need to do so before installing the AutoRun update. For Windows XP users, installing Service Pack 3 has the added benefits of receiving security updates once again and consistently lower malware infection rates.
Figure: CCM trends for supported 32-bit versions of Windows XP, Windows Vista, and Windows 7, 3Q09-4Q10
The relatively low malware infection rates that many of these locations currently have, doesn’t necessarily mean that criminals aren’t trying to do business in this area of the world. Here are some examples observed in these locations:
The call to action for the locations in Africa that I focused on here is:
1. Users running Windows XP need to have Service Pack 3 installed so they will receive security updates from Microsoft. To check what service pack you have installed, click Start, right-click My Computer, and then click Properties. You can get more information and download Windows XP Service Pack 3 from here.
2. Users running Windows XP and Windows Vista should install the security updates that help mitigate Autorun-feature abuse. Getting this one update deployed in these regions will potentially have a big positive impact on the number of systems infected by Win32/Rimecud (a.k.a. Mariposa botnet) and Win32/Autorun in Africa, as it has in other parts of the world.
3. Use strong passwords to help defend systems against Win32/Rimecud (a.k.a. Mariposa botnet) and Win32/Autorun
4. Install antimalware software from a trusted source and keep it up to date. Many reputable antivirus companies offer free scans such as this one, and Microsoft offers Microsoft Security Essentials for free (available in many languages).
Tim Rains Director, Product Management Trustworthy Computing
Adrienne Hall writes on the Microsoft Trustworthy Computing blog:
Years ago I was a part of a team in Microsoft that did a lot of work in the hospitality sector. At that time hotels were Internet-enabling their chains and the business decision they had to make was whether to invest in big TVs or more of a laptop and power desk arrangement. And it was a big decision affecting entire remodel and refurbishment plans for years to come. Some companies made a choice and picked one over the other. Others created a hybrid approach, experimenting with both the TV and desk accoutrements to gauge guest interest over a defined period of time before making a final commitment.
So what has this got to do with the cloud? My point is that just like companies considering a move into the cloud, the hotel chains I worked with had to make a decision that hinged on taking all the relevant factors into account and picking a direction that balanced their needs today with what they anticipated their needs to be in the future.
Like any other decision, the right cloud set up is a balance. I think it’s about the realities of each unique business, weighing risks against the potential to do things in new and interesting ways, and trying to find that right balance.
Considering Risk
In talking to folks at conferences, it’s clear that people grapple with how to evaluate the security and privacy aspects of the cloud and how these relate to companies’ existing risk profiles.
It’s important to keep in mind that even without the cloud there are risks for organizations today – whether it’s starting up a business, entering a new segment or geography, acquiring or divesting of business lines, evaluating new online services to add for citizens etc., – there are benefits and challenges in whether applications and infrastructure are hosted on-premise, off-premise or a combination of the two.
Organizations need to evaluate what their risk tolerance is, and what risks are acceptable to them. A business may decide they’re comfortable with managing some, but not all customer records in the cloud. For example, history such as items purchased may be fine, but purchase amounts may not. Or they may decide that they’ll put all customer records in the cloud, but they may choose a private cloud instead of a public or multi-tenant, cloud offering. Or, based on the customer application and how it has been designed, they may be entirely comfortable running it in a public cloud. There are many choices and it’s important to evaluate what will be optimal for each organization. In considering options, there is also that desirable attribute of choice; deciding what to select that’s best for you.
Considering Potential
Moving beyond risk, there’s a lot of potential that the cloud offers to organizations. In addition to providing the agility valuable to organizations, cloud computing can also ease the burden on lean IT departments. For example, putting the responsibility for data maintenance into the hands of cloud security professionals can help free up IT departments to do what you initially imagined they would do: develop the innovations that push your business forward.
Check back with us soon as we continue to examine the security, privacy and reliability angles of cloud computing.
Matt Thomlinson, General Manager, Trustworthy Computing, Microsoft writes on the Microsoft on the Issues Blog:
Today, I spoke at NATO (North Atlantic Treaty Organization) during the Information Assurance Symposium 2011 on cybersecurity. I started by teeing up two important questions:
· What techniques are attackers using?
· What methods do we have at our disposal for defending against them?
The good news is that organizations can be better protected than the headlines might lead us to believe—even in the face of malicious adversaries and targeted attacks.
There are four areas that attackers focus on:
· Finding Vulnerabilities. This encompasses vulnerabilities that are introduced while the product is being built. Attackers attempt to exploit vulnerabilities in hardware and software, including the operating system, applications and services.
· Supply Chain, including product integration and delivery. Supply chain issues include attacks on product or service suppliers and subcontractors, malicious insiders and non-genuine products that could be tampered with in transit or during deployment to the customer.
· Operational Security. Once the product is created and safely delivered to a customer’s hands, attackers analyze how it’s deployed, searching for weak spots in an organization’s operational security. This includes whether strong passwords are required and whether software updates and security patches are immediately applied, but also covers issues like whether the company has a process to vet new hires.
· Social Engineering. As security improves in products and services, we see social engineering – tricking users - becoming the attack route of choice. Cyber attackers are adept at creating plausible e-mails that deliver malicious code, or posing as IT staff and asking users for passwords.
Organizations can take concrete steps to enhance their security against all four areas of attack. In fact, they must do so to ensure there is no glaring “weakest link” that would allow an attacker to sidestep investment in other areas. Let’s take a look at how security can be enhanced at each of the four stages.
From the inception of a product at Microsoft, we apply rigorous processes and tools to reduce vulnerabilities. Our Security Development Lifecycle (SDL) is applied to every product during development and has proven its ability to increase the security of software. We’ve made the SDL process and many of our tools available for others to use—check out http://microsoft.com/SDL.
We also invest in mitigations so that even if a vulnerability is found, it is still difficult or impossible for an attacker to use. These mitigations, such as ASLR, included in Windows Vista, are built in and most are enabled by default. While you don’t notice them when using the computer, they take useful handholds away from attackers. The SDL requires that Microsoft products take advantage of mitigations to improve their resistance to attack.
Finally, it’s important to apply software updates to quickly respond to issues and decrease the likelihood of an attack against that issue or vulnerability. We’ve worked hard to make updates timely, easy to install, reliable and complete.
Governments have become increasingly concerned that a sophisticated attacker could manipulate products during their development or delivery in order to undermine or disrupt government functions.
We recently published two white papers on cyber supply chain risk management. The first white paper Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust presents a set of key principles to enable governments and vendors to manage supply chain policies more effectively. The second paper, Toward a Trusted Supply Chain: A Risk-Based Approach to Managing Software Integrity provides a framework for the pragmatic creation and assessment of Software Integrity risk management practices in the product development process and online services operations.
Strong operational security and use of best practices are essential because attackers often focus on finding deployment issues such as unpatched or misconfigured computers, weak passwords, computers that unintentionally bridge the corporate network to the Internet, or unapproved file-sharing software that makes internal documents publicly available.
Operational security can be enhanced by the use of best practices, including enforcing good security policies, aggressively updating software, monitoring your network for threats, employing defense-in-depth and ensuring your enterprise has incident response procedures.
Social engineering attacks can be difficult to block because it’s hard to protect against the actions of a legitimate user. Education is a key part of defense. Organizations should raise awareness of these threats and provide training to help spot and prevent social engineering.
Organizations can also protect users from their own actions by instituting best practices such as:
· Use encryption. Encryption should be used to protect sensitive data, including drive encryption like BitLocker to secure data should a computer be stolen or simply lost.
· Apply least privilege. Use least-privileged accounts and software restriction policies like AppLocker.
Learn more about cybersecurity topics via the Microsoft Security blog.
Chris Stetkiewicz writes on the Security Tips & Talk Blog:
We recently received this email:
“My Hotmail account was hacked and taken over by the classic ‘I'm in London and I’ve been mugged’ scam. It appears that the hacker has changed the basic verification information on the account and every attempt to reset the password throws me into an endless loop.
How to get my account back?”
It sounds like the author of this email has already tried to reset the password on the account manually. If you’re locked out of your account, the first thing you should always do is attempt to reset your password. Here are a few ways you can do this:
First, enter your Windows ID. Then, in the Windows Live ID text box, enter the characters you see in the picture, to prove that you’re not a machine.
Next, you’ll see a screen that offers you options to recover your password using an alternate email address or a mobile phone. If you haven’t associated your account with these alternatives, choose customer support.
Richard Saunders, Director, Trustworthy Computing for Microsoft, writes on the Microsoft Trustworthy Computing Blog:
For anyone who wants a primer on the security, privacy and reliability issues involved in the move to cloud computing, this video featuring Doug Cavit, principal security program manager and chief security strategist at Microsoft, is worth a watch.
Beginning with the fundamental question “How do I know my data is safe in the cloud?,” Doug walks through the complexities of online identity, authentication, authorization and access. He gives great insight into what any business should look for in a cloud provider — Do they have great security practices? Privacy practices? Are they reliable? Are their business practices fair and transparent?— and delves into how building the best possible processes with complete transparency is core to Microsoft’s cloud strategy, and to building trust among consumers and businesses for the cloud as a whole.
Here's the second in our series of profiles of privacy managers at Microsoft. Corey Miller, senior information architect for privacy strategy in Microsoft Online Services’ Risk Management Group and Kore Koubourlis, senior director of compliance and privacy work to meet the privacy requirements of business customers in the cloud. Click here to read the entire profile in a 2 page pdf:
The Week in Online Safety, September 19, 2011A weekly global roundup of online safety news, policy developments, research, and influence
NewsU.K. - Trolling: Who does it and why?, BBC News, Sep. 14, 2011
U.S. - Psychology Researchers Argue Gamer 'Improvement' Studies Are Flawed, Gamasutra, Sep. 15, 2011
U.K. - How bullied children get worse grades at school, Daily Mail, Sep. 9, 2011
U.S. - Don't study the video game, study the player, USA Today, Sep. 15, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsU.K. - Internet troll jailed after mocking deaths of teenagers, The Guardian, Sep.13, 2011
U.S. - FTC proposes stricter online privacy rules for children, San Francisco Chronicle, Sep. 15, 2011
U.S. - FTC Seeks Comment on Proposed Revisions to COPPA, FTC, Sep. 15, 2011
E.U. - 2011 Implementation Report on the Protection of Minors, EU Commission, Sep. 13, 2011
ResearchU.S. - Majority of Parents Use Tools, Rules to Protect Their Kids Online, FOSI, Sep. 14, 2011
AdvocatesU.S. - FTC’s proposed updates for COPPA, Anne Collier, Sep. 19, 2011
U.S. - Statement on the FTC’s COPPA Report, Common Sense Media, Sep. 15, 2011
U.S. - CDT Statement on FTC's Proposed COPPA Revisions, CDT, Sep. 15, 2011
U.S. - Federal Trade Commission Proposes New Rules for Children’s Online Privacy, EPIC, Sep. 15, 2011
U.S. - Kids, Parents & Online Safety, Adam Thierer, Sep. 15, 2011
U.S. - Cyberbullying 101: Fact vs. fiction, Larry Magid, Sep. 12, 2011
U.S. – New Game Teaches Kids How to Stay Safe on the Internet, NCMEC, Sep. 13,2011
Today in Washington, D.C., the Family Online Safety Institute (FOSI), with support from Microsoft and other companies, released the findings of a new survey on the use of parental controls that found that 53percent of parents say they have used parental controls for their children’s Internet use.
That finding of 53 percent closely tracks with other recent surveys:
While almost half of all parents aren’t using parental controls, a reassuring 93 percent say they have set rules or limits to monitor their children’s online usage, according to the survey:
These rules include requiring children to only use the computer in a certain area of the house (79 percent), limiting the amount of time a child can spend online (75 percent), setting rules for the times of day a child can be online (74 percent), and establishing time limits for use of a child’s cell phone (59 percent).
The press release for the survey quotes Microsoft’s Kim Sanchez:
“Access to the Internet and all it offers is crucial for preparing today’s youth for the 21st century,” said Kim Sanchez, Chairman of the FOSI Board of Directors and Director of Privacy and Online Safety at Microsoft Corporation. “The survey results are encouraging because parents believe they have the tools necessary for their children to safely navigate the digital world.”
There’s also a nice InfoGraphic from the research:
The Week in Online Safety, September 12, 2011A weekly global roundup of online safetynews, policy developments, research, and influence
NewsU.S.- Figuring Out How Children Learn With Technology, The New York Times, Sep. 8, 2011
E.U.- PEGI widens remit with mobile ratings, MCV, Sep. 9, 2011
U.S.- When Should Kids Get Cell Phones?,Huffington Post, Sep. 8, 2011
U.S.- Apps, social networks pose new threat to kids, USA Today, Sep. 7, 2011
U.S.- Facebook: No single solution for implementing age restrictions, ZDNet, Sep. 7, 2011
U.S. - How an Internet ‘Sextortionist’ Ruined the Lives of Teen Girls, Wired, Sep. 7, 2011
U.S. - Teenage fights get taped, go viral, The Washington Post, Sep. 8, 2011
Policy:Legislative, Regulatory, & Legal DevelopmentsAustralia - Jail terms for cyberbullies put on table, The Australian, Sep. 8, 2011
UAE - Tagging Facebook photos without permission? Think twice, Next Web, Aug. 29, 2011
U.S. - Dad of girl, 12, sues Facebook over her suggestive photos, BBC News, Sep. 6, 2011
U.S. – MO SB1, Passed Ed. Comm., Sep. 12. (Would repeal portions of law restricting teacher use of social networks)
ResearchU.S. - Parents' Behavior Linked to Kids' Videogame Playing, Science Daily, Sep. 7, 2011
U.S. - 28% of American adults use mobile and social location-based services, Pew Internet, Sep. 7, 2011
U.S. - Harris Interactive Poll: Bullies Are Top Worry for Parents and Youth, Harris Interactive, Sept. 7, 2011
AdvocatesU.S. - Who Gets to See Our Social Networking Sites?, iKeepSafe, Sep. 8, 2011
E.U. - Back to School 2011 gift from Insafe, InSafe, Sep. 7, 2011
U.S. - First Town Hall on Online and Mobile Privacy for Kids, Common Sense Media, Sep. 1, 2011
U.S. - 5th-graders teaching us about teaching digital citizenship, Anne Collier, Sep. 7, 2011
U.S. - Why Confiscating Student Cell Phones Might Be a Bad Idea, Sameer Hinduja, Sep. 7, 2011
Compiled by DavidBurt, CISSP, CIPP
Ziad Ismail writes on the Internet Explorer Blog:
Today, the W3C formally created a working group to focus on consumer privacy on the Internet.
Internet Explorer 9 was built with a focus on consumer privacy. As Dean Hachamovitch explained in the blog introducing Tracking Protection a comprehensive approach requires both a) The ability for Web sites to detect consumers intent not to be tracked and b) A mechanism for consumers to protect themselves when their intent is not respected. Since the announcement, numerous privacy organizations have begun offering Tracking Protection Lists.
We saw the opportunity to work together with the W3C and its members to create a common standard, improve site adoption and increase consumer privacy on the Internet. In late February, the W3C accepted and published Microsoft’s member submission for an industry standard. Today, with the formation of the new privacy working group, the W3C takes the next step in establishing a standard for web sites to detect when consumers express their intent not to be tracked and help protect those same consumers from sites that do not respect that intent. The full charter and details of the working group are available here.
We look forward to working with the members of the W3C on this important initiative.
Today Microsoft released a new whitepaper that I authored for the company titled “Fostering Digital Citizenship,” along with a new Microsoft study about posting personal information online, and an Online Reputation Guide for teens. Fostering Digital Citizenship, discusses the company’s approach to the concept.
So what is digital citizenship? It is often defined as “the norms of behavior with regard to technology use.” But digital citizenship is about more than social norms - it is about preparing young people for living and learning in an online world. Digital citizenship helps young people develop a sense of ownership and personal responsibility that, in turn, will help them make appropriate, ethical decisions in the online world.Digital citizenship is a concept that I also have embraced for my own family. For years, I’ve used parental controls for my own children’s Internet access. However, this year when my oldest daughter turned 13, I realized that while instruction in “digital dos and don’ts” and parental controls are a good thing, they will only take her so far. My daughter will be an adult in less than five years, and she will have to make her own choices in an online world without filters, time limits, and a POS (Parent Over Shoulder).
So I encourage you to read “Fostering Digital Citizenship,” and share your thoughts.
-- David Burt
The Week in Online Safety, September 5, 2011A weekly global roundup of online safety news, policy developments,research, and influence
NewsU.S. - ‘Odd Girl Out’ tackles bullying in the digital age, NBC News, Aug. 30, 2011
U.S. - Violence in Video Games: It’s All Part of Growing Up, Wired, Sep. 6, 2011
U.S. - Video Games Could Increase Children’s Risk of Identity Theft, Fox News, Aug. 31, 2011
U.S. - Social networking helps students perform better,professor says, AP, Aug. 26, 2011
U.K - Children should be taught importance of privacy in mainstream education, ICO says, Out Law, Aug. 31, 2011
U.S. - Internet anonymity suffering scrutiny courtesy of the London riots, Digital Trends, Aug. 27, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsU.S. – Statement before House Ways and Means Committee on Child Identity Theft, Federal Trade Commission, Sep. 1, 2011
U.S. - New CT 'cyberbullying' law poses challenges as school year starts, The Connecticut Mirror, Aug. 30, 2011
U.S. - Bullying Law Puts New Jersey Schools on Spot, The New York Times, Aug. 30, 2011
U.S. – Social Network limits for teachers nixed by Mo. Judge, CBS News, Aug. 26, 2011
ResearchU.S. - The Effect of Video Game Competition and Violence on Aggressive Behavior, Psychology of Violence, Aug. 15, 2011
AdvocatesU.S. - Back to school - what should you be thinking about?, Parry Aftab, Aug. 31, 2011
E.U. – September Insafe Newsletter, Insafe, Sep. 1, 2011
U.S. - Another Well-Meaning, but Unfunded Mandate to Address Bullying, Justin Patchin, Sep.1, 2011
U.S. - Digital Citizenship & Media Literacy Beat Tracking Laws and Monitoring, Larry Magid, Huffington Post, Aug. 30, 2011
U.S. - What is online risk?: Helpful clarity from Europe, Anne Collier, Aug. 30, 2011
Compiled by David Burt
An important update from the Microsoft Security Response Center:
This blog post was updated Sept. 5, 2011 below.
Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm.
Users of Vista and later operating systems have been protected since we released Security Advisory 2607712 on August 29. In addition, customers using Windows Update on any platform are not at risk of exploitation from the windowsupdate.com certificate, since that domain is no longer in use. The Windows Update service uses multiple means of checking that the content distributed is legitimate and uncompromised. For more information on how Microsoft is protecting customers and additional actions customers may take for further protection, please see today’s SRD blog post titled “Protecting yourself from attacks leveraging fraudulent DigiNotar digital certificates."
As always, we continue to take action to ensure the safety of our customers. We have already removed the two DigiNotar root certificates, which encompass what we believe to be the vast majority of the fraudulently issued digital certificates, from the Certificate Trust List. All fraudulent certificates that have been disclosed to Microsoft roll up to one of those two root certificates. We are also working to update Security Advisory 2607712 for customers on XP and Server 2003 and will continue to investigate any additional issues arising from the spoofed *.microsoft.com certificate. We will provide updated information to customers as it becomes available.
Dave ForstromDirector, Trustworthy Computing
UPDATED Sept. 5, 2011
On Aug. 29, Microsoft released Security Advisory 2607712 to remove two DigiNotar root certificates from the Certificate Trust List. We are in the process of moving all DigiNotar owned or managed Certificate Authorities to the Untrusted Certificate Store, which will deny access to any websites using DigiNotar certificates. Microsoft is preparing to release an update to implement these protections.
Microsoft is offering the update to customers worldwide in order to protect them from this breach. At the explicit request of the Dutch government, Microsoft will delay deployment of this update in the Netherlands for one week to give the government time to replace certificates. Dutch customers who wish to install the update can do so by manually visiting Windows Update or following the instructions available at ww.microsoft.nl once the security update is released worldwide.
For further updates and actions customers may take for added protection, visit: http://blogs.technet.com/b/msrc.
Here's the first in a series of profiles of privacy managers at Microsoft. Robert Gratchner is director of privacy and online safety supporting the advertising business group at Microsoft. Click here to read the entire profile in a 2 page pdf:
The Week in Online Safety, August 29, 2011A weekly global roundup of online safety news, policy developments,research, and influence
NewsU.S. - What to Do If Your Child Is a Cyberbully, Security News, Aug. 25, 2011
U.S. - Playing video games together considered 'quality time' for children to bond, Daily Mail, Aug. 23, 2011
U.S. - Victim: Dating site sex-offender screening could 'save' other women, Los Angeles Times, Aug. 24, 2011
U.S. - Apps to block texting & driving, Online Mom, Aug. 24 2011
U.S. - New Ways to Protect Your Kids Online, Smart Money, Aug. 24, 2011
U.S. - News sites using Facebook Comments see higher quality discussion, Poynter, Aug. 18, 2011
Policy: Legislative, Regulatory, & Legal DevelopmentsU.K. - Government backs down on plan to shut social media in crises, The Guardian, Aug. 25, 2011
U.S. - Union Challenges Missouri Ban on Student-Teacher Online Communications, Wired, Aug. 22, 2011
U.S. - Child Pornography Bill Makes Privacy Experts Skittish, NPR, Aug. 24, 2011
ResearchU.S. – Teens Regularly Using Social Networking Sites Likelier to Smoke, Drink, National Center on Addiction, Aug. 24, 2011
U.S. - Parents say tech skills are a barrier to keeping kids cyber-safe, Telstra, Aug. 22, 2011
AdvocatesU.S. - The Porn Identity, iKeepSafe, Aug. 24, 2011
U.S. - Do fear and exaggeration increase risk?, Larry Magid, Aug. 25, 2011
U.S. - Confiscating Cell Phones from Students at School, Cyberbullying Research Center, Aug. 24, 2011
U.S. - Statement on Facebook’s New Privacy Features, Common Sense Media, Aug. 24, 2011
U.S. - A fresh look at ‘Netiquette’, Anne Collier, Aug. 24, 2011
Jacqueline Beauchere, Director, Trustworthy Computing Communications, writes on The Official Microsoft Blog:
September is synonymous with back-to-school for much of the world's youth – getting back in the classroom, reconnecting with friends and teachers and sharing tales of summer fun. For some, however, back-to-school often means a return to cyberbullying.
New Microsoft research shows that, on average, 27 percent of people in five countries have been exposed to cyberbullying in the last 12 months. The survey, conducted in Brazil, France, Germany, the United Kingdom and the United States, shows that in these countries, cyberbullying features most prominently in Brazil (50 percent) and less so in the U.S. (16 percent).
France, Germany and the UK, meanwhile, fall more in the middle of the pack, with 24 percent, 25 percent and 22 percent of respondents, respectively, stating that they or someone they know have been exposed to incidents of cyberbullying in the past year. These data are part of a larger Microsoft study about consumer online awareness, attitudes and behaviors, and are in line with other similar polling data. Statistics vary, but in the U.S., Europe, Australia, Japan and South Korea, between 10 percent and 40 percent of teens say that at one time or another, they’ve been victims of cyberbullying.
The Cyberbullying Research Center in the U.S. defines cyberbullying as “willful and repeated harm inflicted through the use of computers, cell phones, and other electronic devices.” Examples include sending hurtful or threatening messages online or to a cell phone; posting embarrassing pictures or information about another person with the intent to humiliate them and impersonating someone online. Global media reports show that, in rare but highly publicized instances, Internet bullying can intensify to such a degree that young people may see taking their own lives as the only way out.
In an effort to create a “culture of safety” and promote good “digital citizenship” worldwide, Microsoft helps inform parents, caregivers, teachers and school officials about cyberbullying. We've published a list of 10 tips for tackling cyberbullying. These include:
· Be an advocate. Kids need to know that adults can and will provide positive, active and predicable support. And, that they should never, under any circumstance, bully someone.· Talk about it. Encourage kids to report bullying to a trusted adult.· Look for signs of online bullying. For example, if kids get upset when they're online, or they show a reluctance to go to or be at school.· Encourage them to make friends. And, urge friends to look out for one another. Cyberbullies are less likely to target those whom they perceive are well-supported.
Indeed, we make a host of cyberbullying prevention resources available at our Safety & Security Center, including a factsheet, brochure and article, as well as recent cyberbullying research and the associated findings. We participate actively in industry coalitions, and partner with groups such as iKeepSafe, Wired Safety and the Family Online Safety Institute, supporting their efforts to help prevent cyberbullying and reduce other online risks.
Earlier this year, we were invited to and participated in a White House summit on Bullying Prevention, presided over by President Barack and First Lady Michelle Obama. We intend to remain active in these dialogues, and work with others in the technology industry, law enforcement, government and advocacy organizations to help reduce instances of cyberbullying.
No individual, company or organization can shoulder such a challenge alone. Like many online risks, combating cyberbullying and harassment are shared responsibilities. The first steps rest with each of us. So, all of us must do our part. As kids head back to school, teach them safer online habits and practices, and encourage them to stand up to cyberbullying.