Webchat with Graham Cluley, computer security expert, Wednesday 2 September at 1pm

[BojanaMumsnet]

Hello,

After the events on Mumsnet over the last couple of weeks, lots of you have been asking questions and sharing advice on how to stay safe online.

So we’re pleased to announce a webchat with Graham Cluley, an award-winning computer security blogger, researcher and public speaker, to tackle your cyber-security-related questions.

Graham has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

He was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Visit his website here.

Please do join us tomorrow Wednesday 2 September at 1pm or post a question for Graham here in advance if you can’t. As ever, please do remember our webchat guidelines.

Thanks
MNHQ

@JJBurnelsBass

Ooh, hello HAMRAG!

Hi JJBurnelsBass

Are you drowning? I feel like I am under this avalanche of questions...

@GrahamCluley

[quote ItsAllGoingToBeFine] Thanks Graham

Other password managers are available. 1Password, KeePass, Dashlane, etc etc. Anyway, good for you. Any decent password manager is better than no password manager.[/quote]

Dashlane is free!

How secure are Chromebooks? I tried to download an anti-virus thing when I got one but I can't as it "doesn't need one"

Also, how safe is cloud storage for big government data as opposed to whatever they were using before? It seems as though once a hacker gets into this, they can have it all - all the data is in one basket. Or have I seriously misunderstood something?

@tharsheblows

A lot of security advice seems to be centered around nameless bad guys hacking online accounts in bulk. What about people with partners who are more tech savvy than they are and have access to their homes, phones and computers?

Hi there tharsheblows,

Yes, there is a very real problem securing your privacy from family members and others who might have access to your computer or smartphone.

I recommend you read this [[https://grahamcluley.com/2015/08/stop-stalking-smartphone/ How to stop a domestic abuser stalking you via your smartphone]]

There is other great material and advice on the Digital-Trust website.

Take care

What are let's say the 3 Do's (It does not have to be 3) for parents to enable them to keep their children safe online?

@tharsheblows

best device and advice for someone like my mother who isn't tech savvy but has a basic understanding of online security (really just is a bit skeptical of clicking links in emails etc)?

So these recommendations revised for someone who doesn't quite understand all of them: twitter.com/swiftonsecurity/status/635168838145867776

If it helps, my mom loves her iPad and I've just told her to never use her old PC for anything but printing as I can't keep it properly up to date. (I hope that's not too far off the right thing to do!)

Hi tharsheblows

Great that your mum uses an iPad - I think that's an excellent choice for those less comfortable with computers, and who don't want the headache of maintaining a Windows desktop computer.

The advice Security Taylor Swift retweeted in that link is probably more for someone who wants to avoid the potential of covert government surveillance rather than targeted at the likes of your mum.

But here's more quick advice those who just use iPads:

• Apply iOS updates when they become available.
• Don't jailbreak your iOS device
• Use unique, hard-to-crack passwords, and have a Password Manager to remember them
• Be wary of unsolicited emails asking you to click on links, or telling you that you have inherited a fortune from a Nigerian Prince.
• If the device is ever used on public Wi-Fi hotspots, make sure that it has a VPN to encrypt any communications.

Other password managers are available

That work well across mobile platforms/Chromebooks etc?

Thanks Graham, totally agree about the ads, especially for films. Content providers have to get better at all this. Will check out your other suggestions too.

@CFSKate

When patches are issued for IE, do they happen automatically when Windows updates? I keep reading about webcams not being secure, so how do you make them secure?

Hi CFSKate

Yes, when Windows updates itself (which should be happening at least monthly) then it will also update Internet Explorer with any necessary security patches.

The danger with webcams is that computers can become infected with malware, giving hackers an opportunity to record you without your necessarily knowing. There have been some pretty ghastly times this has occurred - and the peeping toms have used footage to extort money or blackmail.

My advice? Keep your anti-virus software up-to-date and place a post-it note over your webcam, only removing it when you want to go on camera.

That Digital Trust looks like a good site, so Thanks. I hope MNHQ are noting some of these tips and might consider incorporating them in site guidance.

@JeffreysMummyisCross

MN recently took down its app as they weren't 100% sure that it was secure.

What is the relative safety of using an app on my phone, compared to a website on my laptop? For example, my bank keeps trying to get me to download its new mobile banking app, which I am wary of doing. Am I being overcautious? Although I have anti-virus / malware apps on my phone, I assume that these are not as hefty (technical word there) as those on my laptop?

Hi again JeffreysMummyisCross

Some apps are competently written, some have security holes. The challenge is determining which are which. It would be nice to think that a high street banking app would have been properly tested.

The problem is somewhat worse on Android than it is on iOS, as Google has historically done a poorer job of keeping bogus apps out of the Android app store. Before installing an app, always check its popularity by looking at the number of reviews and rating - if it's a popular app like Instagram but only has three reviews then you are right to be suspicious!

I think it's fair to say that some apps may not be as secure as their website equivalents - but this didn't stop me using a banking app myself. It's just so convenient!

An additional level of protection you can deploy is a VPN (Virtual Private Network). It sounds nerdy, but it's another app you can install on your phone that encrypts all of your communications as they pass over the internet - meaning that hackers will have a hard time snooping on what you're doing when you use public Wi-Fi.

VPNs can also be used to disguise what country you're in - which can be handy if you're abroad and want to watch some British TV, for instance.

@ANewDayANewName

I'm pretty ok on security on a windows laptop but have no idea about security on my iPhone. Could you identify some key steps to protect yourself on an iPhone (anti-virus etc)?

Hi ANewDayANewName

Sadly, Apple doesn't allow anti-virus vendors to write decent security software for the iPhone. The good news is that the malware problem for iPhone has been almost entirely limited to devices which have been jailbroken. In other words, if you haven't tampered with your iPhone in a nerdy way, chances are that your iPhone won't have any malware on it.

Malware is much MUCH more common on Android, where Google has a more carefree attitude to things than Apple's control freak.. ahem.. "walled garden" approach.

However, I would recommend you install a VPN on your iPhone to protect its communications from Wi-Fi sniffing. Also, sign it up for services like Find My iPhone so if you lose it you can either locate it or remotely wipe it.

Finally, I recommend that you use a passphrase to control access to the phone rather than a four-digit pass code.

Hi Graham. Any chance you could do regular sessions here?

My question is: I use my ipad for all personal stuff. I am told it is much 'safer' in terms of online security. How true is this and which password manager would you recommend for ipad?

@Tianc

Can you say a bit about cross-window attacks within the browser (which I understand may be how the preliminary attack on the MN admin was done)? And the need to actually quit the browser to "end the session", to prevent this?

I've had this explained to me, but couldn't accurately explain it to others. But I now quit and restart Safari before doing my banking.

Hi there Tianc

I don't know the specifics on the Mumsnet attack, so it wouldn't be appropriate for me to comment.

But I think you're talking about what is known as a cross-site scripting (XSS) attack. They are one of the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users' settings and phish login credentials.

Essentially, with an XSS attack it looks like you are on the website of XYZ Inc, but actually hackers are exploiting a coding flaw on the website for their own ends - often by displaying a bogus login form to grab passwords.

The onus lies on web developers to write their code more securely, so there aren't security holes which XSS attacks can exploit.

[quote wannaBe] mmm, humbug was the first ever game I played after I got a screenreader on my dad's computer. I never finished the game

If someone has put malware/spyware/keyloggers on your computer, what can you do to search for it, find it and remove it, if it already got through your anti-virus software? (I know I've already asked more than my share of questions, so please answer others first, this is just if there is time left.)

Hi Graham

cyberstreetwise.co.uk has some good information written for ordinary people, including links under Resources to some Sophos stuff

@Simurgh

Good afternoon Mr Cluley

What would you say was the desirable balance between personal responsibility for IT security and what the average user should be able to expect of the systems they use?

Hi Simurgh

Please call me Graham. Mr Cluley makes me feel old!

Well, in an ideal world people wouldn't have to worry about their IT security, as the computer and operating system and other crafty technology would handle it all for them.

But we don't live in an ideal world. :( And there's no such thing as foolproof protection.

Everybody, sadly, needs to keep their wits about them and take some responsibility for their online security. Whether it be pausing before clicking on a link in an unsolicited email, hesitating about opening the PDF attachment they have just been sent out of the blue, or agreeing to let Microsoft update Windows.

The problem is, fundamentally, a human one rather than a technological one. And that's why it will never be solved. We can't roll out a security patch to people's brains.

Hopefully web chats like this can help spread a little knowledge, and help folks protect themselves better.

Blimey, Graham, how fast do you type? I don't think we've ever had someone on the webchat get through the questions so quickly

Thanks very much for answering my questions.

@CFSKate

ISTR something in the news about Samsung televisions using the internet to spy on people?

Yes, there have been a number of issues with so-called Smart TVs. See this for instance.

The Internet of Things is coming folks, and the problem is that it may not be very secure. :(

I know I have seen posters on MN before who were very worried about facial recognition software used to stalk people/children online.

If I had to choose between LastPass and Chrome's built-in password manager I would choose LastPass. That's because LastPass offers additional levels of security such as two-factor authentication to defend your crown jewels - your passwords!

ChromeGoogle has 2FA too...

The Internet of Things may well be coming but surely it's going to be pretty well restricted to a few people who have the inclination or the money to buy into it? How will Joe User fair in that world do you think?

(Sorry - I know that's 3 but I'm distracted by thumps from above. (Roofers in.))

@lavenderdaisies

The swatting attacks really shocked me. I mean, why?! Is there a history behind this?

Also wondering what else I don't know about hackers' tactics beyond keyboards and screens. Or has real life harrassment always been a part of hacking?

Yes, there are some real low-lives out there dead set on making innocent people's lives a misery. :(

Swatting has been going on for a while. Typically it's teenagers, tricking the police by making bogus emergency calls saying that - for instance - there is an armed gunman in the house. They use technology to disguise their real phone number.

The police, of course, have to take the threat seriously (Imagine what the Daily Mail would say if an emergency call about an armed gunman wasn't taken seriously by the police, and then someone was hurt?) and an armed response team is despatched to the house.

Swatting is particularly common amongst the online gaming community, where people watch live video streams of teens playing video games and like to interrupt the show with a visit from the police.

Obviously this wastes police time, and is utterly irresponsible.

And cowardly too. But what do you expect from someone who chooses to spread misery remotely from the safety of their bedroom?

Oh bloody hell! That's just ruined my day. More chances to spy! I feel sick, who'd have kids these days!

Though I have already got a sticker on my webcam so people couldn't accidentally watch me doing my Jillian Michaels like a beetroot on legs so I'm doing better than I thought!