In This Issue:

• Consumer Awareness: Kids and the Dangers of Social Networking 
• Scams and Hoaxes 
• Microsoft and Apple Security Updates 
• Security Newsbytes

Kids and the Dangers of Social Networking

Social networking sites have morphed into a mainstream medium for kids and adults. (See advice for adults in the forthcoming July OUCH!) These sites encourage and enable people to exchange information about themselves, share pictures and videos, and use blogs and messaging to communicate with friends and sometimes even the world-at-large. While parents may feel outpaced by their technologically savvy kids, there are security lessons that parents can teach their kids. Here are eight tips to make your kids safer social networkers.

• Help your kids understand what information should be private. Tell them why it's important to keep some information about themselves to themselves, such as their full name, Social Security number, street address, phone number, and personal and family financial information. Screen names, too, should not give away personal information.
• Use privacy settings to restrict who can access and post on your child's website or Facebook page. Some social networking sites have strong privacy settings. Show your child how to use these settings.
• Explain that kids should post only information that both you and they are comfortable with others seeing. Even if privacy settings are turned on, some — or even all — of your child's profile may be seen by strangers. Encourage kids to think about the impression that screen names make.
• Remind your kids that once they post information online, they can't take it back. Even if they delete the information from a site, older versions may be stored on other people's computers or in Web archives and can be circulated online.
• Know how your kids are getting online. More and more, kids are accessing the Internet through their cell phones. Find out what limits you can place on your child's cell phone and how secure it is. Some cellular companies have plans that limit downloads, Internet access, and texting by quantity and time of day.
• Talk to your kids about bullying. Online bullying can take many forms, from spreading rumors online and posting or forwarding private messages without the sender's OK, to sending threatening messages. Encourage your kids to talk to you if they feel targeted by a bully.
• Talk to your kids about avoiding sex talk online. Recent research shows that teens who don't talk about sex with strangers online are less likely to come in contact with a predator.
• Tell your kids to trust their gut if they have suspicions. If they feel threatened by someone or uncomfortable because of something online, encourage them to tell you. You can then help them report concerns to the police and to the social networking site. Most sites have links where users can immediately report abusive, suspicious, or inappropriate online behavior.
• Read sites' privacy policies. Spend some time with a site's privacy policy, FAQs, and parent sections to understand its features and privacy controls. The site should spell out your rights as a parent to review and delete your child's profile.

More information

Scams and Hoaxes

Report email scams to Federal Trade Commission

Facebook Login Phishing Scam
The email aims to trick recipients into providing their Facebook login details to Internet criminals. Those who click on the link in these messages will be taken to a bogus website designed to look like a genuine Facebook login page. The bogus sites have domain names such as “fbstarter.com” and “fbaction.net.” If a user logs in to one of the fake pages, his or her Facebook account details will be revealed to scammers who can then logon to their victim's real Facebook account, steal personal information and use the account for fraudulent purposes.  More information

MobileMe Phishing Emails Hitting Apple Users
According to a news reports, many US citizens have complained about receiving phishing emails in connection with Apple's MobileMe, a package of online services offered by the software company. The email appears official and it states that the yearly subscription of MobileMe users would be automatically renewed, but efforts to debit users’ credit cards have resulted in failure. Moreover, the email states that if users don't want any interruption in the services, they should update personal information, especially their credit card number. The email provides a “Log In” link that asks for the user's username and password after diverting recipients to a phishing site. The fake email warns that if users fail to update their credit card details, all of their services, except email, will be cancelled within the next 15 days.  More information

Microsoft and Apple Security Updates

Microsoft and Apple provide free security updates for their software products.

Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The scheduled release date is June 9th. This is a good occasion to check manually, a practice that you should follow once every two weeks, to make sure all of the updates have been installed.  More information

OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).  More information.

iPhones & iPods: Must be updated manually:
http://docs.info.apple.com/article.html?artnum=305744
http://support.apple.com/kb/HT1483

Security Newsbytes

Hackers Infiltrate New York Times’ Twitter Account
Security firm Sophos has revealed that cyber crooks have hacked “The Moment,” one of the Twitter accounts of the New York Times used to deliver news stories from the fashion blog of the paper. The hacked account was used to send spam message that stated: “Everyone visit [LINK] for 100% FREE webcam girls/guys doing anything you ask them in the chat, I love it personally.” More than half a million users of the micro-blogging platform received adult-oriented spam. This is another in a growing series of cyber assaults on Twitter accounts. Other compromised accounts have included famous politicians, artists, TV hosts, and even Twitter administrators. Recently, a French hacker obtained control of a Twitter administrator’s account through social engineering and accessed private information from the profiles of Ashton Kutcher, Lily Rose Allen, and Barack Obama.  More information and VIDEO

[Editor’s Note (Wyman): Twitter, a messaging system wildly popular among kids using handhelds, was for a time reputed to be the new, quick, easy, cool way to keep in touch with your circle of friends. This buzz obscured the fact that like every other Internet-based service — new, cool or not -- Twitter was vulnerable to attack by hackers and malware and its users to exploitation by spammers and cybercrooks. Bummer. So, here’s a Security Tweet for Twitterers: “Those who cannot learn from history are doomed to repeat it.”]

FTC Obtains Court Order Halting Deceptive Mortgage Relief Internet Ads
At the Federal Trade Commission’s request, a federal district court issued an order to stop an Internet-based operation that pretends to operate “MakingHomeAffordable.gov,” the official Web site of the federal Making Home Affordable program for free mortgage loan assistance. According to the FTC’s complaint, the defendants purchased “sponsored links” for their advertising on the results pages of Internet search engines, including yahoo.com, msn.com, altavista.com and alltheweb.com. When consumers searched for “making home affordable” or similar search terms, the defendants’ ads prominently and conspicuously displayed the Web site address “makinghomeaffordable.gov.” Consumers who clicked on this advertised hyperlink were not directed to the official Web site for the Making Home Affordable program, but were diverted to websites that solicit applicants for paid loan modification services. These commercial websites, which are not part of or affiliated with the U.S. government, require consumers to enter personally identifiable and confidential financial information. The operators of these websites either purport to offer loan modification services themselves or sell consumers’ personal information to others who sell such services.  More information

Boface Worm Variant Discovered on Facebook
PandaLabs reports that it has discovered a new variant of Boface worm, known as Boface.BJ.worm, which deceives users into buying a bogus antivirus application after persuading them to download malware via Facebook. After attacking a system, the worm waits for four hours before becoming active. When users log into their Facebook accounts, the worm sends a message along with a link to the user and to his network of Twitter friends. If users click on the link, they are taken to a fake YouTube webpage that directs them to install a “media player” in order to view a fictitious video. If the users follow the instructions, malware is installed on their computers and messages will pop-up saying that the system is infected and the user needs to purchase a phony anti-virus application.  More information

Scareware Turns into Ransomware
Security company McAfee reports finding a new version of “FakeAlert-CO,” a bogus security application that its creators branded as “System Security 2009” on a bogus website. After FakeAlert-CO infects a PC, it either disables all active processes or gives instructions for a system reboot. Like other fake security programs, FakeAlert-CO displays bogus warnings to the computer user, indicating that stored files are infected by malware. The bogus software tells you that “to remedy the problem, you need to buy and install FakeAlert-CO”.. But when you click on the warning message, you are taken to an official-looking website that reveals a wide range of subscriptions to choose from before entering your credit card number. The website offers two purchase options, one for two-year and another for a lifetime license along with, ironically, a rebate offer and a 30-day money back guarantee.  More information