Warning: Social media can destroy lives

A couple of stories in the last couple of days caught my attention, the first was that of Paris Brown, a 17 year old English girl who caused a bit of a stir, first, pleasantly for having been the appointed the fairly high profile newly created roll of “youth police and crime commissioner”, paying £15,000 P/A, . A few days later, police were investigating her for some tweets and posts on other social media a few years earlier for being racist and homophobic, it also came to light that she’d talked about her sex life, drink and drugs. Of course she was left with no option but to resign.

rehtaeh parsonsThe second story is tragic beyond belief, and is that of 17 year old Rehtaeh Parsons, who survived having been gang raped by 4 boys 18 months ago at a house party, had requests to police to take action over the allegations pretty much ignored, bullying at her then school, then after moving schools, finally settled down some and started going forward. But then one of the rapists finished her off last week by posting pictures taken during the rape to her whole peer group. She locked herself in a bath room, and sadly hung herself.

I think it would be natural for us to think Paris Brown had it coming, she brought it on herself, and she’s now lost the chance of a lifetime for a young lady to launch into a political career. But really those choices she made as a 14 year old were those of a child. While kids will be kids, and their behavior at that time is another issue, don’t we all want our kids to “do the right thing”, the fact is they don’t, and even worse they will brag about things they haven’t done online, same as in the playground.

With the case of Rehtaeh, the police currently are refusing to take any action; again, even though it would seem obvious that posting images of a 15 year old being raped would in itself be a crime, the police claim not to have adequate evidence. Morally I would suggest that the boy who posted these images has a responsibility for her death. And I would want to see the police firstly to use all resources available to secure convictions and secondly to hold an internal investigation to see how they let Rehtaeh’s life slip through their fingers and how they can avoid this ever happening again.

Maybe changes in the law are needed, that they are not well enough defined, a post on Facebook can be just as hurtful to a 12 year old as being beaten up in the toilet. And even worse, what’s posted on social media is not only there for life, you don’t know even if you message something privately that that won’t be made public by the recipient.

I would suggest that parents are losing the ability to control what our kids are doing online, they can get Facebook and Twitter on any internet connected device now, cell phones, PlayStations, and even our TV has its own internet browser. While we can’t control what they do, we can make sure we have a Facebook account that has them listed as a friend, and subscribe to their Twitter feed; at least we will know what’s going on in their world, and when we need to step in. While we can’t stop them going to that house party, as all their friends are going, we can warn them, that your potential employer in 10 years might not be so impressed. Of course how the parents of the boy that posted those pictures can live with themselves, I don’t know.

You may like to join me in signing this petition to Demand an independent inquiry into the police investigation.

I did find some useful films to help drive the message home on the PrivacyComm YouTube feed, this one below I particularly liked and showed this one below to my 11 year old.

Is it ambulance chasing?

Looking at the long list of sites that were attacked during Anonymous’s recent #OpIsrael, reminded me that the vast majority of victims of site defacements are actually just “mama papa” businesses on some $5 a month hosting plan, a few pages of their products, opening times and a map, they probably paid some local “IT Wizard” $200 to personalize a standard template 3 years ago.

defacedWhen they get that phone call from their clients asking “what happened to your site” and they take a look for themselves, they are shocked to see, it’s all gone, replaced by some garish image, a bit of graffiti claiming ownership or if it’s not political or vandalism but commercial defacement, adverts for fake designer goods or some embarrassing “male enhancement” herb.

I’ve helped quite a few clients, both individuals and companies with the clean-up, often as they can’t see anything of their own site, they think the rest of it is gone, only larger companies backup, so these individuals and smaller companies feel hopeless, I feel for them, economy is not good, they will be talking about “rescuing it if it’s worth it”, “maybe we only need a Facebook page”. They often don’t get the instant response they expect from their hosting companies that are not usually helpful anyway, are in a state of panic.

The fact is the vast majority of these defacements are done using automated tools, usually as simple as editing the homepage by adding a couple of lines of code. Each method is different, but the bottom line is that they are nearly always easily recovered.

This brings me closer to my point. When the hackers list their achievements in the defacement archives, which they often do in batches, having used the same script against sites which they have found share the same vulnerability.

And the questions is how ethical is to tout for business by offering to fix these small sites?

I have unsolicitedly emailed random victims, having taken the time to look at their publicly archived site or done a “whois” for contact details, emailing them a whitepaper describing how to fix that particular defacement, and sometimes even telling them the patch they need to apply so it doesn’t happen again.

Half will be appreciative thanking me, sadly nearly always then asking questions like “so how do I edit my default.html file?” which of course is more of a training exercise and would be far more difficult than me just doing it myself, so I don’t reply.

What worries me about offering this “fix defacements as a paid service” is that I can read between the lines that they will never trust that I am not actually the hacker.

Of course I wouldn’t put it past some lawyers to spray the roads with oil.

Hello World!

While I have contributed to a number of blogs, forums and sites over the years, decades even and setup, managed and moderated countless others for clients and friends, I’ve never actually had my own.

I first came to think it would be a good time to commit myself a few months back when I’d started on a “recertification” processPrincess Margaret Bridge Fredericton, as I’d let quite a few of my qualifications lapse over the years. I was spurred on by a friend who noticed how opinionated I was about how badly written the official guide for businesses and organisations to PIPEDA was comparing it to the UK’s DPA and said “write it up”, and while you are at it take a look at the UK’s Bribery Act.

Well that’s not a task I want to take up right now, they’re both sizable documents and PIPEDA should really just be revisited by a copywriter and proof-reader. What is relevant though is that this is a very important document that nearly all businesses of any size in Canada should have an understanding of, and it would make sense that it was written using clear, simple and correct English (I can’t comment on the French). And the Bribery Act, that discussion is more about its broader impact and implications.

Back to the blog in general, I’m not going to be asking my long suffering wife or one of the designers we normally use on clients projects to beautify this WordPress blog, I think I’ll leave it “vanilla” for now.

The friend is right of course, I am opinionated, as he says “You can always tell an Englishman – but you can’t tell him much!”, so here goes…

CISSP PMP