Jul 25, 2016 | Web Filtering
The American Civil Liberties Union (ACLU) of Rhode Island has praised the General Assembly for introducing more transparent standards for the use of Internet filters in schools in the state.
Since the passing of the Children’s Internet Protection Act (CIPA), K-12 schools and libraries that apply for E-Rate discounts have been required to implement a web filter to restrict access to inappropriate or harmful website content. The web filter must be configured to block obscene images, child pornography, and other content that could be considered harmful to minors.
Overzealous Use of School Internet Filters in Rhode Island
While schools in Rhode Island have complied with CIPA, many have gone further and have used Internet content filtering software to block far more website content than CIPA requires. Blocking potentially harmful website content protects children from harm; however, schools must take care not to overblock website content.
There is a clear difference between pornographic content which contains images of naked individuals and artwork which depicts nudes for example. The former has potential to cause harm to minors, the latter has educational value and should not be blocked. If there are no standards for the use of Internet filters in schools, it is all too easy for valuable educational material to be inadvertently blocked.
Three years ago UCLA published a report on how overblocking of website content can harm public education. The report details some of the difficulties staff and students have had accessing valuable website content after web filtering solutions have been implemented in educational establishments in Rhode Island.
Internet filters allow website content to be blocked based on categories. Schools may, for instance, choose to block content relating to alcohol. However, the report says some students had tried searching for polyvinyl alcohol – information on which was required for their studies, yet the content was not accessible because the Internet filtering category “alcohol” had been blocked.
Students who want to access LGBT information or individuals wishing to find out about sexually transmitted diseases should be able to access that information, yet this type of website content can all too easily be blocked if Internet filters are not carefully applied. The ACLU believes that transparent standards for the use of Internet filters in schools are necessary. Schools should be open about the type of content that they block and the reasons for doing so. With greater transparency students can be protected from harm, yet have access to valuable educational material.
New Standards for the Use of Internet Filters in Schools in Rhode Island
Rep. Art Handy and Sen. Adam Satchell sponsored the new bills (H-7583-A and S-2172-A) which require written policies to be implemented which explain the categories of website content which are blocked by the state Department of Education and school districts. The new legislation also requires reasons to be provided for blocking specific categories of website content. Policies must also be reviewed on an annual basis.
Hillary Davis, policy associate of ACLA of Rhode Island, praised the introduction of new standards for the use of Internet filters in schools by the General Assembly. She said, “The Internet offers a world of educational opportunities that Rhode Island’s students have been denied because of overzealous filtering software.” Davis went on to say, “This new law will go a long way toward ensuring teachers can bring their full range of resources to the classroom, and that students can complete their studies without interruption or frustration.”
WebTitan – Web Filtering for the Education Sector
The TitanHQ team has worked on email anti-spam solutions for schools, web filtering for education, and email archiving for schools for over 20 years. We have a deep understanding of the web security issues that all schools and colleges face when protecting students, staff members, and visitors.
WebTitan is a powerful web security solution that ensures safe Internet browsing for children. The solution provides protection from harmful and obscene web content whether students are studying in the classroom, school library, or offsite and blocks threats such as malware, ransomware, and phishing. WebTitan Web security is available for all devices, including Chromebooks, Windows, and Apple devices, and the solution is quick and easy to implement and maintain.
Benefits of WebTitan
- Create a safe and secure web browsing environment.
- Comply with CIPA and qualify for E-Rate discounts
- Block malicious websites and malware downloads.
- Block material contained in the child abuse image content URL list (CAIC List) and other third-party blacklists.
- Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
- Filter by keyword and keyword score.
- Inspect encrypted websites.
- Filter content in 200 languages.
- Apply time-based filtering controls.
- Filter the Internet across multiple WiFi hotspots.
- Protect students when learning remotely.
- Manage access points through a single web-based administration panel.
- Delegate management of access points.
- Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
- Integrate the solution into existing security and monitoring systems.
Test WebTitan with a 14-Day Free Trial
WebTitan is currently protecting 10 million students and 2.5 billion DNS requests a day with T-Mobile. With WebTitan, you can quickly and easily protect your students from inappropriate web content, ensure CIPA compliance and create a safe environment for children.
You can also take advantage of a Free Trial of the solution to see for yourself how easy it is to use and maintain, and how effective it is at blocking access to content you do not want to be accessed by students, on or off the network.
Jul 18, 2016 | Web Filtering
McDonalds and Starbucks have recently announced that they have taken steps to block porn on WiFi networks that can be accessed by their customers. McDonalds restaurants in the United States already have a web filtering solution in place that prevents customers from accessing pornographic material via their in-restaurant WiFi networks. Mature content – such as online streaming of TV shows such as Game of Thrones – will still be possible. Starbucks has also recently followed the lead of McDonalds and will soon implement a web filtering solution to block pornography.
McDonalds is the largest fast-food chain in the United States, operating more than 14,000 restaurants. Starbucks is the largest coffee shop chain in the United States, with more than 12,200 outlets in the U.S. Due to the size of the chains, and their popularity with children and families, both organizations have faced pressure from Internet safety organizations to start implementing controls to limit the website content that can be accessed via their WiFi networks.
McDonalds Chooses to Block Porn on WiFi Networks in its Restaurants
McDonalds started to block porn on WiFi networks available to customers earlier this year. According to a statement issued by the fast-food chain, the corporation was previously unaware that there was a problem with customers accessing pornography inside its restaurants or that consumers wanted restrictions to be placed on its WiFi networks.
After the not-for-profit Internet safety organization Enough is Enough reached out to the CEO of McDonalds last year and suggested WiFi network porn filtering should be implemented, the fast-food chain reacted “promptly and positively.”
McDonalds recently issued a statement saying “We had not heard from our customers that this was an issue, but we saw an opportunity that is consistent with our goal of providing an enjoyable experience for families.”
McDonalds started exploring web filtering solutions to block pornography on WiFi networks in its restaurants and, after researching the available options, McDonalds implemented a WiFi network porn filtering solution in Q1, 2016. Last week, McDonalds announced that a web filtering solution had been deployed to block porn on WiFi networks in its restaurants.
WiFi Network Porn Filtering to be Implemented by Starbucks
Hot on the heels of the announcement by McDonalds was a press release confirming that Starbucks had taken the decision to block porn on WiFi networks in its coffee shops.
Two days after the McDonalds announcement, Enough is Enough reported that Starbucks had also opted to block porn on WiFi networks in its coffee shops in the United States. When the evaluation process has been completed, and a suitable WiFi network porn filtering solution has been selected, it will be rolled out worldwide across the company´s coffee shops to ensure that all customers are protected from exposure to pornographic material.
A spokesperson for Starbucks said, “We are in the process of evaluating a global protocol to address this in all of our company owned stores, and are in active discussions with organizations on implementing the right, broad-based solution that would remove any illegal and other egregious content.”
Enough is Enough has been campaigning for safer Internet since the group was formed in 1994. In 2014 the organization launched a new campaign to place pressure on corporations in America to use WiFi network porn filtering to ensure that children and families could access the Internet safely without being exposed to pornographic material.
Increasing Pressure on Corporations to Implement WiFi Filtering Solutions to Block Pornography
Enough is Enough claim “Internet safety is now the fourth top-ranked health issue for U.S. children with peer- reviewed research confirming Internet pornography as a public health crisis.” The organization says that individuals are increasingly using open WiFi networks to gain access to online pornography and child pornography. They cite news reports that public WiFi networks are also being used by individuals to share obscene, abusive, and illegal images.
Enough Is Enough has been putting an increasing amount of pressure on organizations in the United States over the past two years to carefully control the content that can be accessed via WiFi networks. The organization has now gained the support from 75 partner organizations including the Salvation Army, National Coalition to Protect Child Sexual Abuse, U.S Department of Justice, American Family Association (AFA), Family Research Council (FRC), and the National Center on Sexual Exploitation.
Enough is Enough and the National Center on Sexual Exploitation recently appealed to Starbucks to follow the lead of McDonalds and implement a WiFi web filtering solution to block porn on WiFi networks accessible to its customers.
Both organizations will now be increasing their efforts to get other corporations in the United States to make a similar decision and block porn on WiFi networks in order to provide family-friendly Internet access.
WebTitan Cloud for WiFi: Secure WiFi Networks and Easily Restrict Access to Inappropriate Web Content
WebTitan Cloud for WiFi is a powerful WiFi filtering solution that is often awarded top marks in user reviews for ease of implementation, ease of use, quality of filtering, pricing, and customer service and support. Restaurants, coffee shops, retail outlets, and many other businesses that offer WiFi to guests can easily implement controls to restrict access to inappropriate web content and block threats such as phishing and malware and ransomware downloads. The solution is DNS-based, has no impact on Internet speed, and can be implemented in minutes, with no need for any additional hardware or software downloads.
With WebTitan Cloud for WiFi you can:
- Create a family-friendly, safe and secure web browsing environment.
- Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
- Filter by keyword and keyword score.
- Filter content in 200 languages.
- Apply time-based filtering controls.
- Filter the Internet across multiple WiFi hotspots.
- Manage access points through a single web-based administration panel.
- Delegate management of access points.
- Reduce the risk of phishing attacks.
- Block malware and ransomware downloads.
- Inspect encrypted websites with SSL certificates.
- Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
WebTitan Customers benefit from:
- A highly competitive pricing policy
- flexible pricing terms including monthly billing
- Industry leading customer support
- Easy integration of the solution into existing security and monitoring systems
- Multiple hosting options, including within your own data center
- Insights into customer behavior
- Full visibility into usage of the WiFi network
If you want to provide a clean, filtered WiFi service to your customers, give the TitanHQ team a call today to find out more about the benefits of WebTitan Cloud for WiFi, for details of pricing, and to book a product demonstration or set up a free trial of the solution.
Jul 15, 2016 | Cybersecurity News, Web Filtering
New Locky ransomware variants are frequently developed to keep security researchers on their toes. The malicious ransomware is highly sophisticated and further development allows the gang behind the crypto-ransomware to keep raking in millions of dollars in ransoms.
According to security researchers at Avira, a new Locky variant has now been discovered with new capabilities that spell trouble for businesses, even those with highly advanced security systems in place. Now, even rapid detection of Locky will not prevent files from being encrypted. Even if Locky cannot contact its command and control server, it will still execute and encrypt files. Previous Locky ransomware variants would only encrypt files after C&C server contact was established.
This means that if Locky is detected on a computer, shutting down the network or blocking communications will not prevent files from being encrypted. This is one of the few options open to organizations to limit the damage caused if ransomware is discovered.
New Locky Ransomware Variants Encrypt Without C&C Server Contact
Many of the latest ransomware strains use public key cryptography to lock users’ files. They will not encrypt files if systems are taken offline because they require contact with a C&C server to obtain the public-private key pairs that are used to lock files. These are only generated if a connection to the C&C is made. The private key that is used to unlock files is stored on the attacker’s server and never on the local machine that is infected.
Without a connection, unique keys for each user cannot be generated. This means that even if millions of computers are locked, one key will unlock them all. By generating a unique key for each infection, a ransom must be paid for each device that is encrypted. Without this, a business would only need to pay one ransom payment to unlock all infected devices.
Fortunately, that is the case with the latest Locky strain. If no C&C contact is made, all infected devices will be locked with the same key. That means only one ransom payment may need to be paid. However, if C&C contact is established, the AES encryption key will be encrypted using a separate RSA encryption key for each device and multiple payments will be required.
Avira reports that the new Locky ransomware variants use separate types of victim IDs, depending on whether files were encrypted offline or online. Offline infections use a 32-character alphabet for the victim IDs – “YBNDRFG8EJKMCPQX0T1UWISZA345H769” – rather than hex digits. By doing so, the attackers can determine which key to supply to unloick the encryption.
According to Avira’s Moritz Kroll, “Theoretically, if a company with a domain controller is hit by the new Locky and sees a non-hexdigit ID like ‘BSYA47W0NGXSWFJ9’, it might be cheaper to generate a victim ID with the same public key ID but without saying it’s a corporate computer.” That key can then be used for all other devices that have been infected.
While this may work, it is no substitute for having a viable backup. It is also far better to block the malicious spam emails that are used to deliver the ransomware using an advanced spam filtering solution such as SpamTitan, and to prevent drive-by downloads using WebTitian.
Jul 8, 2016 | Cybersecurity News, Internet Security News, Web Filtering
If you want to keep your computers and network protected, you should ensure that browsers are patched as soon as updates are made available. However, end users may be fooled into taking action to keep their computers secure and inadvertently use fake Firefox updates.
Fake FireFox Updates Used to Install the Kovter Trojan
Fake Firefox updates are being used by the gang behind the Kovter Trojan. A new version of the fileless malware has been identified recently, and it is infecting users by posing as a fake Firefox update.
The cybercriminal gang behind Kovter frequently tweak the malware and come up with new ways of infecting end users. Kovter is a particular worry as it can be particularly difficult to detect. Being fileless, there are no actual files to detect. The malware resides only in the memory, and it ensures it is reloaded into the memory each time a computer is rebooted with a Windows registry component.
Kovter can perform a range of malicious activities, such as redirecting users to malicious websites, performing click fraud, downloading other malware, and now also encrypting files. The latest variant discovered by CheckPoint also has ransomware capabilities.
When users visit a malicious or infected website they are presented with fake Firefox updates and are urged to download the latest version to keep their computers secure. Researchers at Barkly discovered that the gang behind the latest Kovter campaign are using a legitimate certificate to fool antivirus engines. The certificate was issued to Comodo, although it has since been revoked. Anti-virus engines are also now being updated to detect the malware and block its download.
Preventing Drive by Malware Downloads
There are a number of steps that can be taken to prevent drive-by downloads of malware such as Kovter. Policies should be implemented that prohibit end users from performing software updates, which should be left to the IT team to handle. Patch management policies should be developed and implemented to make sure that when software updates and patches are issued, they are installed promptly or preferably automatically.
Browsers should never be updated outside the normal update process. To check if the latest version is installed, simply click on the help function, followed by the About option, and the browser will check to determine whether an update is available.
A web filtering solution is also an important security control to employ to prevent drive-by downloads. A web filter can be configured to block access to webpages known to contain malware and restrict access to non-work related websites which carry a high risk of malware infections. Some web filtering solutions – WebTitan Gateway for example – can also scan websites in real-time to check for known indicators of drive-by downloads and exploit kits. WebTitan then prevents the sites from being visited.
Jul 7, 2016 | Web Filtering
A new law has been approved by the House of Representatives that will require government agencies to block pornography on computers used by federal employees.
The accessing of pornography in the workplace is a serious issue. While the employees who access the adult material at work may feel like they are doing no harm, the accessing of adult websites carries an unnecessary risk of malware being downloaded onto computers and government networks. The recent massive data breaches experienced by government agencies have highlighted the need for improved protections to be implemented.
Eliminating Pornography from Agencies Act Passed by House
Rep. Gary Palmer (R-Alabama)-sponsored the bill – the Eliminating Pornography from Agencies Act (H.R. 901) – which is part of a new government reform package. Palmer saw a need to introduce new laws to block pornography on computers after it became clear that the problem was widespread in federal agencies.
Federal workers were suspected of accessing pornography at work and internal investigations revealed that a number of workers had been accessing sexually explicit material; in some cases, for many hours each day.
One notable instance involved a worker who was suspected of accessing pornography on a federal computer. When EPA Office of the Inspector General (OIG) investigators visited the employee, he was actually viewing pornography at the time. He admitted to accessing the material for two to six hours a day.
The Securities and Exchange Commission (SEC) OIG also conducted investigations. A 2010 report indicated 33 employees had been discovered to be accessing pornography at work. Last year, media reports suggested there was a porn crisis in the federal government, saying the problem was serious and widespread.
Aside from the huge drain on productivity, if an agency fails to block pornography on computers there is a considerable risk of employees infecting their computers with malware or causing a data breach.
The reform bill was passed 241-181. The new law will require agencies to block pornography on computers for all workers, although access will still be permitted for certain individuals who require access to the material as part of their investigations.
WebTitan – A Quick and Effective Way to Block Pornography on Computers
WebTitan is a highly effective, but easy to implement web filtering solution that can be used to quickly block a wide range of inappropriate web content from being accessed by employees. WebTitan is an enterprise-class web filter that allows organizations to block specific categories of web content such as pornography.
Once the solution is installed, to block pornography on computers system administrators only have to tick a checkbox. Websites and webpages containing pornographic images will no longer be able to be accessed by employees. Since WebTitan ties in with Active Directory, it is easy for different permissions to be set for individuals, user groups, or for the entire organization.
Filters can also be applied to block productivity draining websites such as Social media platforms, gambling websites, and gaming sites. Bandwidth draining activities such as video and audit streaming can also be blocked, as can websites known to contain exploit kits or malware.
WebTitan can be used to quickly and easily enforce acceptable usage policies and improve the productivity of the workforce as well as an organization’s security posture.
