Google And Microsoft And Why Things Are Never Just Right And Wrong

The senior director of the Microsoft Security Response Center (MSRC) has hit out at Google for releasing information about  a Microsoft product vulnerability, affecting Windows 8.1, just days before a Patch Tuesday fix would be released to resolve the issue.

In the article, on the Microsoft Security Response Center blog, he says, “Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.

Microsoft Vulnerability Reported by GoogleIn the article Microsoft are referring to Google Project Zero, announced in July 2014, in which Google said, “Our objective is to significantly reduce the number of people harmed by targeted attacks. We’re hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.

The Windows 8.1 vulnerability, affecting the User Profile Service of Windows 8.1 was recorded on the Google Security Research database on 13th October 2014 and became public on 11th January 2015.

On the 11th November Google reported that Microsoft had “confirmed they are on target to provide fixes  for these issues in February 2015. They asked if this would cause  a problem with the 90 day deadline” to which Google responded, “Microsoft were informed that the 90 day deadline is fixed for all vendors and bug classes and so cannot be extended”.

Microsoft Vulnerability Reported by GoogleOn the 11th December 2014, the update read “Microsoft confirmed that they anticipate to provide fixes for these issues in January 2015”, and just recently the update read, “Deadline exceeded – automatically derestricting” which is likely what caused the angry response from Microsoft.

Who Is Right?

It is tricky to pick a side on this particular matter as it could be argued that each side is right, and that each side is wrong.

On the side of the “Right”, Microsoft do point out that protection of customers should be of paramount importance. However, Google have already committed to transparency and have clearly set out their process.

Conversely, perhaps knowing the potential risk of the particular vulnerability Google might have considered a few more days grace for the issue to be resolved but similarly knowing the gravity of the problem perhaps Microsoft should have released the fix earlier?

So, who is right on this? Microsoft or Google? What do you think?

A Look At The Parental Controls Feature On The Tesco Hudl2

The hudl2 tablet, from Tesco, received one of our rare five star awards (see Review: Tesco hudl2 Android Tablet). In this article we will take a look at the Parental Controls features available in the hudl2.

Deciding to allow a child to use an internet-connected device such as a tablet, unsupervised, is a big decision and one that shouldn’t be taken lightly. Tools alone aren’t enough to protect a child online and you may be unaware of sites your child is accessing online, even inadvertently, so these tools should be considered in tandem with other parental responsibilities towards child safety.

Tesco Hudl2 Parental Controls on www.jasonslater.comThe parental controls feature is available through the “Child Safety” feature on the hudl2. The child safety screen has a friendly smiley face together with sections for Child Profiles and Safety Advice.

The simple chunky look of the child safety section is welcoming and the calming orange colour may offer some peace of mind to those looking at safety tools for the first time.

Safety Advice

The Safety Advice section should be your first port of call and it currently has eleven sections covering: key tips, advice by age, using apps, browse the web, chat & social, photo & video, and others.

Tesco Hudl2 Parental Controls on www.jasonslater.comTesco say they have worked with “The Parent Zone” to “create a comprehensive Child Safety app for hudl2”.

There is quite a bit of useful information, and advice, contained in the “Safety advice” section and I would highly recommend every parent read it thoroughly.

Three Key Features

The three key features of the child safety app include a dedicated web browser, “so that your child can only visit websites suitable for their age.”, a time limit feature, “so you have a greater control over your child’s hudl use”, and limited access to apps (for each child profile), “It’s up to you to decide which apps your child can use.”.

By default Safe Search is set on for Google and web content is filtered by child age: pre-school, infant school, junior school, and senior school.

Child Profiles

Tesco Hudl2 Parental Controls on www.jasonslater.comThe first step in setting up parental controls is to tap the Child Profiles icon. You will be asked to set a master security PIN lock so that your children cannot access the parental control features.

Fortunately, the PIN can be really quite long so try and set something they can’t guess. Kids are very good at guessing PIN numbers so spending a little extra time here will ensure the effort isn’t wasted later on (choosing the first letter from each word of a paragraph in a well-read book is a good start but try and obscure some of the letters). Google has quite a good section on setting passwords, see “Secure your passwords”.

Tesco Hudl2 Parental Controls on www.jasonslater.comOnce a suitable security PIN has been set the “Manage Child Profiles” section becomes available.

The only option, when you first run Manage Child Profiles, should be “New Child Profile” so tap it and you will be asked for a child’s name and age.

Age is important as it is used to restrict the websites the child can access. You can also set an associated image either by taking a photo with your camera or by selecting an existing image from the document library.

Tesco Hudl2 Parental Controls on www.jasonslater.comFor our example we will set up a fictional child, “Emma”, who is aged 10. Once the information is entered a summary will be displayed including an indication of the default safety features.

Tesco Hudl2 Parental Controls on www.jasonslater.comIn our example both “Web Safety” and “App Safety” have been enabled but “Time Limits” have not yet been set.

A quick way of checking the feature has been configured is to return to the lock screen, on the hudl2, and the new login icon for the child should be available at the bottom of the screen.

Personally, I wish the child’s image icon was a little larger and separate from the parents icon – there is certainly plenty of screen space available.

Tesco Hudl2 Parental Controls on www.jasonslater.comTo managing a Child Profile head back into the Child Safety section, then Child profiles, enter the security PIN, then tap on the child to manage their account.

From the Child Profile screen the name, photo, and age of the child can be updated. In addition there are three safety features which can be configured: Web Safety, Time limits, and App Safety.

Web Safety

For the “Web Safety” section a number of default web categories are included which can be allowed or blocked. For more information on each category tap the information icon next to the category name.

Tesco Hudl2 Parental Controls on www.jasonslater.comDefault categories include Games, Search engines & portals, Religion, Charities & NGOs, Sports & Entertainment, Web-based email, News, Politics (including Business & Finance), General, Health & wellbeing, Lifestyle, Shopping, and a number of others.

Strangely, some very unusual categories are included such as “18+”, “Illegal Content”, “Dating & Personals” which all seem somewhat out of place in a Child Safety environment. Even stranger is that these categories can be “Allowed”. Considering the Child Safety app, according to the Welcome section, is aimed at children up to 13 one cannot imagine many circumstances when “Illegal Content” or “18+” might be appropriate.

Setting the access controls for the categories is very straightforward. It would be useful to be able to drill-down into just what websites are included in each category or to be able to get some reporting as to the categories the child has attempted to visit.

Time Limits

Time Limits can be set in two main categories: Weekdays and Weekends. For both of these sections a time range can be added where the child can access the hudl (the access is set between two points in a 24 hour period).

Tesco Hudl2 Parental Controls on www.jasonslater.comSetting a time range involves sliding blue circles, in 15 minute increments, to the appropriate start and end time (e.g. 6 am to 9pm). This is useful to prevent a child, for example, using the hudl in the middle of the night.

Furthermore, a maximum time can be set where the hudl can be used so if you want your child to use the hudl for no more than 30 minutes per day it can be set (in five minute intervals).

Setting time limits in this way is quite easy and self-explanatory. The visual nature is also useful if you want to sit down with a child and explain the times they can access the hudl. It is not currently possible to associate the time constraints with the web safety and app safety categories separately but as a starting point it is useful.

App Safety

App Safety lists the apps available on your hudl and allows you to allow or block each one. Some apps cannot be set in this way including Gmail, Calendar, Google+, and Hangouts, but the rest simply require a tap to toggle the allow or block function.

Tesco Hudl2 Parental Controls on www.jasonslater.comWhen you start building up apps it can take a little time process them all and it would have been useful to be able to group apps. Grouping apps could have allowed mass allow/block and also time limits against particular groups of apps. I would also liked to have seen new apps blocked by default so they have to be manually unblocked by a parent. Hopefully, this kind of functionality will be available in a future version.

Overall, the Parental Controls feature on the hudl2 is a very useful starting point when considering giving an internet-connected device to children. The tools work hand in hand with other factors such as establishing boundaries with each child and educating them in online safety.

There are some improvements that hopefully will be made to the parental controls feature but hopefully this article provides a useful introduction to the tools currently available.

There are a number of online resources available which provides more information relating to child online safety, some of them include:

Fake: Booking.Com Reservation Confirmation Email

Fake Booking.com EmailBeware of fake Booking.com Reservation Confirmation Emails.

Now then, I like an away day as much as the next person. However, I do tend to like to book my own away days. So, imagine my surprise when I received an email from Booking.com confirmation a reservation for me at what looks like a rather swanky hotel spa.

The email reads “Your reservation number_NNNNNNN is now confirmed!. Thanks! Your reservation is now confirmed.” and includes a Booking number, PIN Code, and some weird email address. Details of the reservation follow, together with check-in and check-out times, together with what looks to me at least a rather hefty bill for over two thousand dollars.

Now gets the interesting part. The bottom of the email reads “You can easily change or cancel this booking for free before August 6 – 2013, to cancel or modify your reservation please complete the attached form and fax it to:” – Hang on – did that date say 2013!?

If you receive this email then do not click on the link to fill in the form. The email is a scam and rather than offer a form, as indicated, it downloads a rather nasty trojan horse containing a virus on to your computer.

What I find quite worrying about these emails is the advice from Booking.com under their FAQ headed “I received an email from Booking.com claiming to be from the place where I booked my stay. Why did I receive this message?”. Under this FAQ they state “Booking.com cannot be held liable for the content of the message. If you feel that the content of this message is inappropriate or contains spam, we ask that you report this information by clicking on the link located in the bottom right corner of the email.

I wouldn’t recommend clicking on any links in emails you suspect are inappropriate. Instead head to the website directly and look up their safety online section if they have one.

Upcoming Webcast: Patient Safety Benefits of Clinical Decision Support

An interesting live webcast from the Health Service Journal will be held tomorrow, 12th June 2013 at 12:30 PM GMT, “Patient Safety: The role and impact of clinical decision support”.

The details for the webcast say:

HSJ TV Live WebcastThe Francis Report has sharpened the focus on patient safety. There is a body of evidence to demonstrate that using information technology to provide clinicians with real time access to the most up-to-date evidence, guidance and protocols can significantly improve patient safety. This evidence base is international, coming from the US, Asia and Europe. So far, the NHS experience is under researched; yet never has there been a more pressing case to roll them out quickly.”

This HSJ webinar, sponsored by UpToDate, brings together an international panel of medical experts to offer their perspectives on the future of patient safety in the NHS.

To register for the live webcast head over to the Health Service Journal website.

Review: Fluke SocketMaster Advanced Professional Socket Tester

Fluke SM300 Socket TesterIn this review we will be taking a look at the Fluke SocketMaster Advanced Professional Socket Tester (SM300). The SM300 is a device which checks the wiring in your electrical outlets to ensure things are the way they are supposed to be (according to UK BS 1363 13 A).

Before plugging anything into electrical sockets, particularly expensive technology equipment, it is worthwhile conducting a quick electrical wiring check. This is additionally important if the socket has not been used for some time.

The Fluke SM300 performs a number of verification checks including polarity check, earth voltage test, and an additional RCD test (it performs the RCD test using a touchpad on the surface of the device and the test verifies that an RCD rated at 30mA will trip within 300ms when a nominal 30mA earth fault current is applied).

The Earth Voltage Test also uses a touchpad to detect earth voltages greater than 50V ac, relative to the tester, which would require further investigation.

Fluke SM300 Socket TesterTests are performed by simply plugging the device into a socket and if all is well the device will display three green lights and a confirmation buzz will be sounded. If anything other than this happens then there is a potential issue which should be investigated further.

Faults are reported through the three lights which show a number of faults including a missing neutral connection, missing earth, live fault, and live/earth reverse. The documentation with the device states that the SM300 complies with BS EN 61010 – “Safety requirements for electrical equipment for measurement, control, and laboratory use. General requirements.”

The SM300 is a simple yet effective device contained within a handy format and at just £33 (price checked 8th February 2012) the SM300 Tester is a useful addition to any technology toolkit. For more information head over to Farnell and check out the Fluke SM300 Tester.

Disclosure: This item was provided for review by Premier Farnell – Europe and was not required to be returned post review however the views and opinions expressed in this review are my own.0

What Is Akamai NetSession Interface?

Akamai NetSession Interface A curious application which you might notice installed on your Windows based computer is the “Akamai NetSession Interface” – and you may be wondering what it is and where it came from.

Well, first off, the application describes itself as “distributed networking software which greatly enhances the quality and speed of downloads and video streams you get from websites that support Akamai technology

In my case from what I can ascertain Akamai NetSession Interface was installed when I downloaded a trial of Adobe Flash CS4 last year and it was used as the download mechanism for delivering the application over the internet. Since uninstalling the trial application there was no notification that this application still exists (at least I didn’t see it) so it’s sitting around unnecessarily taking up space.

Removing it is simple enough using Add or Remove Programs and if you need more information about it sitting in your Control Panel there is an interesting, and pretty thorough, article over at Arthedio’s Studio so I won’t go over it here.

It does look as if this application is used for a variety of download management applications together with some video streaming so it’s worth making sure you really don’t need it before you uninstall it!

Further Reading and Resources

Akamai: Akamai NetSession Interface FAQ

Adobe: Set up Akamai Download Manager 2 for Adobe downloads

Arthedio’s Studio: Uninstalling Akamai Net Session Interface