Jump to content

Need some help scaring kids


soundguymike

Recommended Posts

Here is my situation.

I have been asked to help with a presentation on internet safety.

The age group is about 10-14.

Also this discusion will be done in a Lab with the kids on computers.

I do not want to do the usual pedobear is out to get you sort of talk. (Though will mention it to satisfy any parents in the room)

I would like to do a presentation centered more on information security.

What I mean is first nothing online is private.

everything online is permanent. (once the interwebs have a hold on something they don't let go.)

Don't do stupid things like posting to public i lost my phone facebook groups.

The things you do on the web today will effect your future.

My plan fire up cain and abel and monitor the lab (possible create a very basic phishing page for facebook)

Then do my pedobear is out to get you talk at which point all the kids get bored and start to login into email, myspace, facebook. And my machine sits there collecting passwords. After that show them I have all your passwords to prove the point that nothing you do on a computer is safe or secure

I hope you understand what I am going for and I am open up to suggestions.

Link to comment
Share on other sites

The best thing you can possibly do is explain that just becasue MySpace/Facebook/<insert web site> says it's keeping your information private, doesn't mean it actually is. Either by accident or intentionally. You should also attempt to make it clear that any thing they post on the Internet is on the Internet forever.

Link to comment
Share on other sites

I'm in agreement with stingwray, at that age they won't care about privacy or internet security. It's a rather wasted time since it'll be ignored anyway.

In my opinion, it would be a much better idea to be honest and explain that they probably shouldn't talk to strangers on the internet but the majority of the time they're perfectly safe.

The reality of it is, this is just like teaching kids about safety IRL. Don't talk to strangers, don't walk down dark alleys and you'll be fine.

Link to comment
Share on other sites

You could show how easy it is to sniff an msn conversation.

and how difficult it is to sniff a google talk conversation (gtalk uses SSL). You should make it clear that in both instances you are trusting a third party.

Link to comment
Share on other sites

Be careful with your demo's though. Don't just go grabbing/sniffing private content and passwords without permission. The kids won't like it and you'll alienate them, the parents won't like it and you're likely to end up in hot water.

Number on rule of all InfoSec engagements....C Y A

Cover Your Ass ;)

Link to comment
Share on other sites

Be careful with your demo's though. Don't just go grabbing/sniffing private content and passwords without permission. The kids won't like it and you'll alienate them, the parents won't like it and you're likely to end up in hot water.

Number on rule of all InfoSec engagements....C Y A

Cover Your Ass ;)

What he said.

I'd also echo stingwray's post too, I don't think it'll be too effective. There's no harm in giving it a shot anyway, it at least shows you're trying and if one kid gets the picture then it wasn't entirely pointless.

There's also a chance, however high or low, that it'll make kids think hacking is cool if you start sniffing passwords, I know from experience that kids are spiteful bastards and if they figure out how to get other peoples' passwords then they will, and they won't think too hard before using them either.

There's always the option of doing a little play, get a couple of kids (or teachers, or something) to act out what might happen if someone figures out where you live or if you agree to meet random strangers online or whatever, and how easy it is to figure out a lot about someone from a simple social networking account. You could also do a short play about someone phishing/MITMing a password and inviting one of your friends out without your knowledge and then show that just because someone said something on the internet it doesn't always mean that they are who they say they are.

If it stands any chance of working then you'll have to make it engaging and I don't think a MITM attack will necessarily accomplish that unless you make it look like a movie.

Link to comment
Share on other sites

@ loftrat and moonlit Very good point I think I will setup a friend as the Mark because the of that was to illistrate that most the time browsing is not secure. The only reason to sniff their packets was for the fear/surprise factor though I now feel that might not outweigh how upset people they would be.

I think I might change that to where I just use my mark and have him fill out a webpage while wireshark is running in the background and let them know this could be you if you have viruses on you machine or use a public wifi.

All of the kids already know not to trust people they don't know online. It has been very ground into them, that is why I want to try a new angle and cover some topics they do not usually get. Such as if you or a friend posts a picture of them in a school uniform I now know where they are mon-fri. I might do this by asking a volontere to so me his pics he has posted online and then analyze them.

I have to disagree and say that 10 -14 year olds are actually pretty bright. I work at an elementary school and would prefer to teach a 10-14 year olds about privacy than the teachers.

The real problem is not that they do not understand privacy but that they believe fitting in (doing what everyone else is doing) is more important then privacy.

Link to comment
Share on other sites

Just ask them who has a MySpace/Facebook/Bebo or whatever and then chose one of the ones who raises their hand and ask them their name. Then type their name into google, and show them how much information, pictures, etc. you can get them from just their name because of what they have posted.

Link to comment
Share on other sites

I have to disagree and say that 10 -14 year olds are actually pretty bright. I work at an elementary school and would prefer to teach a 10-14 year olds about privacy than the teachers.

No one is doubting that 10-14 year olds are not bright, however you can be the smartest individual in the world and not care about what you are being taught and you will learn nothing.

The majority will just see anything out of the ordinary as just a break from doing work and turn off.

The problem is greater than educating people in the use of the internet, there are too many bad applications and systems on the internet, that no matter how savvy you are, are still going to have problems with. To improve safety on the internet these systems need changing as well. Otherwise people will be taught to be safe and still can't be. A simple analogy being that you teach children to walk on the pavement (sidewalk for our american brethren) and then you don't give them a pavement on the road to walk on, forcing them to walk on the road. This is what the internet is basically like at the moment.

Support the cause for compulsory pavements on the internet!

Link to comment
Share on other sites

http://www.isafe.org/

it is what that site is all about.

Here is my situation.

I have been asked to help with a presentation on internet safety.

The age group is about 10-14.

Also this discusion will be done in a Lab with the kids on computers.

I do not want to do the usual pedobear is out to get you sort of talk. (Though will mention it to satisfy any parents in the room)

I would like to do a presentation centered more on information security.

What I mean is first nothing online is private.

everything online is permanent. (once the interwebs have a hold on something they don't let go.)

Don't do stupid things like posting to public i lost my phone facebook groups.

The things you do on the web today will effect your future.

My plan fire up cain and abel and monitor the lab (possible create a very basic phishing page for facebook)

Then do my pedobear is out to get you talk at which point all the kids get bored and start to login into email, myspace, facebook. And my machine sits there collecting passwords. After that show them I have all your passwords to prove the point that nothing you do on a computer is safe or secure

I hope you understand what I am going for and I am open up to suggestions.

Link to comment
Share on other sites

Sounds like a good idea with a worthy cause, I agree with others in here that you are going to get some of the class who decided to tune out but you are going to get that with any age group on just about any topic.

To somewhat avoid this the hands on demo approach would work really well, I like the idea of demoing sniffing the password however but on the flip side you don't want to be pointing young malicious turds into the right direction.

Info gathering via google was a great suggestion and I would through that into the pipe works. Also it may pay to do a basic overview of the privacy policy for profile websites such as myspaz, facefart etc etc. In most case's once you up load your image's they are no longer your own and belong to the site to do whatever they wish.

Dingle Also had an interesting posting in here about viewing private face book photo's, if you can get it working it may be worth demoing on a dummy facefart account.

Personally its a bit of a bitch of a subject to cover, especially when you are talking about mitigating such sniffing attacks like using SSL etc in a short time frame with no tech terms. Still its doable if you approach it the right way.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...