soundguymike Posted March 1, 2009 Share Posted March 1, 2009 Here is my situation. I have been asked to help with a presentation on internet safety. The age group is about 10-14. Also this discusion will be done in a Lab with the kids on computers. I do not want to do the usual pedobear is out to get you sort of talk. (Though will mention it to satisfy any parents in the room) I would like to do a presentation centered more on information security. What I mean is first nothing online is private. everything online is permanent. (once the interwebs have a hold on something they don't let go.) Don't do stupid things like posting to public i lost my phone facebook groups. The things you do on the web today will effect your future. My plan fire up cain and abel and monitor the lab (possible create a very basic phishing page for facebook) Then do my pedobear is out to get you talk at which point all the kids get bored and start to login into email, myspace, facebook. And my machine sits there collecting passwords. After that show them I have all your passwords to prove the point that nothing you do on a computer is safe or secure I hope you understand what I am going for and I am open up to suggestions. Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted March 1, 2009 Share Posted March 1, 2009 Sounds great to me. need a pedobear poster?? Quote Link to comment Share on other sites More sharing options...
stingwray Posted March 1, 2009 Share Posted March 1, 2009 They won't understand it, at that age they don't care and don't comprehend privacy. Quote Link to comment Share on other sites More sharing options...
markhimself Posted March 1, 2009 Share Posted March 1, 2009 dont tell them to write their own passwords, tell em to write different ones, or theyll get pissy Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 1, 2009 Share Posted March 1, 2009 The best thing you can possibly do is explain that just becasue MySpace/Facebook/<insert web site> says it's keeping your information private, doesn't mean it actually is. Either by accident or intentionally. You should also attempt to make it clear that any thing they post on the Internet is on the Internet forever. Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted March 1, 2009 Share Posted March 1, 2009 Maybe one approach would be to have them create an online persona that they can adopt for chat rooms etc... A persona with a bit of depth that is Quote Link to comment Share on other sites More sharing options...
soundguymike Posted March 1, 2009 Author Share Posted March 1, 2009 Thanks everyone @ Sparda wow! You just explained what I want to accomplish a whole lot more concise then I did. So if anybody has some good ideas on how to do that let me know. Quote Link to comment Share on other sites More sharing options...
JamesA Posted March 1, 2009 Share Posted March 1, 2009 I'm in agreement with stingwray, at that age they won't care about privacy or internet security. It's a rather wasted time since it'll be ignored anyway. In my opinion, it would be a much better idea to be honest and explain that they probably shouldn't talk to strangers on the internet but the majority of the time they're perfectly safe. The reality of it is, this is just like teaching kids about safety IRL. Don't talk to strangers, don't walk down dark alleys and you'll be fine. Quote Link to comment Share on other sites More sharing options...
ls Posted March 1, 2009 Share Posted March 1, 2009 You could show how easy it is to sniff an msn conversation. But I don't think they really care about privacy and security online. Quote Link to comment Share on other sites More sharing options...
Sparda Posted March 1, 2009 Share Posted March 1, 2009 You could show how easy it is to sniff an msn conversation. and how difficult it is to sniff a google talk conversation (gtalk uses SSL). You should make it clear that in both instances you are trusting a third party. Quote Link to comment Share on other sites More sharing options...
loftrat Posted March 1, 2009 Share Posted March 1, 2009 Be careful with your demo's though. Don't just go grabbing/sniffing private content and passwords without permission. The kids won't like it and you'll alienate them, the parents won't like it and you're likely to end up in hot water. Number on rule of all InfoSec engagements....C Y A Cover Your Ass ;) Quote Link to comment Share on other sites More sharing options...
Deags Posted March 1, 2009 Share Posted March 1, 2009 High tech black people can steal your bike using the internet! Quote Link to comment Share on other sites More sharing options...
moonlit Posted March 1, 2009 Share Posted March 1, 2009 Be careful with your demo's though. Don't just go grabbing/sniffing private content and passwords without permission. The kids won't like it and you'll alienate them, the parents won't like it and you're likely to end up in hot water. Number on rule of all InfoSec engagements....C Y A Cover Your Ass ;) What he said. I'd also echo stingwray's post too, I don't think it'll be too effective. There's no harm in giving it a shot anyway, it at least shows you're trying and if one kid gets the picture then it wasn't entirely pointless. There's also a chance, however high or low, that it'll make kids think hacking is cool if you start sniffing passwords, I know from experience that kids are spiteful bastards and if they figure out how to get other peoples' passwords then they will, and they won't think too hard before using them either. There's always the option of doing a little play, get a couple of kids (or teachers, or something) to act out what might happen if someone figures out where you live or if you agree to meet random strangers online or whatever, and how easy it is to figure out a lot about someone from a simple social networking account. You could also do a short play about someone phishing/MITMing a password and inviting one of your friends out without your knowledge and then show that just because someone said something on the internet it doesn't always mean that they are who they say they are. If it stands any chance of working then you'll have to make it engaging and I don't think a MITM attack will necessarily accomplish that unless you make it look like a movie. Quote Link to comment Share on other sites More sharing options...
wire Posted March 1, 2009 Share Posted March 1, 2009 The best advice I have is to practice your presentation beforehand. The kids will not have the patience to wait while you figure something out or ramble on. Quote Link to comment Share on other sites More sharing options...
soundguymike Posted March 1, 2009 Author Share Posted March 1, 2009 @ loftrat and moonlit Very good point I think I will setup a friend as the Mark because the of that was to illistrate that most the time browsing is not secure. The only reason to sniff their packets was for the fear/surprise factor though I now feel that might not outweigh how upset people they would be. I think I might change that to where I just use my mark and have him fill out a webpage while wireshark is running in the background and let them know this could be you if you have viruses on you machine or use a public wifi. All of the kids already know not to trust people they don't know online. It has been very ground into them, that is why I want to try a new angle and cover some topics they do not usually get. Such as if you or a friend posts a picture of them in a school uniform I now know where they are mon-fri. I might do this by asking a volontere to so me his pics he has posted online and then analyze them. I have to disagree and say that 10 -14 year olds are actually pretty bright. I work at an elementary school and would prefer to teach a 10-14 year olds about privacy than the teachers. The real problem is not that they do not understand privacy but that they believe fitting in (doing what everyone else is doing) is more important then privacy. Quote Link to comment Share on other sites More sharing options...
dr0p Posted March 1, 2009 Share Posted March 1, 2009 Just ask them who has a MySpace/Facebook/Bebo or whatever and then chose one of the ones who raises their hand and ask them their name. Then type their name into google, and show them how much information, pictures, etc. you can get them from just their name because of what they have posted. Quote Link to comment Share on other sites More sharing options...
stingwray Posted March 1, 2009 Share Posted March 1, 2009 I have to disagree and say that 10 -14 year olds are actually pretty bright. I work at an elementary school and would prefer to teach a 10-14 year olds about privacy than the teachers. No one is doubting that 10-14 year olds are not bright, however you can be the smartest individual in the world and not care about what you are being taught and you will learn nothing. The majority will just see anything out of the ordinary as just a break from doing work and turn off. The problem is greater than educating people in the use of the internet, there are too many bad applications and systems on the internet, that no matter how savvy you are, are still going to have problems with. To improve safety on the internet these systems need changing as well. Otherwise people will be taught to be safe and still can't be. A simple analogy being that you teach children to walk on the pavement (sidewalk for our american brethren) and then you don't give them a pavement on the road to walk on, forcing them to walk on the road. This is what the internet is basically like at the moment. Support the cause for compulsory pavements on the internet! Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted March 2, 2009 Share Posted March 2, 2009 I fully agree. I hope that someone may have thought a few of these things up with IPV6... Quote Link to comment Share on other sites More sharing options...
manuel Posted March 2, 2009 Share Posted March 2, 2009 http://www.isafe.org/ it is what that site is all about. Here is my situation. I have been asked to help with a presentation on internet safety. The age group is about 10-14. Also this discusion will be done in a Lab with the kids on computers. I do not want to do the usual pedobear is out to get you sort of talk. (Though will mention it to satisfy any parents in the room) I would like to do a presentation centered more on information security. What I mean is first nothing online is private. everything online is permanent. (once the interwebs have a hold on something they don't let go.) Don't do stupid things like posting to public i lost my phone facebook groups. The things you do on the web today will effect your future. My plan fire up cain and abel and monitor the lab (possible create a very basic phishing page for facebook) Then do my pedobear is out to get you talk at which point all the kids get bored and start to login into email, myspace, facebook. And my machine sits there collecting passwords. After that show them I have all your passwords to prove the point that nothing you do on a computer is safe or secure I hope you understand what I am going for and I am open up to suggestions. Quote Link to comment Share on other sites More sharing options...
shonen Posted March 2, 2009 Share Posted March 2, 2009 Sounds like a good idea with a worthy cause, I agree with others in here that you are going to get some of the class who decided to tune out but you are going to get that with any age group on just about any topic. To somewhat avoid this the hands on demo approach would work really well, I like the idea of demoing sniffing the password however but on the flip side you don't want to be pointing young malicious turds into the right direction. Info gathering via google was a great suggestion and I would through that into the pipe works. Also it may pay to do a basic overview of the privacy policy for profile websites such as myspaz, facefart etc etc. In most case's once you up load your image's they are no longer your own and belong to the site to do whatever they wish. Dingle Also had an interesting posting in here about viewing private face book photo's, if you can get it working it may be worth demoing on a dummy facefart account. Personally its a bit of a bitch of a subject to cover, especially when you are talking about mitigating such sniffing attacks like using SSL etc in a short time frame with no tech terms. Still its doable if you approach it the right way. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.